diff --git a/go.mod b/go.mod index e4bae62acf932..0c3a1f4ac8d22 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1 - github.com/aws/aws-sdk-go v1.44.298 + github.com/aws/aws-sdk-go v1.49.24 github.com/blang/semver/v4 v4.0.0 github.com/cert-manager/cert-manager v1.12.1 github.com/digitalocean/godo v1.99.0 diff --git a/go.sum b/go.sum index e0290abeae531..5ba766e8940af 100644 --- a/go.sum +++ b/go.sum @@ -124,8 +124,8 @@ github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1 h1:DmxtwV+pkakkVRhxKcAgnLbxCxvT7k8DBG271dfKPZ8= github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1/go.mod h1:AEJrtkLkCkfIBIazidrVrgZqaXl+9dxI/wRgjdw+7G0= -github.com/aws/aws-sdk-go v1.44.298 h1:5qTxdubgV7PptZJmp/2qDwD2JL187ePL7VOxsSh1i3g= -github.com/aws/aws-sdk-go v1.44.298/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.49.24 h1:2ekq9ZvaoB2aRbTDfARzgVGUBB9N8XD2QYhFmTBlp+c= +github.com/aws/aws-sdk-go v1.49.24/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -867,7 +867,6 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= @@ -977,14 +976,12 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= diff --git a/tests/e2e/go.mod b/tests/e2e/go.mod index e7cde38343432..f9487623a5050 100644 --- a/tests/e2e/go.mod +++ b/tests/e2e/go.mod @@ -35,7 +35,7 @@ require ( github.com/StackExchange/wmi v1.2.1 // indirect github.com/acomagu/bufpipe v1.0.3 // indirect github.com/apparentlymart/go-cidr v1.1.0 // indirect - github.com/aws/aws-sdk-go v1.44.298 // indirect + github.com/aws/aws-sdk-go v1.49.24 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect diff --git a/tests/e2e/go.sum b/tests/e2e/go.sum index 036a0ce62d6be..8537c264625de 100644 --- a/tests/e2e/go.sum +++ b/tests/e2e/go.sum @@ -305,8 +305,8 @@ github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.37.22/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.44.298 h1:5qTxdubgV7PptZJmp/2qDwD2JL187ePL7VOxsSh1i3g= -github.com/aws/aws-sdk-go v1.44.298/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.49.24 h1:2ekq9ZvaoB2aRbTDfARzgVGUBB9N8XD2QYhFmTBlp+c= +github.com/aws/aws-sdk-go v1.49.24/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/bazelbuild/buildtools v0.0.0-20190917191645-69366ca98f89/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU= github.com/bazelbuild/buildtools v0.0.0-20200922170545-10384511ce98/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU= @@ -2209,7 +2209,6 @@ golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2387,14 +2386,12 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2409,7 +2406,6 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go index 776e31b21d655..c483e0cb8e6b1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go @@ -442,6 +442,17 @@ func (c *Config) WithUseDualStack(enable bool) *Config { return c } +// WithUseFIPSEndpoint sets a config UseFIPSEndpoint value returning a Config +// pointer for chaining. +func (c *Config) WithUseFIPSEndpoint(enable bool) *Config { + if enable { + c.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled + } else { + c.UseFIPSEndpoint = endpoints.FIPSEndpointStateDisabled + } + return c +} + // WithEC2MetadataDisableTimeoutOverride sets a config EC2MetadataDisableTimeoutOverride value // returning a Config pointer for chaining. func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go new file mode 100644 index 0000000000000..140242dd1b8d4 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go @@ -0,0 +1,4 @@ +// DO NOT EDIT +package corehandlers + +const isAwsInternal = "" \ No newline at end of file diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go index ab69c7a6f3889..ac842c55d89e9 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go @@ -35,3 +35,13 @@ var AddHostExecEnvUserAgentHander = request.NamedHandler{ request.AddToUserAgent(r, execEnvUAKey+"/"+v) }, } + +var AddAwsInternal = request.NamedHandler{ + Name: "core.AddAwsInternal", + Fn: func(r *request.Request) { + if len(isAwsInternal) == 0 { + return + } + request.AddToUserAgent(r, isAwsInternal) + }, +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go index 785f30d8e6c39..329f788a38ae3 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go @@ -31,6 +31,8 @@ package endpointcreds import ( "encoding/json" + "fmt" + "strings" "time" "github.com/aws/aws-sdk-go/aws" @@ -69,7 +71,37 @@ type Provider struct { // Optional authorization token value if set will be used as the value of // the Authorization header of the endpoint credential request. + // + // When constructed from environment, the provider will use the value of + // AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token + // + // Will be overridden if AuthorizationTokenProvider is configured AuthorizationToken string + + // Optional auth provider func to dynamically load the auth token from a file + // everytime a credential is retrieved + // + // When constructed from environment, the provider will read and use the content + // of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable + // as the auth token everytime credentials are retrieved + // + // Will override AuthorizationToken if configured + AuthorizationTokenProvider AuthTokenProvider +} + +// AuthTokenProvider defines an interface to dynamically load a value to be passed +// for the Authorization header of a credentials request. +type AuthTokenProvider interface { + GetToken() (string, error) +} + +// TokenProviderFunc is a func type implementing AuthTokenProvider interface +// and enables customizing token provider behavior +type TokenProviderFunc func() (string, error) + +// GetToken func retrieves auth token according to TokenProviderFunc implementation +func (p TokenProviderFunc) GetToken() (string, error) { + return p() } // NewProviderClient returns a credentials Provider for retrieving AWS credentials @@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error req := p.Client.NewRequest(op, nil, out) req.SetContext(ctx) req.HTTPRequest.Header.Set("Accept", "application/json") - if authToken := p.AuthorizationToken; len(authToken) != 0 { + + authToken := p.AuthorizationToken + var err error + if p.AuthorizationTokenProvider != nil { + authToken, err = p.AuthorizationTokenProvider.GetToken() + if err != nil { + return nil, fmt.Errorf("get authorization token: %v", err) + } + } + + if strings.ContainsAny(authToken, "\r\n") { + return nil, fmt.Errorf("authorization token contains invalid newline sequence") + } + if len(authToken) != 0 { req.HTTPRequest.Header.Set("Authorization", authToken) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go index 7562cd013506b..3388b78b4f474 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go @@ -111,6 +111,15 @@ func (p *SSOTokenProvider) refreshToken(token cachedToken) (cachedToken, error) if err != nil { return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err) } + if createResult.ExpiresIn == nil { + return cachedToken{}, fmt.Errorf("missing required field ExpiresIn") + } + if createResult.AccessToken == nil { + return cachedToken{}, fmt.Errorf("missing required field AccessToken") + } + if createResult.RefreshToken == nil { + return cachedToken{}, fmt.Errorf("missing required field RefreshToken") + } expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go index 23bb639e01867..1ba80b5760960 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go @@ -9,6 +9,7 @@ package defaults import ( "fmt" + "io/ioutil" "net" "net/http" "net/url" @@ -74,6 +75,7 @@ func Handlers() request.Handlers { handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler) handlers.Validate.AfterEachFn = request.HandlerListStopOnError handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler) + handlers.Build.PushBackNamed(corehandlers.AddAwsInternal) handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander) handlers.Build.AfterEachFn = request.HandlerListStopOnError handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler) @@ -114,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro const ( httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN" + httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE" httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" ) +// direct representation of the IPv4 address for the ECS container +// "169.254.170.2" +var ecsContainerIPv4 net.IP = []byte{ + 169, 254, 170, 2, +} + +// direct representation of the IPv4 address for the EKS container +// "169.254.170.23" +var eksContainerIPv4 net.IP = []byte{ + 169, 254, 170, 23, +} + +// direct representation of the IPv6 address for the EKS container +// "fd00:ec2::23" +var eksContainerIPv6 net.IP = []byte{ + 0xFD, 0, 0xE, 0xC2, + 0, 0, 0, 0, + 0, 0, 0, 0, + 0, 0, 0, 0x23, +} + // RemoteCredProvider returns a credentials provider for the default remote // endpoints such as EC2 or ECS Roles. func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider { @@ -134,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P var lookupHostFn = net.LookupHost -func isLoopbackHost(host string) (bool, error) { - ip := net.ParseIP(host) - if ip != nil { - return ip.IsLoopback(), nil +// isAllowedHost allows host to be loopback or known ECS/EKS container IPs +// +// host can either be an IP address OR an unresolved hostname - resolution will +// be automatically performed in the latter case +func isAllowedHost(host string) (bool, error) { + if ip := net.ParseIP(host); ip != nil { + return isIPAllowed(ip), nil } - // Host is not an ip, perform lookup addrs, err := lookupHostFn(host) if err != nil { return false, err } + for _, addr := range addrs { - if !net.ParseIP(addr).IsLoopback() { + if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) { return false, nil } } @@ -154,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) { return true, nil } +func isIPAllowed(ip net.IP) bool { + return ip.IsLoopback() || + ip.Equal(ecsContainerIPv4) || + ip.Equal(eksContainerIPv4) || + ip.Equal(eksContainerIPv6) +} + func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider { var errMsg string @@ -164,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) host := aws.URLHostname(parsed) if len(host) == 0 { errMsg = "unable to parse host from local HTTP cred provider URL" - } else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil { - errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr) - } else if !isLoopback { - errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host) + } else if parsed.Scheme == "http" { + if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil { + errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr) + } else if !isAllowedHost { + errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host) + } } } @@ -189,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede func(p *endpointcreds.Provider) { p.ExpiryWindow = 5 * time.Minute p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar) + if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" { + p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) { + if contents, err := ioutil.ReadFile(authFilePath); err != nil { + return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err) + } else { + return string(contents), nil + } + }) + } }, ) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go index 604aeffdeb4ea..f1f9ba4ec5876 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go @@ -2,6 +2,7 @@ package ec2metadata import ( "fmt" + "github.com/aws/aws-sdk-go/aws" "net/http" "sync/atomic" "time" @@ -65,7 +66,9 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) { switch requestFailureError.StatusCode() { case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed: atomic.StoreUint32(&t.disabled, 1) - t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError)) + if t.client.Config.LogLevel.Matches(aws.LogDebugWithDeprecated) { + t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError)) + } case http.StatusBadRequest: r.Error = requestFailureError } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 8b35bfb89cd95..146fdbd905ba9 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -31,6 +31,7 @@ const ( ApSoutheast3RegionID = "ap-southeast-3" // Asia Pacific (Jakarta). ApSoutheast4RegionID = "ap-southeast-4" // Asia Pacific (Melbourne). CaCentral1RegionID = "ca-central-1" // Canada (Central). + CaWest1RegionID = "ca-west-1" // Canada West (Calgary). EuCentral1RegionID = "eu-central-1" // Europe (Frankfurt). EuCentral2RegionID = "eu-central-2" // Europe (Zurich). EuNorth1RegionID = "eu-north-1" // Europe (Stockholm). @@ -39,6 +40,7 @@ const ( EuWest1RegionID = "eu-west-1" // Europe (Ireland). EuWest2RegionID = "eu-west-2" // Europe (London). EuWest3RegionID = "eu-west-3" // Europe (Paris). + IlCentral1RegionID = "il-central-1" // Israel (Tel Aviv). MeCentral1RegionID = "me-central-1" // Middle East (UAE). MeSouth1RegionID = "me-south-1" // Middle East (Bahrain). SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). @@ -117,7 +119,7 @@ var awsPartition = partition{ DNSSuffix: "amazonaws.com", RegionRegex: regionRegex{ Regexp: func() *regexp.Regexp { - reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$") + reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$") return reg }(), }, @@ -189,6 +191,9 @@ var awsPartition = partition{ "ca-central-1": region{ Description: "Canada (Central)", }, + "ca-west-1": region{ + Description: "Canada West (Calgary)", + }, "eu-central-1": region{ Description: "Europe (Frankfurt)", }, @@ -213,6 +218,9 @@ var awsPartition = partition{ "eu-west-3": region{ Description: "Europe (Paris)", }, + "il-central-1": region{ + Description: "Israel (Tel Aviv)", + }, "me-central-1": region{ Description: "Middle East (UAE)", }, @@ -287,6 +295,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -356,6 +367,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -470,6 +484,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "acm-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -494,6 +526,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -695,6 +730,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -742,6 +780,13 @@ var awsPartition = partition{ }, }, }, + "agreement-marketplace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, "airflow": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -1027,6 +1072,21 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -1045,6 +1105,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -1231,6 +1294,14 @@ var awsPartition = partition{ Region: "ca-central-1", }, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "api.ecr.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, endpointKey{ Region: "dkr-us-east-1", }: endpoint{ @@ -1439,6 +1510,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "api.ecr.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-central-1", }: endpoint{ @@ -1794,6 +1873,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -1803,12 +1888,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -1832,6 +1932,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -1883,6 +1986,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -1907,6 +2013,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -2179,193 +2288,14 @@ var awsPartition = partition{ Hostname: "apigateway-fips.ca-central-1.amazonaws.com", }, endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-central-2", - }: endpoint{}, - endpointKey{ - Region: "eu-north-1", - }: endpoint{}, - endpointKey{ - Region: "eu-south-1", - }: endpoint{}, - endpointKey{ - Region: "eu-south-2", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-2", - }: endpoint{}, - endpointKey{ - Region: "eu-west-3", - }: endpoint{}, - endpointKey{ - Region: "fips-ca-central-1", - }: endpoint{ - Hostname: "apigateway-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-east-1", - }: endpoint{ - Hostname: "apigateway-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-east-2", - }: endpoint{ - Hostname: "apigateway-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-1", - }: endpoint{ - Hostname: "apigateway-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-2", - }: endpoint{ - Hostname: "apigateway-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "me-central-1", - }: endpoint{}, - endpointKey{ - Region: "me-south-1", - }: endpoint{}, - endpointKey{ - Region: "sa-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "apigateway-fips.us-east-1.amazonaws.com", - }, - endpointKey{ - Region: "us-east-2", + Region: "ca-west-1", }: endpoint{}, endpointKey{ - Region: "us-east-2", + Region: "ca-west-1", Variant: fipsVariant, }: endpoint{ - Hostname: "apigateway-fips.us-east-2.amazonaws.com", + Hostname: "apigateway-fips.ca-west-1.amazonaws.com", }, - endpointKey{ - Region: "us-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-west-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "apigateway-fips.us-west-1.amazonaws.com", - }, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "apigateway-fips.us-west-2.amazonaws.com", - }, - }, - }, - "app-integrations": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "af-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "ca-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-2", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - }, - }, - "appconfig": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "af-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-east-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-3", - }: endpoint{}, - endpointKey{ - Region: "ap-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-south-2", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-3", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-4", - }: endpoint{}, - endpointKey{ - Region: "ca-central-1", - }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -2390,6 +2320,212 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "apigateway-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "apigateway-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "apigateway-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "apigateway-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "apigateway-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "apigateway-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.us-west-2.amazonaws.com", + }, + }, + }, + "app-integrations": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "appconfig": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -2451,6 +2587,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -2475,6 +2614,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -2533,21 +2675,81 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "appflow-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "appflow-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "appflow-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "appflow-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-west-2.amazonaws.com", + }, }, }, "application-autoscaling": service{ @@ -2593,6 +2795,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -2617,6 +2822,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -2660,6 +2868,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -2675,12 +2886,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -2690,6 +2907,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -2877,6 +3097,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "appmesh.eu-west-3.api.aws", }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.il-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -3022,6 +3251,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3034,6 +3266,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -3351,6 +3589,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -3375,6 +3616,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -3454,6 +3698,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena.ap-south-1.api.aws", }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-south-2.api.aws", + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3481,6 +3734,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena.ap-southeast-3.api.aws", }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-southeast-4.api.aws", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -3499,6 +3761,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena.eu-central-1.api.aws", }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-central-2.api.aws", + }, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -3517,6 +3788,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena.eu-south-1.api.aws", }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-south-2.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -3580,6 +3860,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -3776,6 +4065,21 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -3800,6 +4104,63 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "autoscaling-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -3812,15 +4173,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", + }, }, }, "autoscaling-plans": service{ @@ -3960,6 +4345,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4181,6 +4569,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -4241,6 +4632,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4288,6 +4682,137 @@ var awsPartition = partition{ }, }, }, + "bedrock": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "bedrock-ap-northeast-1", + }: endpoint{ + Hostname: "bedrock.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "bedrock-ap-southeast-1", + }: endpoint{ + Hostname: "bedrock.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "bedrock-eu-central-1", + }: endpoint{ + Hostname: "bedrock.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "bedrock-fips-us-east-1", + }: endpoint{ + Hostname: "bedrock-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-fips-us-west-2", + }: endpoint{ + Hostname: "bedrock-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-runtime-ap-northeast-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-ap-southeast-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-eu-central-1", + }: endpoint{ + Hostname: "bedrock-runtime.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-fips-us-east-1", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-fips-us-west-2", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-runtime-us-east-1", + }: endpoint{ + Hostname: "bedrock-runtime.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-us-west-2", + }: endpoint{ + Hostname: "bedrock-runtime.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-us-east-1", + }: endpoint{ + Hostname: "bedrock.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-us-west-2", + }: endpoint{ + Hostname: "bedrock.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "billingconductor": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, @@ -4590,6 +5115,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -4654,6 +5182,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "cloudcontrolapi-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -4687,6 +5224,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -4723,6 +5269,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4839,6 +5388,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -4863,6 +5415,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4995,6 +5550,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -5028,6 +5586,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5123,6 +5684,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -5183,6 +5747,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5405,6 +5972,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5576,6 +6146,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5697,6 +6270,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -5721,6 +6297,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5852,15 +6431,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -5882,6 +6473,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -5936,6 +6530,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -6138,12 +6738,18 @@ var awsPartition = partition{ }, "cognito-identity": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -6153,6 +6759,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -6210,6 +6819,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -6256,12 +6868,18 @@ var awsPartition = partition{ }, "cognito-idp": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -6271,6 +6889,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -6328,6 +6949,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -6619,6 +7243,14 @@ var awsPartition = partition{ Region: "ap-south-1", }, }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "compute-optimizer.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{ @@ -6635,6 +7267,22 @@ var awsPartition = partition{ Region: "ap-southeast-2", }, }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -6651,6 +7299,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -6667,6 +7323,14 @@ var awsPartition = partition{ Region: "eu-south-1", }, }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -6691,6 +7355,22 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "compute-optimizer.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "compute-optimizer.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -6779,6 +7459,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -6839,6 +7522,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -6958,6 +7644,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, @@ -7007,6 +7696,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, @@ -7047,6 +7742,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -7056,6 +7754,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -7077,12 +7778,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -7092,6 +7799,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -7172,6 +7885,18 @@ var awsPartition = partition{ }, }, }, + "cost-optimization-hub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "cost-optimization-hub.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, "cur": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -7708,6 +8433,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "datasync-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -7741,6 +8475,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "datasync-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -7777,6 +8520,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -7824,6 +8570,190 @@ var awsPartition = partition{ }, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "datazone.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "datazone.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "datazone.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "datazone.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "datazone.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "datazone.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "datazone.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "datazone.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "datazone.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "datazone.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "datazone.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "datazone.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "datazone.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "datazone.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "datazone.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "datazone.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "datazone.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "datazone.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "datazone.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "datazone.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "datazone.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "datazone.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "datazone.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "datazone.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "datazone.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "datazone.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "datazone.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "datazone.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "datazone.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-west-2.amazonaws.com", + }, + }, + }, "dax": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -8044,6 +8974,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -8104,6 +9037,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -8196,6 +9132,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -8211,6 +9150,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -8235,6 +9177,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -8296,6 +9241,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "dms", }: endpoint{ @@ -8347,6 +9295,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -8566,6 +9517,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -8575,18 +9529,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -8596,6 +9559,48 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "drs-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "drs-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "drs-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "drs-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -8605,15 +9610,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-west-2.amazonaws.com", + }, }, }, "ds": service{ @@ -8660,6 +9689,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "ds-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -8693,6 +9731,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ds-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -8729,6 +9776,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -8834,6 +9884,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "dynamodb-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -8858,6 +9926,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "local", }: endpoint{ @@ -8994,6 +10065,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "ebs-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ebs-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -9027,6 +10107,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ebs-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -9063,6 +10152,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -9240,6 +10332,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -9349,6 +10444,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -9409,6 +10507,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -9527,6 +10628,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -9587,6 +10691,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -9634,6 +10741,166 @@ var awsPartition = partition{ }, }, }, + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "eks-auth.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "eks-auth.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "eks-auth.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "eks-auth.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "eks-auth.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "eks-auth.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "eks-auth.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "eks-auth.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "eks-auth.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "eks-auth.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "eks-auth.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "eks-auth.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "eks-auth.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "eks-auth.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "eks-auth.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "eks-auth.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "eks-auth.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "eks-auth.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "eks-auth.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "eks-auth.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "eks-auth.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "eks-auth.us-west-2.api.aws", + }, + }, + }, "elasticache": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -9672,6 +10939,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -9705,6 +10975,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -9874,6 +11147,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -10280,6 +11556,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-me-central-1", }: endpoint{ @@ -10343,6 +11628,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.il-central-1.amazonaws.com", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -10451,6 +11745,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -10511,6 +11808,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -10608,6 +11908,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{ @@ -10643,6 +11952,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "elasticmapreduce-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -10679,6 +11997,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -10703,6 +12024,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2", Variant: fipsVariant, @@ -10786,6 +12113,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -10804,6 +12137,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "email-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -10813,6 +12155,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "email-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "email-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-west-2", }: endpoint{ @@ -10822,6 +12182,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -10840,9 +12203,21 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -10856,6 +12231,9 @@ var awsPartition = partition{ }, "emr-containers": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -10865,6 +12243,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -10874,6 +12255,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -10889,6 +12273,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -10943,6 +12330,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -10989,6 +12379,9 @@ var awsPartition = partition{ }, "emr-serverless": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -10998,6 +12391,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -11007,6 +12403,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11022,6 +12421,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -11076,6 +12478,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -11139,63 +12544,192 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.af-south-1.api.aws", + }, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-east-1.api.aws", + }, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-1.api.aws", + }, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-2.api.aws", + }, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-3.api.aws", + }, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-south-1.api.aws", + }, endpointKey{ Region: "ap-south-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-south-2.api.aws", + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-1.api.aws", + }, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-2.api.aws", + }, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-3.api.aws", + }, endpointKey{ Region: "ap-southeast-4", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-4.api.aws", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ca-west-1.api.aws", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-central-1.api.aws", + }, endpointKey{ Region: "eu-central-2", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-central-2.api.aws", + }, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-north-1.api.aws", + }, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-south-1.api.aws", + }, endpointKey{ Region: "eu-south-2", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-south-2.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-1.api.aws", + }, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-2.api.aws", + }, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-3.api.aws", + }, endpointKey{ Region: "fips", }: endpoint{ @@ -11205,18 +12739,51 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.me-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.me-south-1.api.aws", + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.sa-east-1.api.aws", + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-1", Variant: fipsVariant, @@ -11235,6 +12802,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2", Variant: fipsVariant, @@ -11253,6 +12826,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-west-1.api.aws", + }, endpointKey{ Region: "us-west-1", Variant: fipsVariant, @@ -11271,6 +12850,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-west-2.api.aws", + }, endpointKey{ Region: "us-west-2", Variant: fipsVariant, @@ -11327,236 +12912,260 @@ var awsPartition = partition{ Region: "ca-central-1", }: endpoint{}, endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-central-2", - }: endpoint{}, - endpointKey{ - Region: "eu-north-1", - }: endpoint{}, - endpointKey{ - Region: "eu-south-1", - }: endpoint{}, - endpointKey{ - Region: "eu-south-2", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-2", - }: endpoint{}, - endpointKey{ - Region: "eu-west-3", - }: endpoint{}, - endpointKey{ - Region: "fips-us-east-1", - }: endpoint{ - Hostname: "events-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-east-2", - }: endpoint{ - Hostname: "events-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-1", - }: endpoint{ - Hostname: "events-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-2", - }: endpoint{ - Hostname: "events-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "me-central-1", - }: endpoint{}, - endpointKey{ - Region: "me-south-1", - }: endpoint{}, - endpointKey{ - Region: "sa-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "events-fips.us-east-1.amazonaws.com", - }, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "events-fips.us-east-2.amazonaws.com", - }, - endpointKey{ - Region: "us-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-west-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "events-fips.us-west-1.amazonaws.com", - }, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "events-fips.us-west-2.amazonaws.com", - }, - }, - }, - "evidently": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{ - Hostname: "evidently.ap-northeast-1.amazonaws.com", - }, - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{ - Hostname: "evidently.ap-southeast-1.amazonaws.com", - }, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{ - Hostname: "evidently.ap-southeast-2.amazonaws.com", - }, - endpointKey{ - Region: "eu-central-1", - }: endpoint{ - Hostname: "evidently.eu-central-1.amazonaws.com", - }, - endpointKey{ - Region: "eu-north-1", - }: endpoint{ - Hostname: "evidently.eu-north-1.amazonaws.com", - }, - endpointKey{ - Region: "eu-west-1", - }: endpoint{ - Hostname: "evidently.eu-west-1.amazonaws.com", - }, - endpointKey{ - Region: "us-east-1", - }: endpoint{ - Hostname: "evidently.us-east-1.amazonaws.com", - }, - endpointKey{ - Region: "us-east-2", - }: endpoint{ - Hostname: "evidently.us-east-2.amazonaws.com", - }, - endpointKey{ - Region: "us-west-2", - }: endpoint{ - Hostname: "evidently.us-west-2.amazonaws.com", - }, - }, - }, - "finspace": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ca-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - }, - }, - "finspace-api": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ca-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - }, - }, - "firehose": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "af-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-east-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-3", - }: endpoint{}, - endpointKey{ - Region: "ap-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-south-2", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-3", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-4", - }: endpoint{}, - endpointKey{ - Region: "ca-central-1", + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "events-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "events-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "events-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "events-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events-fips.us-west-2.amazonaws.com", + }, + }, + }, + "evidently": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "evidently.ap-northeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "evidently.ap-southeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "evidently.ap-southeast-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "evidently.eu-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "evidently.eu-north-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "evidently.eu-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "evidently.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "evidently.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "evidently.us-west-2.amazonaws.com", + }, + }, + }, + "finspace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "finspace-api": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "firehose": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", @@ -11618,6 +13227,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -11981,6 +13593,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -12378,6 +13993,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -12582,16 +14200,6 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "gamesparks": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - }, - }, "geo": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -12805,6 +14413,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -12814,6 +14425,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -12877,6 +14491,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -13267,6 +14884,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -13514,6 +15134,9 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -13535,12 +15158,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -13556,6 +15185,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -13565,6 +15203,9 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -13794,6 +15435,9 @@ var awsPartition = partition{ }, "inspector2": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -13803,6 +15447,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -13812,12 +15459,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -13833,6 +15486,42 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "inspector2-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "inspector2-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "inspector2-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "inspector2-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -13842,15 +15531,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-west-2.amazonaws.com", + }, }, }, "internetmonitor": service{ @@ -13886,11 +15599,21 @@ var awsPartition = partition{ }: endpoint{ Hostname: "internetmonitor.ap-northeast-2.api.aws", }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "internetmonitor.ap-northeast-3.api.aws", + }, endpointKey{ Region: "ap-south-1", }: endpoint{ Hostname: "internetmonitor.ap-south-1.api.aws", }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "internetmonitor.ap-south-2.api.aws", + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{ @@ -13901,16 +15624,42 @@ var awsPartition = partition{ }: endpoint{ Hostname: "internetmonitor.ap-southeast-2.api.aws", }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-4.api.aws", + }, endpointKey{ Region: "ca-central-1", }: endpoint{ Hostname: "internetmonitor.ca-central-1.api.aws", }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "internetmonitor.ca-west-1.api.aws", + }, endpointKey{ Region: "eu-central-1", }: endpoint{ Hostname: "internetmonitor.eu-central-1.api.aws", }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "internetmonitor.eu-central-2.api.aws", + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -13921,6 +15670,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "internetmonitor.eu-south-1.api.aws", }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "internetmonitor.eu-south-2.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -13936,6 +15690,16 @@ var awsPartition = partition{ }: endpoint{ Hostname: "internetmonitor.eu-west-3.api.aws", }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "internetmonitor.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "internetmonitor.me-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -13951,21 +15715,45 @@ var awsPartition = partition{ }: endpoint{ Hostname: "internetmonitor.us-east-1.api.aws", }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{ Hostname: "internetmonitor.us-east-2.api.aws", }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{ Hostname: "internetmonitor.us-west-1.api.aws", }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{ Hostname: "internetmonitor.us-west-2.api.aws", }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.us-west-2.amazonaws.com", + }, }, }, "iot": service{ @@ -14683,18 +16471,203 @@ var awsPartition = partition{ }, "iottwinmaker": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "api-ap-northeast-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "api-ap-northeast-2", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "api-ap-south-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "api-ap-southeast-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "api-ap-southeast-2", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "api-eu-central-1", + }: endpoint{ + Hostname: "api.iottwinmaker.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "api-eu-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "api-us-east-1", + }: endpoint{ + Hostname: "api.iottwinmaker.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "api-us-west-2", + }: endpoint{ + Hostname: "api.iottwinmaker.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "data-ap-northeast-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "data-ap-northeast-2", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "data-ap-south-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "data-ap-southeast-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "data-ap-southeast-2", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "data-eu-central-1", + }: endpoint{ + Hostname: "data.iottwinmaker.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "data-eu-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "data-us-east-1", + }: endpoint{ + Hostname: "data.iottwinmaker.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "data-us-west-2", + }: endpoint{ + Hostname: "data.iottwinmaker.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "fips-api-us-east-1", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-api-us-west-2", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "fips-data-us-east-1", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-data-us-west-2", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -14965,6 +16938,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -15222,6 +17198,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking-fips.ca-central-1.api.aws", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "kendra-ranking.ca-west-1.api.aws", + }, endpointKey{ Region: "eu-central-2", }: endpoint{ @@ -15252,6 +17233,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.eu-west-3.api.aws", }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "kendra-ranking.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{ @@ -15345,6 +17331,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -15405,6 +17394,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -15514,6 +17506,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -15816,6 +17811,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "kms-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -15960,6 +17973,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.il-central-1.amazonaws.com", + }, endpointKey{ Region: "il-central-1-fips", }: endpoint{ @@ -15967,6 +17989,7 @@ var awsPartition = partition{ CredentialScope: credentialScope{ Region: "il-central-1", }, + Deprecated: boxedTrue, }, endpointKey{ Region: "me-central-1", @@ -16116,6 +18139,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -16125,6 +18151,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -16188,6 +18217,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -16345,6 +18377,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "lambda.ca-central-1.api.aws", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ca-west-1.api.aws", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -16453,6 +18494,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -16562,6 +18612,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -16571,18 +18624,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -16628,6 +18690,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -16710,6 +18778,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -16770,6 +18841,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -16837,24 +18911,39 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -16900,6 +18989,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -17028,6 +19123,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -17088,6 +19186,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -17206,12 +19307,18 @@ var awsPartition = partition{ }, "m2": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -17231,6 +19338,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -17313,46 +19426,6 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "macie": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "fips-us-east-1", - }: endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-2", - }: endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", - }, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", - }, - }, - }, "macie2": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -17436,6 +19509,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -17502,6 +19578,13 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "managedblockchain-query": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, "marketplacecommerceanalytics": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -17569,15 +19652,24 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -17596,6 +19688,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -17624,6 +19719,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -17633,6 +19731,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -17842,6 +19943,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -17851,6 +19955,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -17891,6 +20001,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -17900,6 +20013,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -17940,6 +20059,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -17949,6 +20071,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -18014,12 +20142,33 @@ var awsPartition = partition{ }, "meetings-chime": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -18218,6 +20367,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -18279,6 +20431,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -18303,6 +20458,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -18449,6 +20607,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -18706,6 +20867,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -18766,6 +20930,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -18911,6 +21078,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -19232,6 +21402,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -19291,6 +21464,24 @@ var awsPartition = partition{ Region: "us-west-2", }, }, + endpointKey{ + Region: "aws-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "networkmanager-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "fips-aws-global", + }: endpoint{ + Hostname: "networkmanager-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, }, }, "nimble": service{ @@ -19368,6 +21559,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -19392,6 +21586,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -19505,6 +21702,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "oidc.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -19545,6 +21750,22 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "oidc.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "oidc.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -19647,6 +21868,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "omics.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "us-east-1", }: endpoint{ @@ -19800,12 +22029,21 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -19930,6 +22168,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -20113,6 +22357,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -20137,6 +22384,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -20319,6 +22569,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -20334,12 +22587,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -20586,6 +22845,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "portal.sso.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -20626,6 +22893,22 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "portal.sso.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "portal.sso.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -20817,6 +23100,166 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "qbusiness.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "qbusiness.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "qbusiness.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "qbusiness.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "qbusiness.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "qbusiness.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "qbusiness.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "qbusiness.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "qbusiness.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "qbusiness.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "qbusiness.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "qbusiness.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "qbusiness.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "qbusiness.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "qbusiness.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "qbusiness.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "qbusiness.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "qbusiness.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "qbusiness.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "qbusiness.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "qbusiness.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "qbusiness.us-west-2.api.aws", + }, + }, + }, "qldb": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -21007,6 +23450,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "ram-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -21040,6 +23492,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ram-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -21076,6 +23537,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -21167,6 +23631,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "rbin-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -21200,6 +23673,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "rbin-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -21236,6 +23718,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -21336,6 +23821,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "rds-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -21360,6 +23863,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -21375,6 +23881,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "rds-fips.ca-west-1", + }: endpoint{ + Hostname: "rds-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "rds-fips.us-east-1", }: endpoint{ @@ -21429,6 +23944,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "rds.ca-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "rds.us-east-1", }: endpoint{ @@ -21731,6 +24264,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "redshift-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -21764,6 +24306,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "redshift-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -21800,6 +24351,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -21940,6 +24494,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "rekognition-fips.ca-central-1", }: endpoint{ @@ -22226,6 +24783,16 @@ var awsPartition = partition{ }, }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "resource-explorer-2.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "resource-explorer-2.ap-east-1.api.aws", + }, endpointKey{ Region: "ap-northeast-1", }: endpoint{ @@ -22261,6 +24828,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.ap-southeast-2.api.aws", }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "resource-explorer-2.ap-southeast-3.api.aws", + }, endpointKey{ Region: "ap-southeast-4", }: endpoint{ @@ -22286,6 +24858,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.eu-north-1.api.aws", }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "resource-explorer-2.eu-south-1.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -22301,6 +24878,21 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.eu-west-3.api.aws", }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "resource-explorer-2.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "resource-explorer-2.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "resource-explorer-2.me-south-1.api.aws", + }, endpointKey{ Region: "sa-east-1", }: endpoint{ @@ -22366,6 +24958,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -22426,6 +25021,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -22518,6 +25116,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -22527,18 +25128,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -22548,6 +25158,48 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -22557,15 +25209,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-2.amazonaws.com", + }, }, }, "route53": service{ @@ -22662,6 +25338,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -22686,6 +25365,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -22899,6 +25581,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -22923,6 +25608,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -23173,6 +25861,27 @@ var awsPartition = partition{ }: endpoint{ Hostname: "s3-fips.dualstack.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -23258,6 +25967,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "s3-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -23294,6 +26012,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.il-central-1.amazonaws.com", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -23942,55 +26669,123 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -24021,40 +26816,87 @@ var awsPartition = partition{ Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, "sagemaker-geospatial": service{ @@ -24165,6 +27007,9 @@ var awsPartition = partition{ }, "schemas": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -24174,6 +27019,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -24183,15 +27031,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -24201,6 +27061,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -24259,157 +27125,288 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-4", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com", + + Deprecated: boxedTrue, }, endpointKey{ - Region: "ca-central-1-fips", + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-2", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-2", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, + Deprecated: boxedTrue, }, }, @@ -24452,6 +27449,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -24512,6 +27512,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -24567,6 +27570,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -24576,30 +27582,99 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "securitylake-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "securitylake-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "securitylake-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "securitylake-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake-fips.us-west-2.amazonaws.com", + }, }, }, "serverlessrepo": service{ @@ -24763,6 +27838,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -24866,6 +27944,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -24875,6 +27956,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -24884,15 +27968,24 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -24947,6 +28040,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -25003,7 +28099,7 @@ var awsPartition = partition{ Region: "af-south-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.af-south-1.amazonaws.com", + Hostname: "servicediscovery.af-south-1.api.aws", }, endpointKey{ Region: "ap-east-1", @@ -25012,7 +28108,7 @@ var awsPartition = partition{ Region: "ap-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-east-1.amazonaws.com", + Hostname: "servicediscovery.ap-east-1.api.aws", }, endpointKey{ Region: "ap-northeast-1", @@ -25021,7 +28117,7 @@ var awsPartition = partition{ Region: "ap-northeast-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-northeast-1.amazonaws.com", + Hostname: "servicediscovery.ap-northeast-1.api.aws", }, endpointKey{ Region: "ap-northeast-2", @@ -25030,7 +28126,7 @@ var awsPartition = partition{ Region: "ap-northeast-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-northeast-2.amazonaws.com", + Hostname: "servicediscovery.ap-northeast-2.api.aws", }, endpointKey{ Region: "ap-northeast-3", @@ -25039,7 +28135,7 @@ var awsPartition = partition{ Region: "ap-northeast-3", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-northeast-3.amazonaws.com", + Hostname: "servicediscovery.ap-northeast-3.api.aws", }, endpointKey{ Region: "ap-south-1", @@ -25048,7 +28144,7 @@ var awsPartition = partition{ Region: "ap-south-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-south-1.amazonaws.com", + Hostname: "servicediscovery.ap-south-1.api.aws", }, endpointKey{ Region: "ap-south-2", @@ -25057,7 +28153,7 @@ var awsPartition = partition{ Region: "ap-south-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-south-2.amazonaws.com", + Hostname: "servicediscovery.ap-south-2.api.aws", }, endpointKey{ Region: "ap-southeast-1", @@ -25066,7 +28162,7 @@ var awsPartition = partition{ Region: "ap-southeast-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-southeast-1.amazonaws.com", + Hostname: "servicediscovery.ap-southeast-1.api.aws", }, endpointKey{ Region: "ap-southeast-2", @@ -25075,7 +28171,7 @@ var awsPartition = partition{ Region: "ap-southeast-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-southeast-2.amazonaws.com", + Hostname: "servicediscovery.ap-southeast-2.api.aws", }, endpointKey{ Region: "ap-southeast-3", @@ -25084,7 +28180,7 @@ var awsPartition = partition{ Region: "ap-southeast-3", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-southeast-3.amazonaws.com", + Hostname: "servicediscovery.ap-southeast-3.api.aws", }, endpointKey{ Region: "ap-southeast-4", @@ -25093,7 +28189,7 @@ var awsPartition = partition{ Region: "ap-southeast-4", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ap-southeast-4.amazonaws.com", + Hostname: "servicediscovery.ap-southeast-4.api.aws", }, endpointKey{ Region: "ca-central-1", @@ -25102,7 +28198,7 @@ var awsPartition = partition{ Region: "ca-central-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.ca-central-1.amazonaws.com", + Hostname: "servicediscovery.ca-central-1.api.aws", }, endpointKey{ Region: "ca-central-1", @@ -25110,6 +28206,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.ca-central-1.api.aws", + }, endpointKey{ Region: "ca-central-1-fips", }: endpoint{ @@ -25126,7 +28228,7 @@ var awsPartition = partition{ Region: "eu-central-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-central-1.amazonaws.com", + Hostname: "servicediscovery.eu-central-1.api.aws", }, endpointKey{ Region: "eu-central-2", @@ -25135,7 +28237,7 @@ var awsPartition = partition{ Region: "eu-central-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-central-2.amazonaws.com", + Hostname: "servicediscovery.eu-central-2.api.aws", }, endpointKey{ Region: "eu-north-1", @@ -25144,7 +28246,7 @@ var awsPartition = partition{ Region: "eu-north-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-north-1.amazonaws.com", + Hostname: "servicediscovery.eu-north-1.api.aws", }, endpointKey{ Region: "eu-south-1", @@ -25153,7 +28255,7 @@ var awsPartition = partition{ Region: "eu-south-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-south-1.amazonaws.com", + Hostname: "servicediscovery.eu-south-1.api.aws", }, endpointKey{ Region: "eu-south-2", @@ -25162,7 +28264,7 @@ var awsPartition = partition{ Region: "eu-south-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-south-2.amazonaws.com", + Hostname: "servicediscovery.eu-south-2.api.aws", }, endpointKey{ Region: "eu-west-1", @@ -25171,7 +28273,7 @@ var awsPartition = partition{ Region: "eu-west-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-west-1.amazonaws.com", + Hostname: "servicediscovery.eu-west-1.api.aws", }, endpointKey{ Region: "eu-west-2", @@ -25180,7 +28282,7 @@ var awsPartition = partition{ Region: "eu-west-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-west-2.amazonaws.com", + Hostname: "servicediscovery.eu-west-2.api.aws", }, endpointKey{ Region: "eu-west-3", @@ -25189,7 +28291,16 @@ var awsPartition = partition{ Region: "eu-west-3", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.eu-west-3.amazonaws.com", + Hostname: "servicediscovery.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.il-central-1.api.aws", }, endpointKey{ Region: "me-central-1", @@ -25198,7 +28309,7 @@ var awsPartition = partition{ Region: "me-central-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.me-central-1.amazonaws.com", + Hostname: "servicediscovery.me-central-1.api.aws", }, endpointKey{ Region: "me-south-1", @@ -25207,7 +28318,7 @@ var awsPartition = partition{ Region: "me-south-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.me-south-1.amazonaws.com", + Hostname: "servicediscovery.me-south-1.api.aws", }, endpointKey{ Region: "sa-east-1", @@ -25216,7 +28327,7 @@ var awsPartition = partition{ Region: "sa-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.sa-east-1.amazonaws.com", + Hostname: "servicediscovery.sa-east-1.api.aws", }, endpointKey{ Region: "us-east-1", @@ -25225,7 +28336,7 @@ var awsPartition = partition{ Region: "us-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-east-1.amazonaws.com", + Hostname: "servicediscovery.us-east-1.api.aws", }, endpointKey{ Region: "us-east-1", @@ -25233,6 +28344,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-1-fips", }: endpoint{ @@ -25249,7 +28366,7 @@ var awsPartition = partition{ Region: "us-east-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-east-2.amazonaws.com", + Hostname: "servicediscovery.us-east-2.api.aws", }, endpointKey{ Region: "us-east-2", @@ -25257,6 +28374,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-east-2.amazonaws.com", }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2-fips", }: endpoint{ @@ -25273,7 +28396,7 @@ var awsPartition = partition{ Region: "us-west-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-west-1.amazonaws.com", + Hostname: "servicediscovery.us-west-1.api.aws", }, endpointKey{ Region: "us-west-1", @@ -25281,6 +28404,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-1.api.aws", + }, endpointKey{ Region: "us-west-1-fips", }: endpoint{ @@ -25297,7 +28426,7 @@ var awsPartition = partition{ Region: "us-west-2", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-west-2.amazonaws.com", + Hostname: "servicediscovery.us-west-2.api.aws", }, endpointKey{ Region: "us-west-2", @@ -25305,6 +28434,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-west-2.amazonaws.com", }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-2.api.aws", + }, endpointKey{ Region: "us-west-2-fips", }: endpoint{ @@ -25359,6 +28494,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25383,6 +28521,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -25606,6 +28747,38 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-verification-us-east-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-verification-us-east-2", + }: endpoint{ + Hostname: "verification.signer-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "fips-verification-us-west-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "fips-verification-us-west-2", + }: endpoint{ + Hostname: "verification.signer-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -25648,148 +28821,206 @@ var awsPartition = partition{ }: endpoint{ Hostname: "signer-fips.us-west-2.amazonaws.com", }, - }, - }, - "simspaceweaver": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-north-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, + Region: "verification-af-south-1", + }: endpoint{ + Hostname: "verification.signer.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, endpointKey{ - Region: "us-west-2", - }: endpoint{}, - }, - }, - "sms": service{ - Endpoints: serviceEndpoints{ + Region: "verification-ap-east-1", + }: endpoint{ + Hostname: "verification.signer.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, endpointKey{ - Region: "af-south-1", - }: endpoint{}, + Region: "verification-ap-northeast-1", + }: endpoint{ + Hostname: "verification.signer.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, endpointKey{ - Region: "ap-east-1", - }: endpoint{}, + Region: "verification-ap-northeast-2", + }: endpoint{ + Hostname: "verification.signer.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, + Region: "verification-ap-south-1", + }: endpoint{ + Hostname: "verification.signer.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, + Region: "verification-ap-southeast-1", + }: endpoint{ + Hostname: "verification.signer.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, endpointKey{ - Region: "ap-south-1", - }: endpoint{}, + Region: "verification-ap-southeast-2", + }: endpoint{ + Hostname: "verification.signer.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, + Region: "verification-ca-central-1", + }: endpoint{ + Hostname: "verification.signer.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, + Region: "verification-eu-central-1", + }: endpoint{ + Hostname: "verification.signer.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, endpointKey{ - Region: "ca-central-1", - }: endpoint{}, + Region: "verification-eu-north-1", + }: endpoint{ + Hostname: "verification.signer.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, endpointKey{ - Region: "eu-central-1", - }: endpoint{}, + Region: "verification-eu-south-1", + }: endpoint{ + Hostname: "verification.signer.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, endpointKey{ - Region: "eu-north-1", - }: endpoint{}, + Region: "verification-eu-west-1", + }: endpoint{ + Hostname: "verification.signer.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, endpointKey{ - Region: "eu-south-1", - }: endpoint{}, + Region: "verification-eu-west-2", + }: endpoint{ + Hostname: "verification.signer.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, endpointKey{ - Region: "eu-west-1", - }: endpoint{}, + Region: "verification-eu-west-3", + }: endpoint{ + Hostname: "verification.signer.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, endpointKey{ - Region: "eu-west-2", - }: endpoint{}, + Region: "verification-me-south-1", + }: endpoint{ + Hostname: "verification.signer.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, endpointKey{ - Region: "eu-west-3", - }: endpoint{}, + Region: "verification-sa-east-1", + }: endpoint{ + Hostname: "verification.signer.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, endpointKey{ - Region: "fips-us-east-1", + Region: "verification-us-east-1", }: endpoint{ - Hostname: "sms-fips.us-east-1.amazonaws.com", + Hostname: "verification.signer.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, - Deprecated: boxedTrue, }, endpointKey{ - Region: "fips-us-east-2", + Region: "verification-us-east-2", }: endpoint{ - Hostname: "sms-fips.us-east-2.amazonaws.com", + Hostname: "verification.signer.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, - Deprecated: boxedTrue, }, endpointKey{ - Region: "fips-us-west-1", + Region: "verification-us-west-1", }: endpoint{ - Hostname: "sms-fips.us-west-1.amazonaws.com", + Hostname: "verification.signer.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, - Deprecated: boxedTrue, }, endpointKey{ - Region: "fips-us-west-2", + Region: "verification-us-west-2", }: endpoint{ - Hostname: "sms-fips.us-west-2.amazonaws.com", + Hostname: "verification.signer.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, - Deprecated: boxedTrue, }, + }, + }, + "simspaceweaver": service{ + Endpoints: serviceEndpoints{ endpointKey{ - Region: "me-south-1", + Region: "ap-southeast-1", }: endpoint{}, endpointKey{ - Region: "sa-east-1", + Region: "ap-southeast-2", }: endpoint{}, endpointKey{ - Region: "us-east-1", + Region: "eu-central-1", }: endpoint{}, endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "sms-fips.us-east-1.amazonaws.com", - }, + Region: "eu-north-1", + }: endpoint{}, endpointKey{ - Region: "us-east-2", + Region: "eu-west-1", }: endpoint{}, endpointKey{ - Region: "us-east-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "sms-fips.us-east-2.amazonaws.com", - }, + Region: "us-east-1", + }: endpoint{}, endpointKey{ - Region: "us-west-1", + Region: "us-east-2", }: endpoint{}, endpointKey{ - Region: "us-west-1", - Variant: fipsVariant, + Region: "us-west-2", + }: endpoint{}, + }, + }, + "sms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-west-2", }: endpoint{ - Hostname: "sms-fips.us-west-1.amazonaws.com", + Hostname: "sms-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-2", @@ -26234,6 +29465,15 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -26258,6 +29498,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "sns-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -26294,6 +29543,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -26385,6 +29637,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -26445,6 +29700,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -26539,6 +29797,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "ssm-fips.ca-central-1.amazonaws.com", }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-fips.ca-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -26572,6 +29839,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ssm-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -26608,6 +29884,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -26787,6 +30066,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -26802,21 +30087,90 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-2.amazonaws.com", + }, }, }, "ssm-sap": service{ @@ -26999,6 +30353,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -27014,6 +30371,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -27072,6 +30432,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -27132,6 +30495,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -27256,6 +30622,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -27385,6 +30754,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -27409,6 +30781,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "local", }: endpoint{ @@ -27488,6 +30863,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -27512,6 +30890,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -27659,6 +31040,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -27719,6 +31103,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -27804,6 +31191,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -27864,6 +31254,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -27949,6 +31342,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -27973,6 +31369,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -28114,6 +31513,65 @@ var awsPartition = partition{ }, }, }, + "thinclient": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "tnb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "transcribe": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -28447,6 +31905,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -28525,6 +31986,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -28770,6 +32234,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -28919,9 +32386,21 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -29521,6 +33000,7 @@ var awsPartition = partition{ CredentialScope: credentialScope{ Region: "il-central-1", }, + Deprecated: boxedTrue, }, endpointKey{ Region: "fips-me-central-1", @@ -29585,6 +33065,23 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "waf-regional.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-central-1", }: endpoint{ @@ -30235,6 +33732,7 @@ var awsPartition = partition{ CredentialScope: credentialScope{ Region: "il-central-1", }, + Deprecated: boxedTrue, }, endpointKey{ Region: "fips-me-central-1", @@ -30299,6 +33797,23 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "wafv2.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-central-1", }: endpoint{ @@ -30658,6 +34173,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -30753,6 +34271,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -30813,6 +34334,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -30982,6 +34506,20 @@ var awscnPartition = partition{ }, }, }, + "api.pricing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "pricing", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "api.sagemaker": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -31089,6 +34627,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "athena": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -31389,6 +34937,31 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "datazone.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "datazone.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "dax": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -31516,6 +35089,31 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "eks-auth.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "eks-auth.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "elasticache": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -31601,9 +35199,21 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "emr-containers": service{ @@ -31631,9 +35241,21 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "events": service{ @@ -31791,6 +35413,16 @@ var awscnPartition = partition{ }, }, }, + "identitystore": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "internetmonitor": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -31869,6 +35501,29 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "iottwinmaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "api-cn-north-1", + }: endpoint{ + Hostname: "api.iottwinmaker.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "data-cn-north-1", + }: endpoint{ + Hostname: "data.iottwinmaker.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + }, + }, "kafka": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32090,6 +35745,26 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "oidc": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "oidc.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "oidc.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, "organizations": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -32121,6 +35796,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "pipes": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "polly": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32128,6 +35813,51 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "portal.sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "portal.sso.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "portal.sso.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "qbusiness.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "qbusiness.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "ram": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32168,6 +35898,13 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "redshift-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, "resource-explorer-2": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -32344,14 +36081,53 @@ var awscnPartition = partition{ }, }, }, + "savingsplans": service{ + IsRegionalized: boxedTrue, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "savingsplans.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "savingsplans.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "schemas": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "secretsmanager": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{}, }, }, "securityhub": service{ @@ -32402,7 +36178,7 @@ var awscnPartition = partition{ Region: "cn-north-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.cn-north-1.amazonaws.com.cn", + Hostname: "servicediscovery.cn-north-1.api.amazonwebservices.com.cn", }, endpointKey{ Region: "cn-northwest-1", @@ -32411,7 +36187,7 @@ var awscnPartition = partition{ Region: "cn-northwest-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.cn-northwest-1.amazonaws.com.cn", + Hostname: "servicediscovery.cn-northwest-1.api.amazonwebservices.com.cn", }, }, }, @@ -32438,6 +36214,22 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "verification-cn-north-1", + }: endpoint{ + Hostname: "verification.signer.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "verification-cn-northwest-1", + }: endpoint{ + Hostname: "verification.signer.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, }, }, "sms": service{ @@ -32445,9 +36237,6 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, - endpointKey{ - Region: "cn-northwest-1", - }: endpoint{}, }, }, "snowball": service{ @@ -32531,14 +36320,36 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "states": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "states.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "states.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "storagegateway": service{ @@ -33312,12 +37123,42 @@ var awsusgovPartition = partition{ }, "appconfigdata": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "appconfigdata.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "appconfigdata.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfigdata.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfigdata.us-gov-west-1.amazonaws.com", + }, }, }, "application-autoscaling": service{ @@ -33452,6 +37293,16 @@ var awsusgovPartition = partition{ }, }, }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "athena": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -33635,6 +37486,13 @@ var awsusgovPartition = partition{ }, }, }, + "bedrock": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "cassandra": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34012,6 +37870,15 @@ var awsusgovPartition = partition{ }, "codepipeline": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "codepipeline-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -34024,6 +37891,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -34035,6 +37908,13 @@ var awsusgovPartition = partition{ }, }, }, + "codestar-connections": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + }, + }, "cognito-identity": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34378,6 +38258,31 @@ var awsusgovPartition = partition{ }, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "datazone.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "datazone.us-gov-west-1.api.aws", + }, + }, + }, "directconnect": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34525,6 +38430,46 @@ var awsusgovPartition = partition{ }, }, }, + "drs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "ds": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34760,6 +38705,31 @@ var awsusgovPartition = partition{ }, }, }, + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "eks-auth.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "eks-auth.us-gov-west-1.api.aws", + }, + }, + }, "elasticache": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{}, @@ -34980,6 +38950,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, @@ -34991,6 +38967,13 @@ var awsusgovPartition = partition{ }: endpoint{ Protocols: []string{"https"}, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-west-1.api.aws", + Protocols: []string{"https"}, + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, @@ -35046,6 +39029,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, @@ -35064,6 +39053,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, @@ -35300,6 +39295,28 @@ var awsusgovPartition = partition{ }, }, }, + "geo": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "geo-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "geo-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "glacier": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -35366,21 +39383,45 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "glue.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{ Hostname: "glue-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "glue.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{ Hostname: "glue-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-west-1.api.aws", + }, }, }, "greengrass": service{ @@ -35498,7 +39539,21 @@ var awsusgovPartition = partition{ }, }, "health": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "health.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "global.health.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -35699,12 +39754,42 @@ var awsusgovPartition = partition{ }, "inspector2": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "inspector2-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "inspector2-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-gov-west-1.amazonaws.com", + }, }, }, "internetmonitor": service{ @@ -35892,6 +39977,38 @@ var awsusgovPartition = partition{ }, "iottwinmaker": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "api-us-gov-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "data-us-gov-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-api-us-gov-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-data-us-gov-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -36153,21 +40270,45 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lakeformation.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{ Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lakeformation.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{ Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-west-1.api.aws", + }, }, }, "lambda": service{ @@ -36262,6 +40403,16 @@ var awsusgovPartition = partition{ }, }, }, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "logs": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36302,6 +40453,36 @@ var awsusgovPartition = partition{ }, }, }, + "m2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{}, + }, + }, "managedblockchain": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36635,6 +40816,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "aws-us-gov-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "networkmanager.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-aws-us-gov-global", + }: endpoint{ + Hostname: "networkmanager.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "oidc": service{ @@ -36840,6 +41039,31 @@ var awsusgovPartition = partition{ }, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-west-1.api.aws", + }, + }, + }, "quicksight": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -37081,6 +41305,46 @@ var awsusgovPartition = partition{ }, }, }, + "resiliencehub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "resource-explorer-2": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -37161,6 +41425,46 @@ var awsusgovPartition = partition{ }: endpoint{}, }, }, + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "route53": service{ PartitionEndpoint: "aws-us-gov-global", IsRegionalized: boxedFalse, @@ -37521,17 +41825,33 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, "secretsmanager": service{ @@ -37539,37 +41859,43 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-east-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-west-1", - }, + Deprecated: boxedTrue, }, }, @@ -37759,7 +42085,7 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-gov-east-1.amazonaws.com", + Hostname: "servicediscovery.us-gov-east-1.api.aws", }, endpointKey{ Region: "us-gov-east-1", @@ -37767,6 +42093,12 @@ var awsusgovPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1-fips", }: endpoint{ @@ -37783,7 +42115,7 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-gov-west-1.amazonaws.com", + Hostname: "servicediscovery.us-gov-west-1.api.aws", }, endpointKey{ Region: "us-gov-west-1", @@ -37791,6 +42123,12 @@ var awsusgovPartition = partition{ }: endpoint{ Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1-fips", }: endpoint{ @@ -37854,21 +42192,11 @@ var awsusgovPartition = partition{ }, }, "simspaceweaver": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "us-gov-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-gov-west-1", - }: endpoint{}, - }, - }, - "sms": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "fips-us-gov-east-1", }: endpoint{ - Hostname: "sms-fips.us-gov-east-1.amazonaws.com", + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, @@ -37877,7 +42205,7 @@ var awsusgovPartition = partition{ endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ - Hostname: "sms-fips.us-gov-west-1.amazonaws.com", + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, @@ -37890,7 +42218,29 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{ - Hostname: "sms-fips.us-gov-east-1.amazonaws.com", + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", + }, + }, + }, + "sms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "sms-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-gov-west-1", @@ -38096,6 +42446,24 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ @@ -38104,6 +42472,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "states": service{ @@ -39013,6 +43399,28 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + }, + }, + }, "directconnect": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -39135,6 +43543,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "ec2": service{ @@ -39167,6 +43578,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "elasticache": service{ @@ -39233,14 +43647,45 @@ var awsisoPartition = partition{ }, "elasticmapreduce": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{ Protocols: []string{"https"}, }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-east-1.c2s.ic.gov", + Protocols: []string{"https"}, + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-west-1.c2s.ic.gov", + }, }, }, "es": service{ @@ -39292,6 +43737,19 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "guardduty": service{ + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, "health": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -39442,12 +43900,42 @@ var awsisoPartition = partition{ }, "ram": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "ram-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "ram-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-iso-east-1.c2s.ic.gov", + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-iso-west-1.c2s.ic.gov", + }, }, }, "rbin": service{ @@ -39461,6 +43949,15 @@ var awsisoPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "rbin-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{}, @@ -39470,19 +43967,152 @@ var awsisoPartition = partition{ }: endpoint{ Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov", }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-iso-west-1.c2s.ic.gov", + }, }, }, "rds": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds-fips.us-iso-east-1", + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.us-iso-west-1", + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "redshift-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "redshift-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-iso-west-1.c2s.ic.gov", + }, + }, + }, + "resource-groups": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-iso-east-1", @@ -39530,15 +44160,61 @@ var awsisoPartition = partition{ }, }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "s3-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "s3-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{ Protocols: []string{"http", "https"}, SignatureVersions: []string{"s3v4"}, }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-iso-east-1.c2s.ic.gov", + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-iso-east-1.c2s.ic.gov", + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-iso-west-1.c2s.ic.gov", + }, }, }, "secretsmanager": service{ @@ -39764,6 +44440,13 @@ var awsisobPartition = partition{ }, }, }, + "api.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "appconfig": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -39802,6 +44485,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "cloudformation": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -39998,9 +44688,24 @@ var awsisobPartition = partition{ }, "elasticmapreduce": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "es": service{ @@ -40132,11 +44837,33 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "ram": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "ram-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "rbin": service{ @@ -40163,16 +44890,73 @@ var awsisobPartition = partition{ }, "rds": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds-fips.us-isob-east-1", + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-isob-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "redshift-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "resource-groups": service{ @@ -40203,6 +44987,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "runtime.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "s3": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -40211,9 +45002,30 @@ var awsisobPartition = partition{ }, }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "s3-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "secretsmanager": service{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go index 504d726859714..ea8e353765834 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go @@ -191,7 +191,10 @@ func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers req if err != nil { return nil, err } - mySession := Must(NewSession()) + // create oidcClient with AnonymousCredentials to avoid recursively resolving credentials + mySession := Must(NewSession(&aws.Config{ + Credentials: credentials.AnonymousCredentials, + })) oidcClient := ssooidc.New(mySession, cfgCopy) tokenProvider := ssocreds.NewSSOTokenProvider(oidcClient, cachedPath) optFns = append(optFns, func(p *ssocreds.Provider) { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index d6fa24776cf36..93bb5de647097 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -171,6 +171,12 @@ type envConfig struct { // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState + // Specifies that IMDS clients should not fallback to IMDSv1 if token + // requests fail. + // + // AWS_EC2_METADATA_V1_DISABLED=true + EC2IMDSv1Disabled *bool + // Specifies that SDK clients must resolve a dual-stack endpoint for // services. // @@ -251,6 +257,9 @@ var ( ec2IMDSEndpointModeEnvKey = []string{ "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE", } + ec2MetadataV1DisabledEnvKey = []string{ + "AWS_EC2_METADATA_V1_DISABLED", + } useCABundleKey = []string{ "AWS_CA_BUNDLE", } @@ -393,6 +402,7 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil { return envConfig{}, err } + setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, ec2MetadataV1DisabledEnvKey) if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil { return cfg, err @@ -414,6 +424,24 @@ func setFromEnvVal(dst *string, keys []string) { } } +func setBoolPtrFromEnvVal(dst **bool, keys []string) { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + switch { + case strings.EqualFold(value, "false"): + *dst = new(bool) + **dst = false + case strings.EqualFold(value, "true"): + *dst = new(bool) + **dst = true + } + } +} + func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error { for _, k := range keys { value := os.Getenv(k) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 8127c99a9a119..3c88dee526d2a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -779,6 +779,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode) } + cfg.EC2MetadataEnableFallback = userCfg.EC2MetadataEnableFallback + if cfg.EC2MetadataEnableFallback == nil && envCfg.EC2IMDSv1Disabled != nil { + cfg.EC2MetadataEnableFallback = aws.Bool(!*envCfg.EC2IMDSv1Disabled) + } + if cfg.EC2MetadataEnableFallback == nil && sharedCfg.EC2IMDSv1Disabled != nil { + cfg.EC2MetadataEnableFallback = aws.Bool(!*sharedCfg.EC2IMDSv1Disabled) + } + cfg.S3UseARNRegion = userCfg.S3UseARNRegion if cfg.S3UseARNRegion == nil { cfg.S3UseARNRegion = &envCfg.S3UseARNRegion diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index ea3ac0d0316ea..f3ce8183dd94d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -80,6 +80,9 @@ const ( // EC2 IMDS Endpoint ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint" + // ECS IMDSv1 disable fallback + ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled" + // Use DualStack Endpoint Resolution useDualStackEndpoint = "use_dualstack_endpoint" @@ -179,6 +182,12 @@ type sharedConfig struct { // ec2_metadata_service_endpoint=http://fd00:ec2::254 EC2IMDSEndpoint string + // Specifies that IMDS clients should not fallback to IMDSv1 if token + // requests fail. + // + // ec2_metadata_v1_disabled=true + EC2IMDSv1Disabled *bool + // Specifies that SDK clients must resolve a dual-stack endpoint for // services. // @@ -389,8 +398,15 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e updateString(&cfg.Region, section, regionKey) updateString(&cfg.CustomCABundle, section, customCABundleKey) + // we're retaining a behavioral quirk with this field that existed before + // the removal of literal parsing for (aws-sdk-go-v2/#2276): + // - if the key is missing, the config field will not be set + // - if the key is set to a non-numeric, the config field will be set to 0 if section.Has(roleDurationSecondsKey) { - d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second + var d time.Duration + if v, ok := section.Int(roleDurationSecondsKey); ok { + d = time.Duration(v) * time.Second + } cfg.AssumeRoleDuration = &d } @@ -427,6 +443,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e ec2MetadataServiceEndpointModeKey, file.Filename, err) } updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey) + updateBoolPtr(&cfg.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey) updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint) @@ -668,7 +685,10 @@ func updateBool(dst *bool, section ini.Section, key string) { if !section.Has(key) { return } - *dst = section.Bool(key) + + // retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false + v, _ := section.Bool(key) + *dst = v } // updateBoolPtr will only update the dst with the value in the section key, @@ -677,8 +697,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) { if !section.Has(key) { return } + + // retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false + v, _ := section.Bool(key) *dst = new(bool) - **dst = section.Bool(key) + **dst = v } // SharedConfigLoadError is an error for the shared config file failed to load. @@ -805,7 +828,8 @@ func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section i return } - if section.Bool(key) { + // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false + if v, _ := section.Bool(key); v { *dst = endpoints.DualStackEndpointStateEnabled } else { *dst = endpoints.DualStackEndpointStateDisabled @@ -821,7 +845,8 @@ func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section return } - if section.Bool(key) { + // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false + if v, _ := section.Bool(key); v { *dst = endpoints.FIPSEndpointStateEnabled } else { *dst = endpoints.FIPSEndpointStateDisabled diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 0240bd0be35d6..b542df9315624 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -8,7 +8,7 @@ // Generally using the signer outside of the SDK should not require any additional // logic when using Go v1.5 or higher. The signer does this by taking advantage // of the URL.EscapedPath method. If your request URI requires additional escaping -// you many need to use the URL.Opaque to define what the raw URI should be sent +// you may need to use the URL.Opaque to define what the raw URI should be sent // to the service as. // // The signer will first check the URL.Opaque field, and use its value if set. @@ -125,6 +125,7 @@ var requiredSignedHeaders = rules{ "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, + "X-Amz-Expected-Bucket-Owner": struct{}{}, "X-Amz-Grant-Full-control": struct{}{}, "X-Amz-Grant-Read": struct{}{}, "X-Amz-Grant-Read-Acp": struct{}{}, @@ -135,6 +136,7 @@ var requiredSignedHeaders = rules{ "X-Amz-Request-Payer": struct{}{}, "X-Amz-Server-Side-Encryption": struct{}{}, "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, + "X-Amz-Server-Side-Encryption-Context": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index ca531a470ff35..db416ea875692 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.298" +const SDKVersion = "1.49.24" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go index 34a481afbd4f7..b1b686086a9cd 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go @@ -154,11 +154,11 @@ func (v ValueType) String() string { // ValueType enums const ( NoneType = ValueType(iota) - DecimalType - IntegerType + DecimalType // deprecated + IntegerType // deprecated StringType QuotedStringType - BoolType + BoolType // deprecated ) // Value is a union container @@ -166,9 +166,9 @@ type Value struct { Type ValueType raw []rune - integer int64 - decimal float64 - boolean bool + integer int64 // deprecated + decimal float64 // deprecated + boolean bool // deprecated str string } @@ -253,24 +253,6 @@ func newLitToken(b []rune) (Token, int, error) { } token = newToken(TokenLit, b[:n], QuotedStringType) - } else if isNumberValue(b) { - var base int - base, n, err = getNumericalValue(b) - if err != nil { - return token, 0, err - } - - value := b[:n] - vType := IntegerType - if contains(value, '.') || hasExponent(value) { - vType = DecimalType - } - token = newToken(TokenLit, value, vType) - token.base = base - } else if isBoolValue(b) { - n, err = getBoolValue(b) - - token = newToken(TokenLit, b[:n], BoolType) } else { n, err = getValue(b) token = newToken(TokenLit, b[:n], StringType) @@ -280,18 +262,33 @@ func newLitToken(b []rune) (Token, int, error) { } // IntValue returns an integer value -func (v Value) IntValue() int64 { - return v.integer +func (v Value) IntValue() (int64, bool) { + i, err := strconv.ParseInt(string(v.raw), 0, 64) + if err != nil { + return 0, false + } + return i, true } // FloatValue returns a float value -func (v Value) FloatValue() float64 { - return v.decimal +func (v Value) FloatValue() (float64, bool) { + f, err := strconv.ParseFloat(string(v.raw), 64) + if err != nil { + return 0, false + } + return f, true } // BoolValue returns a bool value -func (v Value) BoolValue() bool { - return v.boolean +func (v Value) BoolValue() (bool, bool) { + // we don't use ParseBool as it recognizes more than what we've + // historically supported + if isCaselessLitValue(runesTrue, v.raw) { + return true, true + } else if isCaselessLitValue(runesFalse, v.raw) { + return false, true + } + return false, false } func isTrimmable(r rune) bool { diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go index 081cf43342419..1d08e138aba19 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go @@ -145,17 +145,17 @@ func (t Section) ValueType(k string) (ValueType, bool) { } // Bool returns a bool value at k -func (t Section) Bool(k string) bool { +func (t Section) Bool(k string) (bool, bool) { return t.values[k].BoolValue() } // Int returns an integer value at k -func (t Section) Int(k string) int64 { +func (t Section) Int(k string) (int64, bool) { return t.values[k].IntValue() } // Float64 returns a float value at k -func (t Section) Float64(k string) float64 { +func (t Section) Float64(k string) (float64, bool) { return t.values[k].FloatValue() } diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go index b98e7076e3c91..48d2f7d4dd0b2 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go @@ -769,7 +769,7 @@ func (c *AutoScaling) CompleteLifecycleActionRequest(input *CompleteLifecycleAct // If you finish before the timeout period ends, send a callback by using the // CompleteLifecycleAction API call. // -// For more information, see Amazon EC2 Auto Scaling lifecycle hooks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html) +// For more information, see Complete a lifecycle action (https://docs.aws.amazon.com/autoscaling/ec2/userguide/completing-lifecycle-hooks.html) // in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2411,6 +2411,12 @@ func (c *AutoScaling) DescribeInstanceRefreshesRequest(input *DescribeInstanceRe Name: opDescribeInstanceRefreshes, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, } if input == nil { @@ -2477,6 +2483,57 @@ func (c *AutoScaling) DescribeInstanceRefreshesWithContext(ctx aws.Context, inpu return out, req.Send() } +// DescribeInstanceRefreshesPages iterates over the pages of a DescribeInstanceRefreshes operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeInstanceRefreshes method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeInstanceRefreshes operation. +// pageNum := 0 +// err := client.DescribeInstanceRefreshesPages(params, +// func(page *autoscaling.DescribeInstanceRefreshesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *AutoScaling) DescribeInstanceRefreshesPages(input *DescribeInstanceRefreshesInput, fn func(*DescribeInstanceRefreshesOutput, bool) bool) error { + return c.DescribeInstanceRefreshesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeInstanceRefreshesPagesWithContext same as DescribeInstanceRefreshesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AutoScaling) DescribeInstanceRefreshesPagesWithContext(ctx aws.Context, input *DescribeInstanceRefreshesInput, fn func(*DescribeInstanceRefreshesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeInstanceRefreshesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeInstanceRefreshesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeInstanceRefreshesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeLaunchConfigurations = "DescribeLaunchConfigurations" // DescribeLaunchConfigurationsRequest generates a "aws/request.Request" representing the @@ -2812,6 +2869,12 @@ func (c *AutoScaling) DescribeLoadBalancerTargetGroupsRequest(input *DescribeLoa Name: opDescribeLoadBalancerTargetGroups, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, } if input == nil { @@ -2899,6 +2962,57 @@ func (c *AutoScaling) DescribeLoadBalancerTargetGroupsWithContext(ctx aws.Contex return out, req.Send() } +// DescribeLoadBalancerTargetGroupsPages iterates over the pages of a DescribeLoadBalancerTargetGroups operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLoadBalancerTargetGroups method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLoadBalancerTargetGroups operation. +// pageNum := 0 +// err := client.DescribeLoadBalancerTargetGroupsPages(params, +// func(page *autoscaling.DescribeLoadBalancerTargetGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *AutoScaling) DescribeLoadBalancerTargetGroupsPages(input *DescribeLoadBalancerTargetGroupsInput, fn func(*DescribeLoadBalancerTargetGroupsOutput, bool) bool) error { + return c.DescribeLoadBalancerTargetGroupsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLoadBalancerTargetGroupsPagesWithContext same as DescribeLoadBalancerTargetGroupsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AutoScaling) DescribeLoadBalancerTargetGroupsPagesWithContext(ctx aws.Context, input *DescribeLoadBalancerTargetGroupsInput, fn func(*DescribeLoadBalancerTargetGroupsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLoadBalancerTargetGroupsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLoadBalancerTargetGroupsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLoadBalancerTargetGroupsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeLoadBalancers = "DescribeLoadBalancers" // DescribeLoadBalancersRequest generates a "aws/request.Request" representing the @@ -2929,6 +3043,12 @@ func (c *AutoScaling) DescribeLoadBalancersRequest(input *DescribeLoadBalancersI Name: opDescribeLoadBalancers, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, } if input == nil { @@ -3016,6 +3136,57 @@ func (c *AutoScaling) DescribeLoadBalancersWithContext(ctx aws.Context, input *D return out, req.Send() } +// DescribeLoadBalancersPages iterates over the pages of a DescribeLoadBalancers operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLoadBalancers method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLoadBalancers operation. +// pageNum := 0 +// err := client.DescribeLoadBalancersPages(params, +// func(page *autoscaling.DescribeLoadBalancersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *AutoScaling) DescribeLoadBalancersPages(input *DescribeLoadBalancersInput, fn func(*DescribeLoadBalancersOutput, bool) bool) error { + return c.DescribeLoadBalancersPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLoadBalancersPagesWithContext same as DescribeLoadBalancersPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AutoScaling) DescribeLoadBalancersPagesWithContext(ctx aws.Context, input *DescribeLoadBalancersInput, fn func(*DescribeLoadBalancersOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLoadBalancersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLoadBalancersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLoadBalancersOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeMetricCollectionTypes = "DescribeMetricCollectionTypes" // DescribeMetricCollectionTypesRequest generates a "aws/request.Request" representing the @@ -4167,6 +4338,12 @@ func (c *AutoScaling) DescribeWarmPoolRequest(input *DescribeWarmPoolInput) (req Name: opDescribeWarmPool, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, } if input == nil { @@ -4229,6 +4406,57 @@ func (c *AutoScaling) DescribeWarmPoolWithContext(ctx aws.Context, input *Descri return out, req.Send() } +// DescribeWarmPoolPages iterates over the pages of a DescribeWarmPool operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeWarmPool method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeWarmPool operation. +// pageNum := 0 +// err := client.DescribeWarmPoolPages(params, +// func(page *autoscaling.DescribeWarmPoolOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *AutoScaling) DescribeWarmPoolPages(input *DescribeWarmPoolInput, fn func(*DescribeWarmPoolOutput, bool) bool) error { + return c.DescribeWarmPoolPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeWarmPoolPagesWithContext same as DescribeWarmPoolPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AutoScaling) DescribeWarmPoolPagesWithContext(ctx aws.Context, input *DescribeWarmPoolInput, fn func(*DescribeWarmPoolOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeWarmPoolInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeWarmPoolRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeWarmPoolOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDetachInstances = "DetachInstances" // DetachInstancesRequest generates a "aws/request.Request" representing the @@ -4560,7 +4788,7 @@ func (c *AutoScaling) DetachTrafficSourcesRequest(input *DetachTrafficSourcesInp // // Detaches one or more traffic sources from the specified Auto Scaling group. // -// When you detach a taffic, it enters the Removing state while deregistering +// When you detach a traffic source, it enters the Removing state while deregistering // the instances in the group. When all instances are deregistered, then you // can no longer describe the traffic source using the DescribeTrafficSources // API call. The instances continue to run. @@ -6284,10 +6512,7 @@ func (c *AutoScaling) StartInstanceRefreshRequest(input *StartInstanceRefreshInp // StartInstanceRefresh API operation for Auto Scaling. // -// Starts an instance refresh. During an instance refresh, Amazon EC2 Auto Scaling -// performs a rolling update of instances in an Auto Scaling group. Instances -// are terminated first and then replaced, which temporarily reduces the capacity -// available within your Auto Scaling group. +// Starts an instance refresh. // // This operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) // in Amazon EC2 Auto Scaling, which helps you update instances in your Auto @@ -6981,6 +7206,39 @@ func (s *Alarm) SetAlarmName(v string) *Alarm { return s } +// Specifies the CloudWatch alarm specification to use in an instance refresh. +type AlarmSpecification struct { + _ struct{} `type:"structure"` + + // The names of one or more CloudWatch alarms to monitor for the instance refresh. + // You can specify up to 10 alarms. + Alarms []*string `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AlarmSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AlarmSpecification) GoString() string { + return s.String() +} + +// SetAlarms sets the Alarms field's value. +func (s *AlarmSpecification) SetAlarms(v []*string) *AlarmSpecification { + s.Alarms = v + return s +} + type AttachInstancesInput struct { _ struct{} `type:"structure"` @@ -8041,6 +8299,11 @@ type CreateAutoScalingGroupInput struct { // in the Amazon EC2 Auto Scaling User Guide. InstanceId *string `min:"1" type:"string"` + // An instance maintenance policy. For more information, see Set instance maintenance + // policy (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html) + // in the Amazon EC2 Auto Scaling User Guide. + InstanceMaintenancePolicy *InstanceMaintenancePolicy `type:"structure"` + // The name of the launch configuration to use to launch instances. // // Conditional: You must specify either a launch template (LaunchTemplate or @@ -8219,6 +8482,11 @@ func (s *CreateAutoScalingGroupInput) Validate() error { if s.VPCZoneIdentifier != nil && len(*s.VPCZoneIdentifier) < 1 { invalidParams.Add(request.NewErrParamMinLen("VPCZoneIdentifier", 1)) } + if s.InstanceMaintenancePolicy != nil { + if err := s.InstanceMaintenancePolicy.Validate(); err != nil { + invalidParams.AddNested("InstanceMaintenancePolicy", err.(request.ErrInvalidParams)) + } + } if s.LaunchTemplate != nil { if err := s.LaunchTemplate.Validate(); err != nil { invalidParams.AddNested("LaunchTemplate", err.(request.ErrInvalidParams)) @@ -8332,6 +8600,12 @@ func (s *CreateAutoScalingGroupInput) SetInstanceId(v string) *CreateAutoScaling return s } +// SetInstanceMaintenancePolicy sets the InstanceMaintenancePolicy field's value. +func (s *CreateAutoScalingGroupInput) SetInstanceMaintenancePolicy(v *InstanceMaintenancePolicy) *CreateAutoScalingGroupInput { + s.InstanceMaintenancePolicy = v + return s +} + // SetLaunchConfigurationName sets the LaunchConfigurationName field's value. func (s *CreateAutoScalingGroupInput) SetLaunchConfigurationName(v string) *CreateAutoScalingGroupInput { s.LaunchConfigurationName = &v @@ -13344,6 +13618,9 @@ type Group struct { // HealthCheckType is a required field HealthCheckType *string `min:"1" type:"string" required:"true"` + // An instance maintenance policy. + InstanceMaintenancePolicy *InstanceMaintenancePolicy `type:"structure"` + // The EC2 instances associated with the group. Instances []*Instance `type:"list"` @@ -13513,6 +13790,12 @@ func (s *Group) SetHealthCheckType(v string) *Group { return s } +// SetInstanceMaintenancePolicy sets the InstanceMaintenancePolicy field's value. +func (s *Group) SetInstanceMaintenancePolicy(v *InstanceMaintenancePolicy) *Group { + s.InstanceMaintenancePolicy = v + return s +} + // SetInstances sets the Instances field's value. func (s *Group) SetInstances(v []*Instance) *Group { s.Instances = v @@ -13903,6 +14186,78 @@ func (s *InstanceDetails) SetWeightedCapacity(v string) *InstanceDetails { return s } +// Describes an instance maintenance policy. +// +// For more information, see Set instance maintenance policy (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html) +// in the Amazon EC2 Auto Scaling User Guide. +type InstanceMaintenancePolicy struct { + _ struct{} `type:"structure"` + + // Specifies the upper threshold as a percentage of the desired capacity of + // the Auto Scaling group. It represents the maximum percentage of the group + // that can be in service and healthy, or pending, to support your workload + // when replacing instances. Value range is 100 to 200. After it's set, a value + // of -1 will clear the previously set value. + // + // Both MinHealthyPercentage and MaxHealthyPercentage must be specified, and + // the difference between them cannot be greater than 100. A large range increases + // the number of instances that can be replaced at the same time. + MaxHealthyPercentage *int64 `type:"integer"` + + // Specifies the lower threshold as a percentage of the desired capacity of + // the Auto Scaling group. It represents the minimum percentage of the group + // to keep in service, healthy, and ready to use to support your workload when + // replacing instances. Value range is 0 to 100. After it's set, a value of + // -1 will clear the previously set value. + MinHealthyPercentage *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceMaintenancePolicy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceMaintenancePolicy) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *InstanceMaintenancePolicy) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "InstanceMaintenancePolicy"} + if s.MaxHealthyPercentage != nil && *s.MaxHealthyPercentage < -1 { + invalidParams.Add(request.NewErrParamMinValue("MaxHealthyPercentage", -1)) + } + if s.MinHealthyPercentage != nil && *s.MinHealthyPercentage < -1 { + invalidParams.Add(request.NewErrParamMinValue("MinHealthyPercentage", -1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxHealthyPercentage sets the MaxHealthyPercentage field's value. +func (s *InstanceMaintenancePolicy) SetMaxHealthyPercentage(v int64) *InstanceMaintenancePolicy { + s.MaxHealthyPercentage = &v + return s +} + +// SetMinHealthyPercentage sets the MinHealthyPercentage field's value. +func (s *InstanceMaintenancePolicy) SetMinHealthyPercentage(v int64) *InstanceMaintenancePolicy { + s.MinHealthyPercentage = &v + return s +} + // The metadata options for the instances. For more information, see Configuring // the Instance Metadata Options (https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-config.html#launch-configurations-imds) // in the Amazon EC2 Auto Scaling User Guide. @@ -18014,7 +18369,7 @@ type PutScalingPolicyInput struct { // The amount by which to scale, based on the specified adjustment type. A positive // value adds to the current capacity while a negative number removes from the - // current capacity. For exact capacity, you must specify a positive value. + // current capacity. For exact capacity, you must specify a non-negative value. // // Required if the policy type is SimpleScaling. (Not used with any other policy // type.) @@ -18687,8 +19042,13 @@ func (s RecordLifecycleActionHeartbeatOutput) GoString() string { type RefreshPreferences struct { _ struct{} `type:"structure"` + // (Optional) The CloudWatch alarm specification. CloudWatch alarms can be used + // to identify any issues and fail the operation if an alarm threshold is met. + AlarmSpecification *AlarmSpecification `type:"structure"` + // (Optional) Indicates whether to roll back the Auto Scaling group to its previous - // configuration if the instance refresh fails. The default is false. + // configuration if the instance refresh fails or a CloudWatch alarm threshold + // is met. The default is false. // // A rollback is not supported in the following situations: // @@ -18700,6 +19060,9 @@ type RefreshPreferences struct { // // * The Auto Scaling group uses the launch template's $Latest or $Default // version. + // + // For more information, see Undo changes with a rollback (https://docs.aws.amazon.com/autoscaling/ec2/userguide/instance-refresh-rollback.html) + // in the Amazon EC2 Auto Scaling User Guide. AutoRollback *bool `type:"boolean"` // (Optional) The amount of time, in seconds, to wait after a checkpoint before @@ -18731,14 +19094,26 @@ type RefreshPreferences struct { // in all cases), or the HealthCheckGracePeriod property otherwise. InstanceWarmup *int64 `type:"integer"` - // The amount of capacity in the Auto Scaling group that must pass your group's - // health checks to allow the operation to continue. The value is expressed - // as a percentage of the desired capacity of the Auto Scaling group (rounded - // up to the nearest integer). The default is 90. + // Specifies the maximum percentage of the group that can be in service and + // healthy, or pending, to support your workload when replacing instances. The + // value is expressed as a percentage of the desired capacity of the Auto Scaling + // group. Value range is 100 to 200. // - // Setting the minimum healthy percentage to 100 percent limits the rate of - // replacement to one instance at a time. In contrast, setting it to 0 percent - // has the effect of replacing all instances at the same time. + // If you specify MaxHealthyPercentage, you must also specify MinHealthyPercentage, + // and the difference between them cannot be greater than 100. A larger range + // increases the number of instances that can be replaced at the same time. + // + // If you do not specify this property, the default is 100 percent, or the percentage + // set in the instance maintenance policy for the Auto Scaling group, if defined. + MaxHealthyPercentage *int64 `min:"100" type:"integer"` + + // Specifies the minimum percentage of the group to keep in service, healthy, + // and ready to use to support your workload to allow the operation to continue. + // The value is expressed as a percentage of the desired capacity of the Auto + // Scaling group. Value range is 0 to 100. + // + // If you do not specify this property, the default is 90 percent, or the percentage + // set in the instance maintenance policy for the Auto Scaling group, if defined. MinHealthyPercentage *int64 `type:"integer"` // Choose the behavior that you want Amazon EC2 Auto Scaling to use if instances @@ -18812,6 +19187,25 @@ func (s RefreshPreferences) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *RefreshPreferences) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RefreshPreferences"} + if s.MaxHealthyPercentage != nil && *s.MaxHealthyPercentage < 100 { + invalidParams.Add(request.NewErrParamMinValue("MaxHealthyPercentage", 100)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAlarmSpecification sets the AlarmSpecification field's value. +func (s *RefreshPreferences) SetAlarmSpecification(v *AlarmSpecification) *RefreshPreferences { + s.AlarmSpecification = v + return s +} + // SetAutoRollback sets the AutoRollback field's value. func (s *RefreshPreferences) SetAutoRollback(v bool) *RefreshPreferences { s.AutoRollback = &v @@ -18836,6 +19230,12 @@ func (s *RefreshPreferences) SetInstanceWarmup(v int64) *RefreshPreferences { return s } +// SetMaxHealthyPercentage sets the MaxHealthyPercentage field's value. +func (s *RefreshPreferences) SetMaxHealthyPercentage(v int64) *RefreshPreferences { + s.MaxHealthyPercentage = &v + return s +} + // SetMinHealthyPercentage sets the MinHealthyPercentage field's value. func (s *RefreshPreferences) SetMinHealthyPercentage(v int64) *RefreshPreferences { s.MinHealthyPercentage = &v @@ -18957,7 +19357,9 @@ type RollbackInstanceRefreshInput struct { _ struct{} `type:"structure"` // The name of the Auto Scaling group. - AutoScalingGroupName *string `min:"1" type:"string"` + // + // AutoScalingGroupName is a required field + AutoScalingGroupName *string `min:"1" type:"string" required:"true"` } // String returns the string representation. @@ -18981,6 +19383,9 @@ func (s RollbackInstanceRefreshInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *RollbackInstanceRefreshInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "RollbackInstanceRefreshInput"} + if s.AutoScalingGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("AutoScalingGroupName")) + } if s.AutoScalingGroupName != nil && len(*s.AutoScalingGroupName) < 1 { invalidParams.Add(request.NewErrParamMinLen("AutoScalingGroupName", 1)) } @@ -19890,15 +20295,18 @@ type StartInstanceRefreshInput struct { DesiredConfiguration *DesiredConfiguration `type:"structure"` // Sets your preferences for the instance refresh so that it performs as expected - // when you start it. Includes the instance warmup time, the minimum healthy - // percentage, and the behaviors that you want Amazon EC2 Auto Scaling to use - // if instances that are in Standby state or protected from scale in are found. - // You can also choose to enable additional features, such as the following: + // when you start it. Includes the instance warmup time, the minimum and maximum + // healthy percentages, and the behaviors that you want Amazon EC2 Auto Scaling + // to use if instances that are in Standby state or protected from scale in + // are found. You can also choose to enable additional features, such as the + // following: // // * Auto rollback // // * Checkpoints // + // * CloudWatch alarms + // // * Skip matching Preferences *RefreshPreferences `type:"structure"` @@ -19938,6 +20346,11 @@ func (s *StartInstanceRefreshInput) Validate() error { invalidParams.AddNested("DesiredConfiguration", err.(request.ErrInvalidParams)) } } + if s.Preferences != nil { + if err := s.Preferences.Validate(); err != nil { + invalidParams.AddNested("Preferences", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -20052,12 +20465,7 @@ type StepAdjustment struct { // The amount by which to scale, based on the specified adjustment type. A positive // value adds to the current capacity while a negative number removes from the - // current capacity. - // - // The amount by which to scale. The adjustment is based on the value that you - // specified in the AdjustmentType property (either an absolute number or a - // percentage). A positive value adds to the current capacity and a negative - // number subtracts from the current capacity. + // current capacity. For exact capacity, you must specify a non-negative value. // // ScalingAdjustment is a required field ScalingAdjustment *int64 `type:"integer" required:"true"` @@ -21049,6 +21457,11 @@ type UpdateAutoScalingGroupInput struct { // Only specify EC2 if you must clear a value that was previously set. HealthCheckType *string `min:"1" type:"string"` + // An instance maintenance policy. For more information, see Set instance maintenance + // policy (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html) + // in the Amazon EC2 Auto Scaling User Guide. + InstanceMaintenancePolicy *InstanceMaintenancePolicy `type:"structure"` + // The name of the launch configuration. If you specify LaunchConfigurationName // in your update request, you can't specify LaunchTemplate or MixedInstancesPolicy. LaunchConfigurationName *string `min:"1" type:"string"` @@ -21166,6 +21579,11 @@ func (s *UpdateAutoScalingGroupInput) Validate() error { if s.VPCZoneIdentifier != nil && len(*s.VPCZoneIdentifier) < 1 { invalidParams.Add(request.NewErrParamMinLen("VPCZoneIdentifier", 1)) } + if s.InstanceMaintenancePolicy != nil { + if err := s.InstanceMaintenancePolicy.Validate(); err != nil { + invalidParams.AddNested("InstanceMaintenancePolicy", err.(request.ErrInvalidParams)) + } + } if s.LaunchTemplate != nil { if err := s.LaunchTemplate.Validate(); err != nil { invalidParams.AddNested("LaunchTemplate", err.(request.ErrInvalidParams)) @@ -21243,6 +21661,12 @@ func (s *UpdateAutoScalingGroupInput) SetHealthCheckType(v string) *UpdateAutoSc return s } +// SetInstanceMaintenancePolicy sets the InstanceMaintenancePolicy field's value. +func (s *UpdateAutoScalingGroupInput) SetInstanceMaintenancePolicy(v *InstanceMaintenancePolicy) *UpdateAutoScalingGroupInput { + s.InstanceMaintenancePolicy = v + return s +} + // SetLaunchConfigurationName sets the LaunchConfigurationName field's value. func (s *UpdateAutoScalingGroupInput) SetLaunchConfigurationName(v string) *UpdateAutoScalingGroupInput { s.LaunchConfigurationName = &v diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface/interface.go index e956b01354238..647f043778e01 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface/interface.go @@ -166,6 +166,9 @@ type AutoScalingAPI interface { DescribeInstanceRefreshesWithContext(aws.Context, *autoscaling.DescribeInstanceRefreshesInput, ...request.Option) (*autoscaling.DescribeInstanceRefreshesOutput, error) DescribeInstanceRefreshesRequest(*autoscaling.DescribeInstanceRefreshesInput) (*request.Request, *autoscaling.DescribeInstanceRefreshesOutput) + DescribeInstanceRefreshesPages(*autoscaling.DescribeInstanceRefreshesInput, func(*autoscaling.DescribeInstanceRefreshesOutput, bool) bool) error + DescribeInstanceRefreshesPagesWithContext(aws.Context, *autoscaling.DescribeInstanceRefreshesInput, func(*autoscaling.DescribeInstanceRefreshesOutput, bool) bool, ...request.Option) error + DescribeLaunchConfigurations(*autoscaling.DescribeLaunchConfigurationsInput) (*autoscaling.DescribeLaunchConfigurationsOutput, error) DescribeLaunchConfigurationsWithContext(aws.Context, *autoscaling.DescribeLaunchConfigurationsInput, ...request.Option) (*autoscaling.DescribeLaunchConfigurationsOutput, error) DescribeLaunchConfigurationsRequest(*autoscaling.DescribeLaunchConfigurationsInput) (*request.Request, *autoscaling.DescribeLaunchConfigurationsOutput) @@ -185,10 +188,16 @@ type AutoScalingAPI interface { DescribeLoadBalancerTargetGroupsWithContext(aws.Context, *autoscaling.DescribeLoadBalancerTargetGroupsInput, ...request.Option) (*autoscaling.DescribeLoadBalancerTargetGroupsOutput, error) DescribeLoadBalancerTargetGroupsRequest(*autoscaling.DescribeLoadBalancerTargetGroupsInput) (*request.Request, *autoscaling.DescribeLoadBalancerTargetGroupsOutput) + DescribeLoadBalancerTargetGroupsPages(*autoscaling.DescribeLoadBalancerTargetGroupsInput, func(*autoscaling.DescribeLoadBalancerTargetGroupsOutput, bool) bool) error + DescribeLoadBalancerTargetGroupsPagesWithContext(aws.Context, *autoscaling.DescribeLoadBalancerTargetGroupsInput, func(*autoscaling.DescribeLoadBalancerTargetGroupsOutput, bool) bool, ...request.Option) error + DescribeLoadBalancers(*autoscaling.DescribeLoadBalancersInput) (*autoscaling.DescribeLoadBalancersOutput, error) DescribeLoadBalancersWithContext(aws.Context, *autoscaling.DescribeLoadBalancersInput, ...request.Option) (*autoscaling.DescribeLoadBalancersOutput, error) DescribeLoadBalancersRequest(*autoscaling.DescribeLoadBalancersInput) (*request.Request, *autoscaling.DescribeLoadBalancersOutput) + DescribeLoadBalancersPages(*autoscaling.DescribeLoadBalancersInput, func(*autoscaling.DescribeLoadBalancersOutput, bool) bool) error + DescribeLoadBalancersPagesWithContext(aws.Context, *autoscaling.DescribeLoadBalancersInput, func(*autoscaling.DescribeLoadBalancersOutput, bool) bool, ...request.Option) error + DescribeMetricCollectionTypes(*autoscaling.DescribeMetricCollectionTypesInput) (*autoscaling.DescribeMetricCollectionTypesOutput, error) DescribeMetricCollectionTypesWithContext(aws.Context, *autoscaling.DescribeMetricCollectionTypesInput, ...request.Option) (*autoscaling.DescribeMetricCollectionTypesOutput, error) DescribeMetricCollectionTypesRequest(*autoscaling.DescribeMetricCollectionTypesInput) (*request.Request, *autoscaling.DescribeMetricCollectionTypesOutput) @@ -247,6 +256,9 @@ type AutoScalingAPI interface { DescribeWarmPoolWithContext(aws.Context, *autoscaling.DescribeWarmPoolInput, ...request.Option) (*autoscaling.DescribeWarmPoolOutput, error) DescribeWarmPoolRequest(*autoscaling.DescribeWarmPoolInput) (*request.Request, *autoscaling.DescribeWarmPoolOutput) + DescribeWarmPoolPages(*autoscaling.DescribeWarmPoolInput, func(*autoscaling.DescribeWarmPoolOutput, bool) bool) error + DescribeWarmPoolPagesWithContext(aws.Context, *autoscaling.DescribeWarmPoolInput, func(*autoscaling.DescribeWarmPoolOutput, bool) bool, ...request.Option) error + DetachInstances(*autoscaling.DetachInstancesInput) (*autoscaling.DetachInstancesOutput, error) DetachInstancesWithContext(aws.Context, *autoscaling.DetachInstancesInput, ...request.Option) (*autoscaling.DetachInstancesOutput, error) DetachInstancesRequest(*autoscaling.DetachInstancesInput) (*request.Request, *autoscaling.DetachInstancesOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index cc3b557600354..3ec976ab4e9ae 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -1187,7 +1187,7 @@ func (c *EC2) AssignPrivateNatGatewayAddressRequest(input *AssignPrivateNatGatew // // Assigns one or more private IPv4 addresses to a private NAT gateway. For // more information, see Work with NAT gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-working-with) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1447,7 +1447,7 @@ func (c *EC2) AssociateDhcpOptionsRequest(input *AssociateDhcpOptionsInput) (req // on the instance. // // For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1720,6 +1720,86 @@ func (c *EC2) AssociateInstanceEventWindowWithContext(ctx aws.Context, input *As return out, req.Send() } +const opAssociateIpamByoasn = "AssociateIpamByoasn" + +// AssociateIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the AssociateIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateIpamByoasn for more information on using the AssociateIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the AssociateIpamByoasnRequest method. +// req, resp := client.AssociateIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateIpamByoasn +func (c *EC2) AssociateIpamByoasnRequest(input *AssociateIpamByoasnInput) (req *request.Request, output *AssociateIpamByoasnOutput) { + op := &request.Operation{ + Name: opAssociateIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AssociateIpamByoasnInput{} + } + + output = &AssociateIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// AssociateIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Associates your Autonomous System Number (ASN) with a BYOIP CIDR that you +// own in the same Amazon Web Services Region. For more information, see Tutorial: +// Bring your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// After the association succeeds, the ASN is eligible for advertisement. You +// can view the association with DescribeByoipCidrs (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeByoipCidrs.html). +// You can advertise the CIDR with AdvertiseByoipCidr (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AdvertiseByoipCidr.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AssociateIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateIpamByoasn +func (c *EC2) AssociateIpamByoasn(input *AssociateIpamByoasnInput) (*AssociateIpamByoasnOutput, error) { + req, out := c.AssociateIpamByoasnRequest(input) + return out, req.Send() +} + +// AssociateIpamByoasnWithContext is the same as AssociateIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AssociateIpamByoasnWithContext(ctx aws.Context, input *AssociateIpamByoasnInput, opts ...request.Option) (*AssociateIpamByoasnOutput, error) { + req, out := c.AssociateIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAssociateIpamResourceDiscovery = "AssociateIpamResourceDiscovery" // AssociateIpamResourceDiscoveryRequest generates a "aws/request.Request" representing the @@ -1840,12 +1920,22 @@ func (c *EC2) AssociateNatGatewayAddressRequest(input *AssociateNatGatewayAddres // // Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a // public NAT gateway. For more information, see Work with NAT gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-working-with) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // By default, you can associate up to 2 Elastic IP addresses per public NAT // gateway. You can increase the limit by requesting a quota adjustment. For // more information, see Elastic IP address quotas (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-eips) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. +// +// When you associate an EIP or secondary EIPs with a public NAT gateway, the +// network border group of the EIPs must match the network border group of the +// Availability Zone (AZ) that the public NAT gateway is in. If it's not the +// same, the EIP will fail to associate. You can see the network border group +// for the subnet's AZ by viewing the details of the subnet. Similarly, you +// can view the network border group of an EIP by viewing the details of the +// EIP address. For more information about network border groups and EIPs, see +// Allocate an Elastic IP address (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#allocate-eip) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1926,7 +2016,7 @@ func (c *EC2) AssociateRouteTableRequest(input *AssociateRouteTableInput) (req * // with multiple subnets. // // For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2000,8 +2090,7 @@ func (c *EC2) AssociateSubnetCidrBlockRequest(input *AssociateSubnetCidrBlockInp // AssociateSubnetCidrBlock API operation for Amazon Elastic Compute Cloud. // // Associates a CIDR block with your subnet. You can only associate a single -// IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length -// of /64. +// IPv6 CIDR block with your subnet. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2300,9 +2389,6 @@ func (c *EC2) AssociateTrunkInterfaceRequest(input *AssociateTrunkInterfaceInput // AssociateTrunkInterface API operation for Amazon Elastic Compute Cloud. // -// This API action is currently in limited preview only. If you are interested -// in using this feature, contact your account manager. -// // Associates a branch network interface with a trunk network interface. // // Before you create the association, run the create-network-interface (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) @@ -2385,14 +2471,13 @@ func (c *EC2) AssociateVpcCidrBlockRequest(input *AssociateVpcCidrBlockInput) (r // CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from // an IPv6 address pool that you provisioned through bring your own IP addresses // (BYOIP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). -// The IPv6 CIDR block size is fixed at /56. // // You must specify one of the following in the request: an IPv4 CIDR block, // an IPv6 pool, or an Amazon-provided IPv6 CIDR block. // // For more information about associating CIDR blocks with your VPC and applicable -// restrictions, see VPC and subnet sizing (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing) -// in the Amazon Virtual Private Cloud User Guide. +// restrictions, see IP addressing for your VPCs and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2465,12 +2550,10 @@ func (c *EC2) AttachClassicLinkVpcRequest(input *AttachClassicLinkVpcInput) (req // AttachClassicLinkVpc API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or -// more of the VPC's security groups. You cannot link an EC2-Classic instance +// more of the VPC security groups. You cannot link an EC2-Classic instance // to more than one VPC at a time. You can only link an instance that's in the // running state. An instance is automatically unlinked from a VPC when it's // stopped - you can link it to the VPC again when you restart it. @@ -2555,9 +2638,9 @@ func (c *EC2) AttachInternetGatewayRequest(input *AttachInternetGatewayInput) (r // AttachInternetGateway API operation for Amazon Elastic Compute Cloud. // // Attaches an internet gateway or a virtual private gateway to a VPC, enabling -// connectivity between the internet and the VPC. For more information about -// your VPC and internet gateway, see the Amazon Virtual Private Cloud User -// Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). +// connectivity between the internet and the VPC. For more information, see +// Internet gateways (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3027,8 +3110,8 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // AuthorizeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Adds the specified outbound (egress) rules to a security group -// for use with a VPC. +// Adds the specified outbound (egress) rules to a security group for use with +// a VPC. // // An outbound rule permits instances to send traffic to the specified IPv4 // or IPv6 CIDR address ranges, or to the instances that are associated with @@ -3046,6 +3129,11 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // // For information about VPC security group quotas, see Amazon VPC quotas (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // +// If you want to reference a security group across VPCs attached to a transit +// gateway using the security group referencing feature (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw), +// note that you can only reference security groups for ingress rules. You cannot +// reference a security group for egress rules. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3136,10 +3224,6 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup // For more information about VPC security group quotas, see Amazon VPC quotas // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5042,9 +5126,9 @@ func (c *EC2) CreateDefaultSubnetRequest(input *CreateDefaultSubnetInput) (req * // // Creates a default subnet with a size /20 IPv4 CIDR block in the specified // Availability Zone in your default VPC. You can have only one default subnet -// per Availability Zone. For more information, see Creating a default subnet +// per Availability Zone. For more information, see Create a default subnet // (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5119,22 +5203,13 @@ func (c *EC2) CreateDefaultVpcRequest(input *CreateDefaultVpcInput) (req *reques // // Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet // in each Availability Zone. For more information about the components of a -// default VPC, see Default VPC and default subnets (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) -// in the Amazon Virtual Private Cloud User Guide. You cannot specify the components -// of the default VPC yourself. +// default VPC, see Default VPCs (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) +// in the Amazon VPC User Guide. You cannot specify the components of the default +// VPC yourself. // // If you deleted your previous default VPC, you can create a default VPC. You // cannot have more than one default VPC per Region. // -// If your account supports EC2-Classic, you cannot use this action to create -// a default VPC in a Region that supports EC2-Classic. If you want a default -// VPC in a Region that supports EC2-Classic, see "I really want a default VPC -// for my existing EC2 account. Is that possible?" in the Default VPCs FAQ (http://aws.amazon.com/vpc/faqs/#Default_VPCs). -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5244,7 +5319,7 @@ func (c *EC2) CreateDhcpOptionsRequest(input *CreateDhcpOptionsInput) (req *requ // of options, and if your VPC has an internet gateway, make sure to set the // domain-name-servers option either to AmazonProvidedDNS or to a domain name // server of your choice. For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5646,16 +5721,6 @@ func (c *EC2) CreateImageRequest(input *CreateImageInput) (req *request.Request, // Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that // is either running or stopped. // -// By default, when Amazon EC2 creates the new AMI, it reboots the instance -// so that it can take snapshots of the attached volumes while data is at rest, -// in order to ensure a consistent state. You can set the NoReboot parameter -// to true in the API request, or use the --no-reboot option in the CLI to prevent -// Amazon EC2 from shutting down and rebooting the instance. -// -// If you choose to bypass the shutdown and reboot process by setting the NoReboot -// parameter to true in the API request, or by using the --no-reboot option -// in the CLI, we can't guarantee the file system integrity of the created image. -// // If you customized your instance with instance store volumes or Amazon EBS // volumes in addition to the root device volume, the new AMI contains block // device mapping information for those volumes. When you launch an instance @@ -5738,9 +5803,9 @@ func (c *EC2) CreateInstanceConnectEndpointRequest(input *CreateInstanceConnectE // // Creates an EC2 Instance Connect Endpoint. // -// An EC2 Instance Connect Endpoint allows you to connect to a resource, without -// requiring the resource to have a public IPv4 address. For more information, -// see Connect to your resources without requiring a public IPv4 address using +// An EC2 Instance Connect Endpoint allows you to connect to an instance, without +// requiring the instance to have a public IPv4 address. For more information, +// see Connect to your instances without requiring a public IPv4 address using // EC2 Instance Connect Endpoint (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html) // in the Amazon EC2 User Guide. // @@ -5913,10 +5978,11 @@ func (c *EC2) CreateInstanceExportTaskRequest(input *CreateInstanceExportTaskInp // // Exports a running or stopped instance to an Amazon S3 bucket. // -// For information about the supported operating systems, image formats, and -// known limitations for the types of instances you can export, see Exporting -// an instance as a VM Using VM Import/Export (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) -// in the VM Import/Export User Guide. +// For information about the prerequisites for your Amazon S3 bucket, supported +// operating systems, image formats, and known limitations for the types of +// instances you can export, see Exporting an instance as a VM Using VM Import/Export +// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) in +// the VM Import/Export User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5992,8 +6058,8 @@ func (c *EC2) CreateInternetGatewayRequest(input *CreateInternetGatewayInput) (r // Creates an internet gateway for use with a VPC. After creating the internet // gateway, you attach it to a VPC using AttachInternetGateway. // -// For more information about your VPC and internet gateway, see the Amazon -// Virtual Private Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). +// For more information, see Internet gateways (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7025,7 +7091,17 @@ func (c *EC2) CreateNatGatewayRequest(input *CreateNatGatewayInput) (req *reques // overlapping networks. // // For more information, see NAT gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. +// +// When you create a public NAT gateway and assign it an EIP or secondary EIPs, +// the network border group of the EIPs must match the network border group +// of the Availability Zone (AZ) that the public NAT gateway is in. If it's +// not the same, the NAT gateway will fail to launch. You can see the network +// border group for the subnet's AZ by viewing the details of the subnet. Similarly, +// you can view the network border group of an EIP by viewing the details of +// the EIP address. For more information about network border groups and EIPs, +// see Allocate an Elastic IP address (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#allocate-eip) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7101,8 +7177,8 @@ func (c *EC2) CreateNetworkAclRequest(input *CreateNetworkAclInput) (req *reques // Creates a network ACL in a VPC. Network ACLs provide an optional layer of // security (in addition to security groups) for the instances in your VPC. // -// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7191,8 +7267,8 @@ func (c *EC2) CreateNetworkAclEntryRequest(input *CreateNetworkAclEntryInput) (r // After you add an entry, you can't modify it; you must either replace it, // or create an entry and delete the old one. // -// For more information about network ACLs, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information about network ACLs, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8013,7 +8089,7 @@ func (c *EC2) CreateRouteRequest(input *CreateRouteInput) (req *request.Request, // more specific, so we use that route to determine where to target the traffic. // // For more information about route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8090,7 +8166,7 @@ func (c *EC2) CreateRouteTableRequest(input *CreateRouteTableInput) (req *reques // you can add routes and associate the table with a subnet. // // For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8173,16 +8249,13 @@ func (c *EC2) CreateSecurityGroupRequest(input *CreateSecurityGroupInput) (req * // in the Amazon Virtual Private Cloud User Guide. // // When you create a security group, you specify a friendly name of your choice. -// You can have a security group for use in EC2-Classic with the same name as -// a security group for use in a VPC. However, you can't have two security groups -// for use in EC2-Classic with the same name or two security groups for use -// in a VPC with the same name. +// You can't have two security groups for the same VPC with the same name. // -// You have a default security group for use in EC2-Classic and a default security -// group for use in your VPC. If you don't specify a security group when you -// launch an instance, the instance is launched into the appropriate default -// security group. A default security group includes a default rule that grants -// instances unrestricted network access to each other. +// You have a default security group for use in your VPC. If you don't specify +// a security group when you launch an instance, the instance is launched into +// the appropriate default security group. A default security group includes +// a default rule that grants instances unrestricted network access to each +// other. // // You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, // AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress. @@ -8190,10 +8263,6 @@ func (c *EC2) CreateSecurityGroupRequest(input *CreateSecurityGroupInput) (req * // For more information about VPC security group limits, see Amazon VPC Limits // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8632,8 +8701,7 @@ func (c *EC2) CreateSubnetRequest(input *CreateSubnetInput) (req *request.Reques // not available for your use. // // If you've associated an IPv6 CIDR block with your VPC, you can associate -// an IPv6 CIDR block with a subnet when you create it. The allowed block size -// for an IPv6 subnet is a /64 netmask. +// an IPv6 CIDR block with a subnet when you create it. // // If you add more than one subnet to a VPC, they're set up in a star topology // with a logical router in the middle. @@ -8643,7 +8711,7 @@ func (c *EC2) CreateSubnetRequest(input *CreateSubnetInput) (req *request.Reques // all stopped), but no remaining IP addresses available. // // For more information, see Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8716,9 +8784,11 @@ func (c *EC2) CreateSubnetCidrReservationRequest(input *CreateSubnetCidrReservat // CreateSubnetCidrReservation API operation for Amazon Elastic Compute Cloud. // -// Creates a subnet CIDR reservation. For information about subnet CIDR reservations, -// see Subnet CIDR reservations (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html) -// in the Amazon Virtual Private Cloud User Guide. +// Creates a subnet CIDR reservation. For more information, see Subnet CIDR +// reservations (https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html) +// in the Amazon Virtual Private Cloud User Guide and Assign prefixes to network +// interfaces (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) +// in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10446,24 +10516,24 @@ func (c *EC2) CreateVpcRequest(input *CreateVpcInput) (req *request.Request, out // CreateVpc API operation for Amazon Elastic Compute Cloud. // -// Creates a VPC with the specified CIDR blocks. For more information, see VPC -// CIDR blocks (https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html#vpc-cidr-blocks) -// in the Amazon Virtual Private Cloud User Guide. +// Creates a VPC with the specified CIDR blocks. For more information, see IP +// addressing for your VPCs and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html) +// in the Amazon VPC User Guide. // // You can optionally request an IPv6 CIDR block for the VPC. You can request -// an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, -// or an IPv6 CIDR block from an IPv6 address pool that you provisioned through +// an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses or +// an IPv6 CIDR block from an IPv6 address pool that you provisioned through // bring your own IP addresses (BYOIP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). // // By default, each instance that you launch in the VPC has the default DHCP // options, which include only a default DNS server that we provide (AmazonProvidedDNS). // For more information, see DHCP option sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // You can specify the instance tenancy value for the VPC when you create it. // You can't change this value for the VPC after you create it. For more information, // see Dedicated Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10536,11 +10606,11 @@ func (c *EC2) CreateVpcEndpointRequest(input *CreateVpcEndpointInput) (req *requ // CreateVpcEndpoint API operation for Amazon Elastic Compute Cloud. // -// Creates a VPC endpoint for a specified service. An endpoint enables you to -// create a private connection between your VPC and the service. The service -// may be provided by Amazon Web Services, an Amazon Web Services Marketplace +// Creates a VPC endpoint. A VPC endpoint provides a private connection between +// the specified VPC and the specified endpoint service. You can use an endpoint +// service provided by Amazon Web Services, an Amazon Web Services Marketplace // Partner, or another Amazon Web Services account. For more information, see -// the Amazon Web Services PrivateLink Guide (https://docs.aws.amazon.com/vpc/latest/privatelink/). +// the Amazon Web Services PrivateLink User Guide (https://docs.aws.amazon.com/vpc/latest/privatelink/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12487,7 +12557,6 @@ func (c *EC2) DeleteKeyPairRequest(input *DeleteKeyPairInput) (req *request.Requ output = &DeleteKeyPairOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -12640,10 +12709,19 @@ func (c *EC2) DeleteLaunchTemplateVersionsRequest(input *DeleteLaunchTemplateVer // DeleteLaunchTemplateVersions API operation for Amazon Elastic Compute Cloud. // -// Deletes one or more versions of a launch template. You cannot delete the -// default version of a launch template; you must first assign a different version -// as the default. If the default version is the only version for the launch -// template, you must delete the entire launch template using DeleteLaunchTemplate. +// Deletes one or more versions of a launch template. +// +// You can't delete the default version of a launch template; you must first +// assign a different version as the default. If the default version is the +// only version for the launch template, you must delete the entire launch template +// using DeleteLaunchTemplate. +// +// You can delete up to 200 launch template versions in a single request. To +// delete more than 200 versions in a single request, use DeleteLaunchTemplate, +// which deletes the launch template and all of its versions. +// +// For more information, see Delete a launch template version (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-launch-template-versions.html#delete-launch-template-version) +// in the EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14130,13 +14208,9 @@ func (c *EC2) DeleteSecurityGroupRequest(input *DeleteSecurityGroupInput) (req * // // Deletes a security group. // -// If you attempt to delete a security group that is associated with an instance, -// or is referenced by another security group, the operation fails with InvalidGroup.InUse -// in EC2-Classic or DependencyViolation in EC2-VPC. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// If you attempt to delete a security group that is associated with an instance +// or network interface or is referenced by another security group, the operation +// fails with DependencyViolation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16079,7 +16153,9 @@ func (c *EC2) DeleteVpcRequest(input *DeleteVpcInput) (req *request.Request, out // that are associated with the VPC before you can delete it. For example, you // must terminate all instances running in the VPC, delete all security groups // associated with the VPC (except the default one), delete all route tables -// associated with the VPC (except the default one), and so on. +// associated with the VPC (except the default one), and so on. When you delete +// the VPC, it deletes the VPC's default security group, network ACL, and route +// table. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16387,7 +16463,7 @@ func (c *EC2) DeleteVpcPeeringConnectionRequest(input *DeleteVpcPeeringConnectio // the owner of the accepter VPC can delete the VPC peering connection if it's // in the active state. The owner of the requester VPC can delete a VPC peering // connection in the pending-acceptance state. You cannot delete a VPC peering -// connection that's in the failed state. +// connection that's in the failed or rejected state. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16737,6 +16813,84 @@ func (c *EC2) DeprovisionByoipCidrWithContext(ctx aws.Context, input *Deprovisio return out, req.Send() } +const opDeprovisionIpamByoasn = "DeprovisionIpamByoasn" + +// DeprovisionIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the DeprovisionIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeprovisionIpamByoasn for more information on using the DeprovisionIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeprovisionIpamByoasnRequest method. +// req, resp := client.DeprovisionIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeprovisionIpamByoasn +func (c *EC2) DeprovisionIpamByoasnRequest(input *DeprovisionIpamByoasnInput) (req *request.Request, output *DeprovisionIpamByoasnOutput) { + op := &request.Operation{ + Name: opDeprovisionIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeprovisionIpamByoasnInput{} + } + + output = &DeprovisionIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeprovisionIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Deprovisions your Autonomous System Number (ASN) from your Amazon Web Services +// account. This action can only be called after any BYOIP CIDR associations +// are removed from your Amazon Web Services account with DisassociateIpamByoasn +// (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIpamByoasn.html). +// For more information, see Tutorial: Bring your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeprovisionIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeprovisionIpamByoasn +func (c *EC2) DeprovisionIpamByoasn(input *DeprovisionIpamByoasnInput) (*DeprovisionIpamByoasnOutput, error) { + req, out := c.DeprovisionIpamByoasnRequest(input) + return out, req.Send() +} + +// DeprovisionIpamByoasnWithContext is the same as DeprovisionIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See DeprovisionIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeprovisionIpamByoasnWithContext(ctx aws.Context, input *DeprovisionIpamByoasnInput, opts ...request.Option) (*DeprovisionIpamByoasnOutput, error) { + req, out := c.DeprovisionIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeprovisionIpamPoolCidr = "DeprovisionIpamPoolCidr" // DeprovisionIpamPoolCidrRequest generates a "aws/request.Request" representing the @@ -18141,6 +18295,137 @@ func (c *EC2) DescribeByoipCidrsPagesWithContext(ctx aws.Context, input *Describ return p.Err() } +const opDescribeCapacityBlockOfferings = "DescribeCapacityBlockOfferings" + +// DescribeCapacityBlockOfferingsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeCapacityBlockOfferings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeCapacityBlockOfferings for more information on using the DescribeCapacityBlockOfferings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeCapacityBlockOfferingsRequest method. +// req, resp := client.DescribeCapacityBlockOfferingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeCapacityBlockOfferings +func (c *EC2) DescribeCapacityBlockOfferingsRequest(input *DescribeCapacityBlockOfferingsInput) (req *request.Request, output *DescribeCapacityBlockOfferingsOutput) { + op := &request.Operation{ + Name: opDescribeCapacityBlockOfferings, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeCapacityBlockOfferingsInput{} + } + + output = &DescribeCapacityBlockOfferingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeCapacityBlockOfferings API operation for Amazon Elastic Compute Cloud. +// +// Describes Capacity Block offerings available for purchase. With Capacity +// Blocks, you purchase a specific instance type for a period of time. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeCapacityBlockOfferings for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeCapacityBlockOfferings +func (c *EC2) DescribeCapacityBlockOfferings(input *DescribeCapacityBlockOfferingsInput) (*DescribeCapacityBlockOfferingsOutput, error) { + req, out := c.DescribeCapacityBlockOfferingsRequest(input) + return out, req.Send() +} + +// DescribeCapacityBlockOfferingsWithContext is the same as DescribeCapacityBlockOfferings with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeCapacityBlockOfferings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeCapacityBlockOfferingsWithContext(ctx aws.Context, input *DescribeCapacityBlockOfferingsInput, opts ...request.Option) (*DescribeCapacityBlockOfferingsOutput, error) { + req, out := c.DescribeCapacityBlockOfferingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeCapacityBlockOfferingsPages iterates over the pages of a DescribeCapacityBlockOfferings operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeCapacityBlockOfferings method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeCapacityBlockOfferings operation. +// pageNum := 0 +// err := client.DescribeCapacityBlockOfferingsPages(params, +// func(page *ec2.DescribeCapacityBlockOfferingsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeCapacityBlockOfferingsPages(input *DescribeCapacityBlockOfferingsInput, fn func(*DescribeCapacityBlockOfferingsOutput, bool) bool) error { + return c.DescribeCapacityBlockOfferingsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeCapacityBlockOfferingsPagesWithContext same as DescribeCapacityBlockOfferingsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeCapacityBlockOfferingsPagesWithContext(ctx aws.Context, input *DescribeCapacityBlockOfferingsInput, fn func(*DescribeCapacityBlockOfferingsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeCapacityBlockOfferingsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeCapacityBlockOfferingsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeCapacityBlockOfferingsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeCapacityReservationFleets = "DescribeCapacityReservationFleets" // DescribeCapacityReservationFleetsRequest generates a "aws/request.Request" representing the @@ -18582,15 +18867,13 @@ func (c *EC2) DescribeClassicLinkInstancesRequest(input *DescribeClassicLinkInst // DescribeClassicLinkInstances API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Describes one or more of your linked EC2-Classic instances. This request // only returns information about EC2-Classic instances linked to a VPC through // ClassicLink. You cannot use this request to return information about other // instances. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -19657,7 +19940,7 @@ func (c *EC2) DescribeDhcpOptionsRequest(input *DescribeDhcpOptionsInput) (req * // Describes one or more of your DHCP options sets. // // For more information, see DHCP options sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -20196,7 +20479,7 @@ func (c *EC2) DescribeFastLaunchImagesRequest(input *DescribeFastLaunchImagesInp // DescribeFastLaunchImages API operation for Amazon Elastic Compute Cloud. // -// Describe details for Windows AMIs that are configured for faster launching. +// Describe details for Windows AMIs that are configured for Windows fast launch. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -22949,6 +23232,151 @@ func (c *EC2) DescribeInstanceStatusPagesWithContext(ctx aws.Context, input *Des return p.Err() } +const opDescribeInstanceTopology = "DescribeInstanceTopology" + +// DescribeInstanceTopologyRequest generates a "aws/request.Request" representing the +// client's request for the DescribeInstanceTopology operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeInstanceTopology for more information on using the DescribeInstanceTopology +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeInstanceTopologyRequest method. +// req, resp := client.DescribeInstanceTopologyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceTopology +func (c *EC2) DescribeInstanceTopologyRequest(input *DescribeInstanceTopologyInput) (req *request.Request, output *DescribeInstanceTopologyOutput) { + op := &request.Operation{ + Name: opDescribeInstanceTopology, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeInstanceTopologyInput{} + } + + output = &DescribeInstanceTopologyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeInstanceTopology API operation for Amazon Elastic Compute Cloud. +// +// Describes a tree-based hierarchy that represents the physical host placement +// of your EC2 instances within an Availability Zone or Local Zone. You can +// use this information to determine the relative proximity of your EC2 instances +// within the Amazon Web Services network to support your tightly coupled workloads. +// +// Limitations +// +// - Supported zones Availability Zone Local Zone +// +// - Supported instance types hpc6a.48xlarge | hpc6id.32xlarge | hpc7a.12xlarge +// | hpc7a.24xlarge | hpc7a.48xlarge | hpc7a.96xlarge | hpc7g.4xlarge | hpc7g.8xlarge +// | hpc7g.16xlarge p3dn.24xlarge | p4d.24xlarge | p4de.24xlarge | p5.48xlarge +// trn1.2xlarge | trn1.32xlarge | trn1n.32xlarge +// +// For more information, see Amazon EC2 instance topology (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-topology.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeInstanceTopology for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceTopology +func (c *EC2) DescribeInstanceTopology(input *DescribeInstanceTopologyInput) (*DescribeInstanceTopologyOutput, error) { + req, out := c.DescribeInstanceTopologyRequest(input) + return out, req.Send() +} + +// DescribeInstanceTopologyWithContext is the same as DescribeInstanceTopology with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeInstanceTopology for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceTopologyWithContext(ctx aws.Context, input *DescribeInstanceTopologyInput, opts ...request.Option) (*DescribeInstanceTopologyOutput, error) { + req, out := c.DescribeInstanceTopologyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeInstanceTopologyPages iterates over the pages of a DescribeInstanceTopology operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeInstanceTopology method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeInstanceTopology operation. +// pageNum := 0 +// err := client.DescribeInstanceTopologyPages(params, +// func(page *ec2.DescribeInstanceTopologyOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeInstanceTopologyPages(input *DescribeInstanceTopologyInput, fn func(*DescribeInstanceTopologyOutput, bool) bool) error { + return c.DescribeInstanceTopologyPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeInstanceTopologyPagesWithContext same as DescribeInstanceTopologyPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceTopologyPagesWithContext(ctx aws.Context, input *DescribeInstanceTopologyInput, fn func(*DescribeInstanceTopologyOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeInstanceTopologyInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeInstanceTopologyRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeInstanceTopologyOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeInstanceTypeOfferings = "DescribeInstanceTypeOfferings" // DescribeInstanceTypeOfferingsRequest generates a "aws/request.Request" representing the @@ -23491,6 +23919,82 @@ func (c *EC2) DescribeInternetGatewaysPagesWithContext(ctx aws.Context, input *D return p.Err() } +const opDescribeIpamByoasn = "DescribeIpamByoasn" + +// DescribeIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the DescribeIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeIpamByoasn for more information on using the DescribeIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeIpamByoasnRequest method. +// req, resp := client.DescribeIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIpamByoasn +func (c *EC2) DescribeIpamByoasnRequest(input *DescribeIpamByoasnInput) (req *request.Request, output *DescribeIpamByoasnOutput) { + op := &request.Operation{ + Name: opDescribeIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeIpamByoasnInput{} + } + + output = &DescribeIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Describes your Autonomous System Numbers (ASNs), their provisioning statuses, +// and the BYOIP CIDRs with which they are associated. For more information, +// see Tutorial: Bring your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIpamByoasn +func (c *EC2) DescribeIpamByoasn(input *DescribeIpamByoasnInput) (*DescribeIpamByoasnOutput, error) { + req, out := c.DescribeIpamByoasnRequest(input) + return out, req.Send() +} + +// DescribeIpamByoasnWithContext is the same as DescribeIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeIpamByoasnWithContext(ctx aws.Context, input *DescribeIpamByoasnInput, opts ...request.Option) (*DescribeIpamByoasnOutput, error) { + req, out := c.DescribeIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeIpamPools = "DescribeIpamPools" // DescribeIpamPoolsRequest generates a "aws/request.Request" representing the @@ -25401,6 +25905,79 @@ func (c *EC2) DescribeLocalGatewaysPagesWithContext(ctx aws.Context, input *Desc return p.Err() } +const opDescribeLockedSnapshots = "DescribeLockedSnapshots" + +// DescribeLockedSnapshotsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLockedSnapshots operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeLockedSnapshots for more information on using the DescribeLockedSnapshots +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeLockedSnapshotsRequest method. +// req, resp := client.DescribeLockedSnapshotsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLockedSnapshots +func (c *EC2) DescribeLockedSnapshotsRequest(input *DescribeLockedSnapshotsInput) (req *request.Request, output *DescribeLockedSnapshotsOutput) { + op := &request.Operation{ + Name: opDescribeLockedSnapshots, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeLockedSnapshotsInput{} + } + + output = &DescribeLockedSnapshotsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeLockedSnapshots API operation for Amazon Elastic Compute Cloud. +// +// Describes the lock status for a snapshot. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeLockedSnapshots for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLockedSnapshots +func (c *EC2) DescribeLockedSnapshots(input *DescribeLockedSnapshotsInput) (*DescribeLockedSnapshotsOutput, error) { + req, out := c.DescribeLockedSnapshotsRequest(input) + return out, req.Send() +} + +// DescribeLockedSnapshotsWithContext is the same as DescribeLockedSnapshots with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeLockedSnapshots for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLockedSnapshotsWithContext(ctx aws.Context, input *DescribeLockedSnapshotsInput, opts ...request.Option) (*DescribeLockedSnapshotsOutput, error) { + req, out := c.DescribeLockedSnapshotsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeManagedPrefixLists = "DescribeManagedPrefixLists" // DescribeManagedPrefixListsRequest generates a "aws/request.Request" representing the @@ -25849,8 +26426,8 @@ func (c *EC2) DescribeNetworkAclsRequest(input *DescribeNetworkAclsInput) (req * // // Describes one or more of your network ACLs. // -// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -26706,6 +27283,10 @@ func (c *EC2) DescribeNetworkInterfacesRequest(input *DescribeNetworkInterfacesI // // Describes one or more of your network interfaces. // +// If you have a large number of network interfaces, the operation fails unless +// you use pagination or one of the following filters: group-id, mac-address, +// private-dns-name, private-ip-address, private-dns-name, subnet-id, or vpc-id. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -27984,7 +28565,7 @@ func (c *EC2) DescribeRouteTablesRequest(input *DescribeRouteTablesInput) (req * // implicit associations. // // For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -28376,8 +28957,9 @@ func (c *EC2) DescribeSecurityGroupReferencesRequest(input *DescribeSecurityGrou // DescribeSecurityGroupReferences API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Describes the VPCs on the other side of a VPC peering connection -// that are referencing the security groups you've specified in this request. +// Describes the VPCs on the other side of a VPC peering connection or the VPCs +// attached to a transit gateway that are referencing the security groups you've +// specified in this request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -28588,17 +29170,6 @@ func (c *EC2) DescribeSecurityGroupsRequest(input *DescribeSecurityGroupsInput) // // Describes the specified security groups or all of your security groups. // -// A security group is for use with instances either in the EC2-Classic platform -// or in a specific VPC. For more information, see Amazon EC2 security groups -// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) -// in the Amazon Elastic Compute Cloud User Guide and Security groups for your -// VPC (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) -// in the Amazon Virtual Private Cloud User Guide. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -29756,10 +30327,14 @@ func (c *EC2) DescribeStaleSecurityGroupsRequest(input *DescribeStaleSecurityGro // DescribeStaleSecurityGroups API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Describes the stale security group rules for security groups in -// a specified VPC. Rules are stale when they reference a deleted security group -// in the same VPC or in a peer VPC, or if they reference a security group in -// a peer VPC for which the VPC peering connection has been deleted. +// Describes the stale security group rules for security groups in a specified +// VPC. Rules are stale when they reference a deleted security group in the +// same VPC, peered VPC, or in separate VPCs attached to a transit gateway (with +// security group referencing support (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) +// enabled). Rules can also be stale if they reference a security group in a +// peer VPC for which the VPC peering connection has been deleted or if they +// reference a security group in a VPC that has been detached from a transit +// gateway. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -30037,8 +30612,8 @@ func (c *EC2) DescribeSubnetsRequest(input *DescribeSubnetsInput) (req *request. // // Describes one or more of your subnets. // -// For more information, see Your VPC and subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information, see Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -31998,9 +32573,6 @@ func (c *EC2) DescribeTrunkInterfaceAssociationsRequest(input *DescribeTrunkInte // DescribeTrunkInterfaceAssociations API operation for Amazon Elastic Compute Cloud. // -// This API action is currently in limited preview only. If you are interested -// in using this feature, contact your account manager. -// // Describes one or more network interface trunk associations. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -33369,11 +33941,9 @@ func (c *EC2) DescribeVpcClassicLinkRequest(input *DescribeVpcClassicLinkInput) // DescribeVpcClassicLink API operation for Amazon Elastic Compute Cloud. // -// Describes the ClassicLink status of one or more VPCs. +// This action is deprecated. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Describes the ClassicLink status of the specified VPCs. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -33452,17 +34022,13 @@ func (c *EC2) DescribeVpcClassicLinkDnsSupportRequest(input *DescribeVpcClassicL // DescribeVpcClassicLinkDnsSupport API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Describes the ClassicLink DNS support status of one or more VPCs. If enabled, // the DNS hostname of a linked EC2-Classic instance resolves to its private // IP address when addressed from an instance in the VPC to which it's linked. // Similarly, the DNS hostname of an instance in a VPC resolves to its private -// IP address when addressed from a linked EC2-Classic instance. For more information, -// see ClassicLink (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) -// in the Amazon Elastic Compute Cloud User Guide. +// IP address when addressed from a linked EC2-Classic instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -34731,9 +35297,7 @@ func (c *EC2) DetachClassicLinkVpcRequest(input *DetachClassicLinkVpcInput) (req // DetachClassicLinkVpc API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance // has been unlinked, the VPC security groups are no longer associated with @@ -35046,6 +35610,10 @@ func (c *EC2) DetachVolumeRequest(input *DetachVolumeInput) (req *request.Reques // When a volume with an Amazon Web Services Marketplace product code is detached // from an instance, the product code is no longer associated with the instance. // +// You can't detach or force detach volumes that are attached to Amazon ECS +// or Fargate tasks. Attempting to do this results in the UnsupportedOperationException +// exception with the Unable to detach volume attached to ECS tasks error message. +// // For more information, see Detach an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) // in the Amazon Elastic Compute Cloud User Guide. // @@ -35431,12 +35999,13 @@ func (c *EC2) DisableFastLaunchRequest(input *DisableFastLaunchInput) (req *requ // DisableFastLaunch API operation for Amazon Elastic Compute Cloud. // -// Discontinue faster launching for a Windows AMI, and clean up existing pre-provisioned -// snapshots. When you disable faster launching, the AMI uses the standard launch -// process for each instance. All pre-provisioned snapshots must be removed -// before you can enable faster launching again. +// Discontinue Windows fast launch for a Windows AMI, and clean up existing +// pre-provisioned snapshots. After you disable Windows fast launch, the AMI +// uses the standard launch process for each new instance. Amazon EC2 must remove +// all pre-provisioned snapshots before you can enable Windows fast launch again. // -// To change these settings, you must own the AMI. +// You can only change these settings for Windows AMIs that you own or that +// have been shared with you. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -35540,6 +36109,178 @@ func (c *EC2) DisableFastSnapshotRestoresWithContext(ctx aws.Context, input *Dis return out, req.Send() } +const opDisableImage = "DisableImage" + +// DisableImageRequest generates a "aws/request.Request" representing the +// client's request for the DisableImage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableImage for more information on using the DisableImage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableImageRequest method. +// req, resp := client.DisableImageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImage +func (c *EC2) DisableImageRequest(input *DisableImageInput) (req *request.Request, output *DisableImageOutput) { + op := &request.Operation{ + Name: opDisableImage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableImageInput{} + } + + output = &DisableImageOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableImage API operation for Amazon Elastic Compute Cloud. +// +// Sets the AMI state to disabled and removes all launch permissions from the +// AMI. A disabled AMI can't be used for instance launches. +// +// A disabled AMI can't be shared. If an AMI was public or previously shared, +// it is made private. If an AMI was shared with an Amazon Web Services account, +// organization, or Organizational Unit, they lose access to the disabled AMI. +// +// A disabled AMI does not appear in DescribeImages (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html) +// API calls by default. +// +// Only the AMI owner can disable an AMI. +// +// You can re-enable a disabled AMI using EnableImage (http://amazonaws.com/AWSEC2/latest/APIReference/API_EnableImage.html). +// +// For more information, see Disable an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableImage for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImage +func (c *EC2) DisableImage(input *DisableImageInput) (*DisableImageOutput, error) { + req, out := c.DisableImageRequest(input) + return out, req.Send() +} + +// DisableImageWithContext is the same as DisableImage with the addition of +// the ability to pass a context and additional request options. +// +// See DisableImage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableImageWithContext(ctx aws.Context, input *DisableImageInput, opts ...request.Option) (*DisableImageOutput, error) { + req, out := c.DisableImageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDisableImageBlockPublicAccess = "DisableImageBlockPublicAccess" + +// DisableImageBlockPublicAccessRequest generates a "aws/request.Request" representing the +// client's request for the DisableImageBlockPublicAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableImageBlockPublicAccess for more information on using the DisableImageBlockPublicAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableImageBlockPublicAccessRequest method. +// req, resp := client.DisableImageBlockPublicAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImageBlockPublicAccess +func (c *EC2) DisableImageBlockPublicAccessRequest(input *DisableImageBlockPublicAccessInput) (req *request.Request, output *DisableImageBlockPublicAccessOutput) { + op := &request.Operation{ + Name: opDisableImageBlockPublicAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableImageBlockPublicAccessInput{} + } + + output = &DisableImageBlockPublicAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableImageBlockPublicAccess API operation for Amazon Elastic Compute Cloud. +// +// Disables block public access for AMIs at the account level in the specified +// Amazon Web Services Region. This removes the block public access restriction +// from your account. With the restriction removed, you can publicly share your +// AMIs in the specified Amazon Web Services Region. +// +// The API can take up to 10 minutes to configure this setting. During this +// time, if you run GetImageBlockPublicAccessState (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetImageBlockPublicAccessState.html), +// the response will be block-new-sharing. When the API has completed the configuration, +// the response will be unblocked. +// +// For more information, see Block public access to your AMIs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html#block-public-access-to-amis) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableImageBlockPublicAccess for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImageBlockPublicAccess +func (c *EC2) DisableImageBlockPublicAccess(input *DisableImageBlockPublicAccessInput) (*DisableImageBlockPublicAccessOutput, error) { + req, out := c.DisableImageBlockPublicAccessRequest(input) + return out, req.Send() +} + +// DisableImageBlockPublicAccessWithContext is the same as DisableImageBlockPublicAccess with the addition of +// the ability to pass a context and additional request options. +// +// See DisableImageBlockPublicAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableImageBlockPublicAccessWithContext(ctx aws.Context, input *DisableImageBlockPublicAccessInput, opts ...request.Option) (*DisableImageBlockPublicAccessOutput, error) { + req, out := c.DisableImageBlockPublicAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableImageDeprecation = "DisableImageDeprecation" // DisableImageDeprecationRequest generates a "aws/request.Request" representing the @@ -35768,6 +36509,89 @@ func (c *EC2) DisableSerialConsoleAccessWithContext(ctx aws.Context, input *Disa return out, req.Send() } +const opDisableSnapshotBlockPublicAccess = "DisableSnapshotBlockPublicAccess" + +// DisableSnapshotBlockPublicAccessRequest generates a "aws/request.Request" representing the +// client's request for the DisableSnapshotBlockPublicAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableSnapshotBlockPublicAccess for more information on using the DisableSnapshotBlockPublicAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableSnapshotBlockPublicAccessRequest method. +// req, resp := client.DisableSnapshotBlockPublicAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableSnapshotBlockPublicAccess +func (c *EC2) DisableSnapshotBlockPublicAccessRequest(input *DisableSnapshotBlockPublicAccessInput) (req *request.Request, output *DisableSnapshotBlockPublicAccessOutput) { + op := &request.Operation{ + Name: opDisableSnapshotBlockPublicAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableSnapshotBlockPublicAccessInput{} + } + + output = &DisableSnapshotBlockPublicAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableSnapshotBlockPublicAccess API operation for Amazon Elastic Compute Cloud. +// +// Disables the block public access for snapshots setting at the account level +// for the specified Amazon Web Services Region. After you disable block public +// access for snapshots in a Region, users can publicly share snapshots in that +// Region. +// +// If block public access is enabled in block-all-sharing mode, and you disable +// block public access, all snapshots that were previously publicly shared are +// no longer treated as private and they become publicly accessible again. +// +// For more information, see Block public access for snapshots (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-snapshots.html) +// in the Amazon Elastic Compute Cloud User Guide . +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableSnapshotBlockPublicAccess for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableSnapshotBlockPublicAccess +func (c *EC2) DisableSnapshotBlockPublicAccess(input *DisableSnapshotBlockPublicAccessInput) (*DisableSnapshotBlockPublicAccessOutput, error) { + req, out := c.DisableSnapshotBlockPublicAccessRequest(input) + return out, req.Send() +} + +// DisableSnapshotBlockPublicAccessWithContext is the same as DisableSnapshotBlockPublicAccess with the addition of +// the ability to pass a context and additional request options. +// +// See DisableSnapshotBlockPublicAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableSnapshotBlockPublicAccessWithContext(ctx aws.Context, input *DisableSnapshotBlockPublicAccessInput, opts ...request.Option) (*DisableSnapshotBlockPublicAccessOutput, error) { + req, out := c.DisableSnapshotBlockPublicAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableTransitGatewayRouteTablePropagation = "DisableTransitGatewayRouteTablePropagation" // DisableTransitGatewayRouteTablePropagationRequest generates a "aws/request.Request" representing the @@ -35960,13 +36784,11 @@ func (c *EC2) DisableVpcClassicLinkRequest(input *DisableVpcClassicLinkInput) (r // DisableVpcClassicLink API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC // that has EC2-Classic instances linked to it. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -36038,18 +36860,14 @@ func (c *EC2) DisableVpcClassicLinkDnsSupportRequest(input *DisableVpcClassicLin // DisableVpcClassicLinkDnsSupport API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve // to public IP addresses when addressed between a linked EC2-Classic instance -// and instances in the VPC to which it's linked. For more information, see -// ClassicLink (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) -// in the Amazon Elastic Compute Cloud User Guide. +// and instances in the VPC to which it's linked. // // You must specify a VPC ID in the request. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -36468,6 +37286,83 @@ func (c *EC2) DisassociateInstanceEventWindowWithContext(ctx aws.Context, input return out, req.Send() } +const opDisassociateIpamByoasn = "DisassociateIpamByoasn" + +// DisassociateIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateIpamByoasn for more information on using the DisassociateIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisassociateIpamByoasnRequest method. +// req, resp := client.DisassociateIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateIpamByoasn +func (c *EC2) DisassociateIpamByoasnRequest(input *DisassociateIpamByoasnInput) (req *request.Request, output *DisassociateIpamByoasnOutput) { + op := &request.Operation{ + Name: opDisassociateIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisassociateIpamByoasnInput{} + } + + output = &DisassociateIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisassociateIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Remove the association between your Autonomous System Number (ASN) and your +// BYOIP CIDR. You may want to use this action to disassociate an ASN from a +// CIDR or if you want to swap ASNs. For more information, see Tutorial: Bring +// your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisassociateIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateIpamByoasn +func (c *EC2) DisassociateIpamByoasn(input *DisassociateIpamByoasnInput) (*DisassociateIpamByoasnOutput, error) { + req, out := c.DisassociateIpamByoasnRequest(input) + return out, req.Send() +} + +// DisassociateIpamByoasnWithContext is the same as DisassociateIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisassociateIpamByoasnWithContext(ctx aws.Context, input *DisassociateIpamByoasnInput, opts ...request.Option) (*DisassociateIpamByoasnOutput, error) { + req, out := c.DisassociateIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisassociateIpamResourceDiscovery = "DisassociateIpamResourceDiscovery" // DisassociateIpamResourceDiscoveryRequest generates a "aws/request.Request" representing the @@ -36589,17 +37484,17 @@ func (c *EC2) DisassociateNatGatewayAddressRequest(input *DisassociateNatGateway // Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. // You cannot disassociate your primary EIP. For more information, see Edit // secondary IP address associations (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-edit-secondary) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // While disassociating is in progress, you cannot associate/disassociate additional // EIPs while the connections are being drained. You are, however, allowed to // delete the NAT gateway. // -// An EIP will only be released at the end of MaxDrainDurationSeconds. The EIPs -// stay associated and support the existing connections but do not support any -// new connections (new connections are distributed across the remaining associated -// EIPs). As the existing connections drain out, the EIPs (and the corresponding -// private IPs mapped to them) get released. +// An EIP is released only at the end of MaxDrainDurationSeconds. It stays associated +// and supports the existing connections but does not support any new connections +// (new connections are distributed across the remaining associated EIPs). As +// the existing connections drain out, the EIPs (and the corresponding private +// IP addresses mapped to them) are released. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -36678,7 +37573,7 @@ func (c *EC2) DisassociateRouteTableRequest(input *DisassociateRouteTableInput) // After you perform this action, the subnet no longer uses the routes in the // route table. Instead, it uses the routes in the VPC's main route table. For // more information about route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -37045,9 +37940,6 @@ func (c *EC2) DisassociateTrunkInterfaceRequest(input *DisassociateTrunkInterfac // DisassociateTrunkInterface API operation for Amazon Elastic Compute Cloud. // -// This API action is currently in limited preview only. If you are interested -// in using this feature, contact your account manager. -// // Removes an association between a branch network interface with a trunk network // interface. // @@ -37438,14 +38330,15 @@ func (c *EC2) EnableFastLaunchRequest(input *EnableFastLaunchInput) (req *reques // EnableFastLaunch API operation for Amazon Elastic Compute Cloud. // -// When you enable faster launching for a Windows AMI, images are pre-provisioned, +// When you enable Windows fast launch for a Windows AMI, images are pre-provisioned, // using snapshots to launch instances up to 65% faster. To create the optimized // Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, // rebooting as required. Then it creates a set of reserved snapshots that are // used for subsequent launches. The reserved snapshots are automatically replenished // as they are used, depending on your settings for launch frequency. // -// To change these settings, you must own the AMI. +// You can only change these settings for Windows AMIs that you own or that +// have been shared with you. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -37556,6 +38449,171 @@ func (c *EC2) EnableFastSnapshotRestoresWithContext(ctx aws.Context, input *Enab return out, req.Send() } +const opEnableImage = "EnableImage" + +// EnableImageRequest generates a "aws/request.Request" representing the +// client's request for the EnableImage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableImage for more information on using the EnableImage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableImageRequest method. +// req, resp := client.EnableImageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImage +func (c *EC2) EnableImageRequest(input *EnableImageInput) (req *request.Request, output *EnableImageOutput) { + op := &request.Operation{ + Name: opEnableImage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableImageInput{} + } + + output = &EnableImageOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableImage API operation for Amazon Elastic Compute Cloud. +// +// Re-enables a disabled AMI. The re-enabled AMI is marked as available and +// can be used for instance launches, appears in describe operations, and can +// be shared. Amazon Web Services accounts, organizations, and Organizational +// Units that lost access to the AMI when it was disabled do not regain access +// automatically. Once the AMI is available, it can be shared with them again. +// +// Only the AMI owner can re-enable a disabled AMI. +// +// For more information, see Disable an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disable-an-ami.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableImage for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImage +func (c *EC2) EnableImage(input *EnableImageInput) (*EnableImageOutput, error) { + req, out := c.EnableImageRequest(input) + return out, req.Send() +} + +// EnableImageWithContext is the same as EnableImage with the addition of +// the ability to pass a context and additional request options. +// +// See EnableImage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableImageWithContext(ctx aws.Context, input *EnableImageInput, opts ...request.Option) (*EnableImageOutput, error) { + req, out := c.EnableImageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opEnableImageBlockPublicAccess = "EnableImageBlockPublicAccess" + +// EnableImageBlockPublicAccessRequest generates a "aws/request.Request" representing the +// client's request for the EnableImageBlockPublicAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableImageBlockPublicAccess for more information on using the EnableImageBlockPublicAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableImageBlockPublicAccessRequest method. +// req, resp := client.EnableImageBlockPublicAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImageBlockPublicAccess +func (c *EC2) EnableImageBlockPublicAccessRequest(input *EnableImageBlockPublicAccessInput) (req *request.Request, output *EnableImageBlockPublicAccessOutput) { + op := &request.Operation{ + Name: opEnableImageBlockPublicAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableImageBlockPublicAccessInput{} + } + + output = &EnableImageBlockPublicAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableImageBlockPublicAccess API operation for Amazon Elastic Compute Cloud. +// +// Enables block public access for AMIs at the account level in the specified +// Amazon Web Services Region. This prevents the public sharing of your AMIs. +// However, if you already have public AMIs, they will remain publicly available. +// +// The API can take up to 10 minutes to configure this setting. During this +// time, if you run GetImageBlockPublicAccessState (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetImageBlockPublicAccessState.html), +// the response will be unblocked. When the API has completed the configuration, +// the response will be block-new-sharing. +// +// For more information, see Block public access to your AMIs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html#block-public-access-to-amis) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableImageBlockPublicAccess for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImageBlockPublicAccess +func (c *EC2) EnableImageBlockPublicAccess(input *EnableImageBlockPublicAccessInput) (*EnableImageBlockPublicAccessOutput, error) { + req, out := c.EnableImageBlockPublicAccessRequest(input) + return out, req.Send() +} + +// EnableImageBlockPublicAccessWithContext is the same as EnableImageBlockPublicAccess with the addition of +// the ability to pass a context and additional request options. +// +// See EnableImageBlockPublicAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableImageBlockPublicAccessWithContext(ctx aws.Context, input *EnableImageBlockPublicAccessInput, opts ...request.Option) (*EnableImageBlockPublicAccessOutput, error) { + req, out := c.EnableImageBlockPublicAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableImageDeprecation = "EnableImageDeprecation" // EnableImageDeprecationRequest generates a "aws/request.Request" representing the @@ -37863,6 +38921,92 @@ func (c *EC2) EnableSerialConsoleAccessWithContext(ctx aws.Context, input *Enabl return out, req.Send() } +const opEnableSnapshotBlockPublicAccess = "EnableSnapshotBlockPublicAccess" + +// EnableSnapshotBlockPublicAccessRequest generates a "aws/request.Request" representing the +// client's request for the EnableSnapshotBlockPublicAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableSnapshotBlockPublicAccess for more information on using the EnableSnapshotBlockPublicAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableSnapshotBlockPublicAccessRequest method. +// req, resp := client.EnableSnapshotBlockPublicAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableSnapshotBlockPublicAccess +func (c *EC2) EnableSnapshotBlockPublicAccessRequest(input *EnableSnapshotBlockPublicAccessInput) (req *request.Request, output *EnableSnapshotBlockPublicAccessOutput) { + op := &request.Operation{ + Name: opEnableSnapshotBlockPublicAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableSnapshotBlockPublicAccessInput{} + } + + output = &EnableSnapshotBlockPublicAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableSnapshotBlockPublicAccess API operation for Amazon Elastic Compute Cloud. +// +// Enables or modifies the block public access for snapshots setting at the +// account level for the specified Amazon Web Services Region. After you enable +// block public access for snapshots in a Region, users can no longer request +// public sharing for snapshots in that Region. Snapshots that are already publicly +// shared are either treated as private or they remain publicly shared, depending +// on the State that you specify. +// +// If block public access is enabled in block-all-sharing mode, and you change +// the mode to block-new-sharing, all snapshots that were previously publicly +// shared are no longer treated as private and they become publicly accessible +// again. +// +// For more information, see Block public access for snapshots (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-snapshots.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableSnapshotBlockPublicAccess for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableSnapshotBlockPublicAccess +func (c *EC2) EnableSnapshotBlockPublicAccess(input *EnableSnapshotBlockPublicAccessInput) (*EnableSnapshotBlockPublicAccessOutput, error) { + req, out := c.EnableSnapshotBlockPublicAccessRequest(input) + return out, req.Send() +} + +// EnableSnapshotBlockPublicAccessWithContext is the same as EnableSnapshotBlockPublicAccess with the addition of +// the ability to pass a context and additional request options. +// +// See EnableSnapshotBlockPublicAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableSnapshotBlockPublicAccessWithContext(ctx aws.Context, input *EnableSnapshotBlockPublicAccessInput, opts ...request.Option) (*EnableSnapshotBlockPublicAccessOutput, error) { + req, out := c.EnableSnapshotBlockPublicAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableTransitGatewayRouteTablePropagation = "EnableTransitGatewayRouteTablePropagation" // EnableTransitGatewayRouteTablePropagationRequest generates a "aws/request.Request" representing the @@ -38130,17 +39274,14 @@ func (c *EC2) EnableVpcClassicLinkRequest(input *EnableVpcClassicLinkInput) (req // EnableVpcClassicLink API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Enables a VPC for ClassicLink. You can then link EC2-Classic instances to // your ClassicLink-enabled VPC to allow communication over private IP addresses. // You cannot enable your VPC for ClassicLink if any of your VPC route tables // have existing routes for address ranges within the 10.0.0.0/8 IP address // range, excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 -// IP address ranges. For more information, see ClassicLink (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) -// in the Amazon Elastic Compute Cloud User Guide. +// IP address ranges. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -38213,17 +39354,13 @@ func (c *EC2) EnableVpcClassicLinkDnsSupportRequest(input *EnableVpcClassicLinkD // EnableVpcClassicLinkDnsSupport API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// This action is deprecated. // // Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, // the DNS hostname of a linked EC2-Classic instance resolves to its private // IP address when addressed from an instance in the VPC to which it's linked. // Similarly, the DNS hostname of an instance in a VPC resolves to its private -// IP address when addressed from a linked EC2-Classic instance. For more information, -// see ClassicLink (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) -// in the Amazon Elastic Compute Cloud User Guide. +// IP address when addressed from a linked EC2-Classic instance. // // You must specify a VPC ID in the request. // @@ -39501,6 +40638,9 @@ func (c *EC2) GetFlowLogsIntegrationTemplateRequest(input *GetFlowLogsIntegratio // - Create a set of named queries in Athena that you can use to get started // quickly // +// GetFlowLogsIntegrationTemplate does not support integration between Amazon +// Web Services Transit Gateway Flow Logs and Amazon Athena. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -39737,6 +40877,83 @@ func (c *EC2) GetHostReservationPurchasePreviewWithContext(ctx aws.Context, inpu return out, req.Send() } +const opGetImageBlockPublicAccessState = "GetImageBlockPublicAccessState" + +// GetImageBlockPublicAccessStateRequest generates a "aws/request.Request" representing the +// client's request for the GetImageBlockPublicAccessState operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetImageBlockPublicAccessState for more information on using the GetImageBlockPublicAccessState +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetImageBlockPublicAccessStateRequest method. +// req, resp := client.GetImageBlockPublicAccessStateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetImageBlockPublicAccessState +func (c *EC2) GetImageBlockPublicAccessStateRequest(input *GetImageBlockPublicAccessStateInput) (req *request.Request, output *GetImageBlockPublicAccessStateOutput) { + op := &request.Operation{ + Name: opGetImageBlockPublicAccessState, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetImageBlockPublicAccessStateInput{} + } + + output = &GetImageBlockPublicAccessStateOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetImageBlockPublicAccessState API operation for Amazon Elastic Compute Cloud. +// +// Gets the current state of block public access for AMIs at the account level +// in the specified Amazon Web Services Region. +// +// For more information, see Block public access to your AMIs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html#block-public-access-to-amis) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetImageBlockPublicAccessState for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetImageBlockPublicAccessState +func (c *EC2) GetImageBlockPublicAccessState(input *GetImageBlockPublicAccessStateInput) (*GetImageBlockPublicAccessStateOutput, error) { + req, out := c.GetImageBlockPublicAccessStateRequest(input) + return out, req.Send() +} + +// GetImageBlockPublicAccessStateWithContext is the same as GetImageBlockPublicAccessState with the addition of +// the ability to pass a context and additional request options. +// +// See GetImageBlockPublicAccessState for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetImageBlockPublicAccessStateWithContext(ctx aws.Context, input *GetImageBlockPublicAccessStateInput, opts ...request.Option) (*GetImageBlockPublicAccessStateOutput, error) { + req, out := c.GetImageBlockPublicAccessStateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetInstanceTypesFromInstanceRequirements = "GetInstanceTypesFromInstanceRequirements" // GetInstanceTypesFromInstanceRequirementsRequest generates a "aws/request.Request" representing the @@ -40234,6 +41451,79 @@ func (c *EC2) GetIpamDiscoveredAccountsPagesWithContext(ctx aws.Context, input * return p.Err() } +const opGetIpamDiscoveredPublicAddresses = "GetIpamDiscoveredPublicAddresses" + +// GetIpamDiscoveredPublicAddressesRequest generates a "aws/request.Request" representing the +// client's request for the GetIpamDiscoveredPublicAddresses operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetIpamDiscoveredPublicAddresses for more information on using the GetIpamDiscoveredPublicAddresses +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetIpamDiscoveredPublicAddressesRequest method. +// req, resp := client.GetIpamDiscoveredPublicAddressesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetIpamDiscoveredPublicAddresses +func (c *EC2) GetIpamDiscoveredPublicAddressesRequest(input *GetIpamDiscoveredPublicAddressesInput) (req *request.Request, output *GetIpamDiscoveredPublicAddressesOutput) { + op := &request.Operation{ + Name: opGetIpamDiscoveredPublicAddresses, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetIpamDiscoveredPublicAddressesInput{} + } + + output = &GetIpamDiscoveredPublicAddressesOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetIpamDiscoveredPublicAddresses API operation for Amazon Elastic Compute Cloud. +// +// Gets the public IP addresses that have been discovered by IPAM. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetIpamDiscoveredPublicAddresses for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetIpamDiscoveredPublicAddresses +func (c *EC2) GetIpamDiscoveredPublicAddresses(input *GetIpamDiscoveredPublicAddressesInput) (*GetIpamDiscoveredPublicAddressesOutput, error) { + req, out := c.GetIpamDiscoveredPublicAddressesRequest(input) + return out, req.Send() +} + +// GetIpamDiscoveredPublicAddressesWithContext is the same as GetIpamDiscoveredPublicAddresses with the addition of +// the ability to pass a context and additional request options. +// +// See GetIpamDiscoveredPublicAddresses for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetIpamDiscoveredPublicAddressesWithContext(ctx aws.Context, input *GetIpamDiscoveredPublicAddressesInput, opts ...request.Option) (*GetIpamDiscoveredPublicAddressesOutput, error) { + req, out := c.GetIpamDiscoveredPublicAddressesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetIpamDiscoveredResourceCidrs = "GetIpamDiscoveredResourceCidrs" // GetIpamDiscoveredResourceCidrsRequest generates a "aws/request.Request" representing the @@ -41478,6 +42768,137 @@ func (c *EC2) GetReservedInstancesExchangeQuoteWithContext(ctx aws.Context, inpu return out, req.Send() } +const opGetSecurityGroupsForVpc = "GetSecurityGroupsForVpc" + +// GetSecurityGroupsForVpcRequest generates a "aws/request.Request" representing the +// client's request for the GetSecurityGroupsForVpc operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetSecurityGroupsForVpc for more information on using the GetSecurityGroupsForVpc +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetSecurityGroupsForVpcRequest method. +// req, resp := client.GetSecurityGroupsForVpcRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSecurityGroupsForVpc +func (c *EC2) GetSecurityGroupsForVpcRequest(input *GetSecurityGroupsForVpcInput) (req *request.Request, output *GetSecurityGroupsForVpcOutput) { + op := &request.Operation{ + Name: opGetSecurityGroupsForVpc, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &GetSecurityGroupsForVpcInput{} + } + + output = &GetSecurityGroupsForVpcOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSecurityGroupsForVpc API operation for Amazon Elastic Compute Cloud. +// +// Gets security groups that can be associated by the Amazon Web Services account +// making the request with network interfaces in the specified VPC. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetSecurityGroupsForVpc for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSecurityGroupsForVpc +func (c *EC2) GetSecurityGroupsForVpc(input *GetSecurityGroupsForVpcInput) (*GetSecurityGroupsForVpcOutput, error) { + req, out := c.GetSecurityGroupsForVpcRequest(input) + return out, req.Send() +} + +// GetSecurityGroupsForVpcWithContext is the same as GetSecurityGroupsForVpc with the addition of +// the ability to pass a context and additional request options. +// +// See GetSecurityGroupsForVpc for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetSecurityGroupsForVpcWithContext(ctx aws.Context, input *GetSecurityGroupsForVpcInput, opts ...request.Option) (*GetSecurityGroupsForVpcOutput, error) { + req, out := c.GetSecurityGroupsForVpcRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// GetSecurityGroupsForVpcPages iterates over the pages of a GetSecurityGroupsForVpc operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetSecurityGroupsForVpc method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetSecurityGroupsForVpc operation. +// pageNum := 0 +// err := client.GetSecurityGroupsForVpcPages(params, +// func(page *ec2.GetSecurityGroupsForVpcOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) GetSecurityGroupsForVpcPages(input *GetSecurityGroupsForVpcInput, fn func(*GetSecurityGroupsForVpcOutput, bool) bool) error { + return c.GetSecurityGroupsForVpcPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetSecurityGroupsForVpcPagesWithContext same as GetSecurityGroupsForVpcPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetSecurityGroupsForVpcPagesWithContext(ctx aws.Context, input *GetSecurityGroupsForVpcInput, fn func(*GetSecurityGroupsForVpcOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetSecurityGroupsForVpcInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetSecurityGroupsForVpcRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetSecurityGroupsForVpcOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetSerialConsoleAccessStatus = "GetSerialConsoleAccessStatus" // GetSerialConsoleAccessStatusRequest generates a "aws/request.Request" representing the @@ -41555,6 +42976,83 @@ func (c *EC2) GetSerialConsoleAccessStatusWithContext(ctx aws.Context, input *Ge return out, req.Send() } +const opGetSnapshotBlockPublicAccessState = "GetSnapshotBlockPublicAccessState" + +// GetSnapshotBlockPublicAccessStateRequest generates a "aws/request.Request" representing the +// client's request for the GetSnapshotBlockPublicAccessState operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetSnapshotBlockPublicAccessState for more information on using the GetSnapshotBlockPublicAccessState +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetSnapshotBlockPublicAccessStateRequest method. +// req, resp := client.GetSnapshotBlockPublicAccessStateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSnapshotBlockPublicAccessState +func (c *EC2) GetSnapshotBlockPublicAccessStateRequest(input *GetSnapshotBlockPublicAccessStateInput) (req *request.Request, output *GetSnapshotBlockPublicAccessStateOutput) { + op := &request.Operation{ + Name: opGetSnapshotBlockPublicAccessState, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetSnapshotBlockPublicAccessStateInput{} + } + + output = &GetSnapshotBlockPublicAccessStateOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSnapshotBlockPublicAccessState API operation for Amazon Elastic Compute Cloud. +// +// Gets the current state of block public access for snapshots setting for the +// account and Region. +// +// For more information, see Block public access for snapshots (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-public-access-snapshots.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetSnapshotBlockPublicAccessState for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetSnapshotBlockPublicAccessState +func (c *EC2) GetSnapshotBlockPublicAccessState(input *GetSnapshotBlockPublicAccessStateInput) (*GetSnapshotBlockPublicAccessStateOutput, error) { + req, out := c.GetSnapshotBlockPublicAccessStateRequest(input) + return out, req.Send() +} + +// GetSnapshotBlockPublicAccessStateWithContext is the same as GetSnapshotBlockPublicAccessState with the addition of +// the ability to pass a context and additional request options. +// +// See GetSnapshotBlockPublicAccessState for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetSnapshotBlockPublicAccessStateWithContext(ctx aws.Context, input *GetSnapshotBlockPublicAccessStateInput, opts ...request.Option) (*GetSnapshotBlockPublicAccessStateOutput, error) { + req, out := c.GetSnapshotBlockPublicAccessStateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetSpotPlacementScores = "GetSpotPlacementScores" // GetSpotPlacementScoresRequest generates a "aws/request.Request" representing the @@ -43260,16 +44758,21 @@ func (c *EC2) ImportInstanceRequest(input *ImportInstanceInput) (req *request.Re // ImportInstance API operation for Amazon Elastic Compute Cloud. // -// Creates an import instance task using metadata from the specified disk image. +// We recommend that you use the ImportImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportImage.html) +// API. For more information, see Importing a VM as an image using VM Import/Export +// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html) +// in the VM Import/Export User Guide. // -// This API action supports only single-volume VMs. To import multi-volume VMs, -// use ImportImage instead. +// Creates an import instance task using metadata from the specified disk image. // // This API action is not supported by the Command Line Interface (CLI). For // information about using the Amazon EC2 CLI, which is deprecated, see Importing // a VM to Amazon EC2 (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2) // in the Amazon EC2 CLI Reference PDF file. // +// This API action supports only single-volume VMs. To import multi-volume VMs, +// use ImportImage instead. +// // For information about the import manifest referenced by this API action, // see VM Import Manifest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). // @@ -43806,6 +45309,96 @@ func (c *EC2) ListSnapshotsInRecycleBinPagesWithContext(ctx aws.Context, input * return p.Err() } +const opLockSnapshot = "LockSnapshot" + +// LockSnapshotRequest generates a "aws/request.Request" representing the +// client's request for the LockSnapshot operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See LockSnapshot for more information on using the LockSnapshot +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the LockSnapshotRequest method. +// req, resp := client.LockSnapshotRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LockSnapshot +func (c *EC2) LockSnapshotRequest(input *LockSnapshotInput) (req *request.Request, output *LockSnapshotOutput) { + op := &request.Operation{ + Name: opLockSnapshot, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &LockSnapshotInput{} + } + + output = &LockSnapshotOutput{} + req = c.newRequest(op, input, output) + return +} + +// LockSnapshot API operation for Amazon Elastic Compute Cloud. +// +// Locks an Amazon EBS snapshot in either governance or compliance mode to protect +// it against accidental or malicious deletions for a specific duration. A locked +// snapshot can't be deleted. +// +// You can also use this action to modify the lock settings for a snapshot that +// is already locked. The allowed modifications depend on the lock mode and +// lock state: +// +// - If the snapshot is locked in governance mode, you can modify the lock +// mode and the lock duration or lock expiration date. +// +// - If the snapshot is locked in compliance mode and it is in the cooling-off +// period, you can modify the lock mode and the lock duration or lock expiration +// date. +// +// - If the snapshot is locked in compliance mode and the cooling-off period +// has lapsed, you can only increase the lock duration or extend the lock +// expiration date. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation LockSnapshot for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/LockSnapshot +func (c *EC2) LockSnapshot(input *LockSnapshotInput) (*LockSnapshotOutput, error) { + req, out := c.LockSnapshotRequest(input) + return out, req.Send() +} + +// LockSnapshotWithContext is the same as LockSnapshot with the addition of +// the ability to pass a context and additional request options. +// +// See LockSnapshot for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) LockSnapshotWithContext(ctx aws.Context, input *LockSnapshotInput, opts ...request.Option) (*LockSnapshotOutput, error) { + req, out := c.LockSnapshotRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyAddressAttribute = "ModifyAddressAttribute" // ModifyAddressAttributeRequest generates a "aws/request.Request" representing the @@ -48451,22 +50044,8 @@ func (c *EC2) ModifyVpcPeeringConnectionOptionsRequest(input *ModifyVpcPeeringCo // ModifyVpcPeeringConnectionOptions API operation for Amazon Elastic Compute Cloud. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Modifies the VPC peering connection options on one side of a VPC peering -// connection. You can do the following: -// -// - Enable/disable communication over the peering connection between an -// EC2-Classic instance that's linked to your VPC (using ClassicLink) and -// instances in the peer VPC. -// -// - Enable/disable communication over the peering connection between instances -// in your VPC and an EC2-Classic instance that's linked to the peer VPC. -// -// - Enable/disable the ability to resolve public DNS hostnames to private -// IP addresses when queried from instances in the peer VPC. +// connection. // // If the peered VPCs are in the same Amazon Web Services account, you can enable // DNS resolution for queries from the local VPC. This ensures that queries @@ -48561,7 +50140,7 @@ func (c *EC2) ModifyVpcTenancyRequest(input *ModifyVpcTenancyInput) (req *reques // launch. The tenancy of any existing instances in the VPC is not affected. // // For more information, see Dedicated Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -49260,6 +50839,83 @@ func (c *EC2) ProvisionByoipCidrWithContext(ctx aws.Context, input *ProvisionByo return out, req.Send() } +const opProvisionIpamByoasn = "ProvisionIpamByoasn" + +// ProvisionIpamByoasnRequest generates a "aws/request.Request" representing the +// client's request for the ProvisionIpamByoasn operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ProvisionIpamByoasn for more information on using the ProvisionIpamByoasn +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ProvisionIpamByoasnRequest method. +// req, resp := client.ProvisionIpamByoasnRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ProvisionIpamByoasn +func (c *EC2) ProvisionIpamByoasnRequest(input *ProvisionIpamByoasnInput) (req *request.Request, output *ProvisionIpamByoasnOutput) { + op := &request.Operation{ + Name: opProvisionIpamByoasn, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ProvisionIpamByoasnInput{} + } + + output = &ProvisionIpamByoasnOutput{} + req = c.newRequest(op, input, output) + return +} + +// ProvisionIpamByoasn API operation for Amazon Elastic Compute Cloud. +// +// Provisions your Autonomous System Number (ASN) for use in your Amazon Web +// Services account. This action requires authorization context for Amazon to +// bring the ASN to an Amazon Web Services account. For more information, see +// Tutorial: Bring your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ProvisionIpamByoasn for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ProvisionIpamByoasn +func (c *EC2) ProvisionIpamByoasn(input *ProvisionIpamByoasnInput) (*ProvisionIpamByoasnOutput, error) { + req, out := c.ProvisionIpamByoasnRequest(input) + return out, req.Send() +} + +// ProvisionIpamByoasnWithContext is the same as ProvisionIpamByoasn with the addition of +// the ability to pass a context and additional request options. +// +// See ProvisionIpamByoasn for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ProvisionIpamByoasnWithContext(ctx aws.Context, input *ProvisionIpamByoasnInput, opts ...request.Option) (*ProvisionIpamByoasnOutput, error) { + req, out := c.ProvisionIpamByoasnRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opProvisionIpamPoolCidr = "ProvisionIpamPoolCidr" // ProvisionIpamPoolCidrRequest generates a "aws/request.Request" representing the @@ -49414,6 +51070,81 @@ func (c *EC2) ProvisionPublicIpv4PoolCidrWithContext(ctx aws.Context, input *Pro return out, req.Send() } +const opPurchaseCapacityBlock = "PurchaseCapacityBlock" + +// PurchaseCapacityBlockRequest generates a "aws/request.Request" representing the +// client's request for the PurchaseCapacityBlock operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PurchaseCapacityBlock for more information on using the PurchaseCapacityBlock +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PurchaseCapacityBlockRequest method. +// req, resp := client.PurchaseCapacityBlockRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseCapacityBlock +func (c *EC2) PurchaseCapacityBlockRequest(input *PurchaseCapacityBlockInput) (req *request.Request, output *PurchaseCapacityBlockOutput) { + op := &request.Operation{ + Name: opPurchaseCapacityBlock, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PurchaseCapacityBlockInput{} + } + + output = &PurchaseCapacityBlockOutput{} + req = c.newRequest(op, input, output) + return +} + +// PurchaseCapacityBlock API operation for Amazon Elastic Compute Cloud. +// +// Purchase the Capacity Block for use with your account. With Capacity Blocks +// you ensure GPU capacity is available for machine learning (ML) workloads. +// You must specify the ID of the Capacity Block offering you are purchasing. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation PurchaseCapacityBlock for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/PurchaseCapacityBlock +func (c *EC2) PurchaseCapacityBlock(input *PurchaseCapacityBlockInput) (*PurchaseCapacityBlockOutput, error) { + req, out := c.PurchaseCapacityBlockRequest(input) + return out, req.Send() +} + +// PurchaseCapacityBlockWithContext is the same as PurchaseCapacityBlock with the addition of +// the ability to pass a context and additional request options. +// +// See PurchaseCapacityBlock for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) PurchaseCapacityBlockWithContext(ctx aws.Context, input *PurchaseCapacityBlockInput, opts ...request.Option) (*PurchaseCapacityBlockOutput, error) { + req, out := c.PurchaseCapacityBlockRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opPurchaseHostReservation = "PurchaseHostReservation" // PurchaseHostReservationRequest generates a "aws/request.Request" representing the @@ -50703,7 +52434,7 @@ func (c *EC2) ReleaseIpamPoolAllocationRequest(input *ReleaseIpamPoolAllocationI // manual allocations. To remove an allocation for a resource without deleting // the resource, set its monitored state to false using ModifyIpamResourceCidr // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html). -// For more information, see Release an allocation (https://docs.aws.amazon.com/vpc/latest/ipam/release-pool-alloc-ipam.html) +// For more information, see Release an allocation (https://docs.aws.amazon.com/vpc/latest/ipam/release-alloc-ipam.html) // in the Amazon VPC IPAM User Guide. // // All EC2 API actions follow an eventual consistency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/query-api-troubleshooting.html#eventual-consistency) @@ -50860,8 +52591,8 @@ func (c *EC2) ReplaceNetworkAclAssociationRequest(input *ReplaceNetworkAclAssoci // // Changes which network ACL a subnet is associated with. By default when you // create a subnet, it's automatically associated with the default network ACL. -// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // This is an idempotent operation. // @@ -50938,8 +52669,8 @@ func (c *EC2) ReplaceNetworkAclEntryRequest(input *ReplaceNetworkAclEntryInput) // ReplaceNetworkAclEntry API operation for Amazon Elastic Compute Cloud. // // Replaces an entry (rule) in a network ACL. For more information, see Network -// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in -// the Amazon Virtual Private Cloud User Guide. +// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -51020,7 +52751,7 @@ func (c *EC2) ReplaceRouteRequest(input *ReplaceRouteInput) (req *request.Reques // reset the local route to its default target. // // For more information, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -51097,7 +52828,7 @@ func (c *EC2) ReplaceRouteTableAssociationRequest(input *ReplaceRouteTableAssoci // or virtual private gateway in a VPC. After the operation completes, the subnet // or gateway uses the routes in the new route table. For more information about // route tables, see Route tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // You can also use this operation to change which table is the main route table // in the VPC. Specify the main route table's association ID and the route table @@ -52575,9 +54306,8 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI // RevokeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Removes the specified outbound (egress) rules from a security -// group for EC2-VPC. This action does not apply to security groups for use -// in EC2-Classic. +// Removes the specified outbound (egress) rules from the specified security +// group. // // You can specify rules using either rule IDs or security group rule properties. // If you use rule properties, the values that you specify (for example, ports) @@ -52588,7 +54318,7 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI // ICMP type and code. If the security group rule has a description, you do // not need to specify the description to revoke the rule. // -// [Default VPC] If the values you specify do not match the existing rule's +// For a default VPC, if the values you specify do not match the existing rule's // values, no error is returned, and the output describes the security group // rules that were not revoked. // @@ -52680,9 +54410,13 @@ func (c *EC2) RevokeSecurityGroupIngressRequest(input *RevokeSecurityGroupIngres // type and code. If the security group rule has a description, you do not need // to specify the description to revoke the rule. // -// [EC2-Classic, default VPC] If the values you specify do not match the existing -// rule's values, no error is returned, and the output describes the security -// group rules that were not revoked. +// For a default VPC, if the values you specify do not match the existing rule's +// values, no error is returned, and the output describes the security group +// rules that were not revoked. +// +// For a non-default VPC, if the values you specify do not match the existing +// rule's values, an InvalidPermission.NotFound client error is returned, and +// no rules are revoked. // // Amazon Web Services recommends that you describe the security group to verify // that the rules were removed. @@ -52690,10 +54424,6 @@ func (c *EC2) RevokeSecurityGroupIngressRequest(input *RevokeSecurityGroupIngres // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -54182,17 +55912,17 @@ func (c *EC2) UnassignPrivateNatGatewayAddressRequest(input *UnassignPrivateNatG // Unassigns secondary private IPv4 addresses from a private NAT gateway. You // cannot unassign your primary private IP. For more information, see Edit secondary // IP address associations (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-edit-secondary) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // While unassigning is in progress, you cannot assign/unassign additional IP // addresses while the connections are being drained. You are, however, allowed // to delete the NAT gateway. // // A private IP address will only be released at the end of MaxDrainDurationSeconds. -// The private IP addresses stay associated and support the existing connections +// The private IP addresses stay associated and support the existing connections, // but do not support any new connections (new connections are distributed across // the remaining assigned private IP address). After the existing connections -// drain out, the private IP addresses get released. +// drain out, the private IP addresses are released. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -54222,6 +55952,81 @@ func (c *EC2) UnassignPrivateNatGatewayAddressWithContext(ctx aws.Context, input return out, req.Send() } +const opUnlockSnapshot = "UnlockSnapshot" + +// UnlockSnapshotRequest generates a "aws/request.Request" representing the +// client's request for the UnlockSnapshot operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UnlockSnapshot for more information on using the UnlockSnapshot +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UnlockSnapshotRequest method. +// req, resp := client.UnlockSnapshotRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnlockSnapshot +func (c *EC2) UnlockSnapshotRequest(input *UnlockSnapshotInput) (req *request.Request, output *UnlockSnapshotOutput) { + op := &request.Operation{ + Name: opUnlockSnapshot, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UnlockSnapshotInput{} + } + + output = &UnlockSnapshotOutput{} + req = c.newRequest(op, input, output) + return +} + +// UnlockSnapshot API operation for Amazon Elastic Compute Cloud. +// +// Unlocks a snapshot that is locked in governance mode or that is locked in +// compliance mode but still in the cooling-off period. You can't unlock a snapshot +// that is locked in compliance mode after the cooling-off period has expired. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation UnlockSnapshot for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/UnlockSnapshot +func (c *EC2) UnlockSnapshot(input *UnlockSnapshotInput) (*UnlockSnapshotOutput, error) { + req, out := c.UnlockSnapshotRequest(input) + return out, req.Send() +} + +// UnlockSnapshotWithContext is the same as UnlockSnapshot with the addition of +// the ability to pass a context and additional request options. +// +// See UnlockSnapshot for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) UnlockSnapshotWithContext(ctx aws.Context, input *UnlockSnapshotInput, opts ...request.Option) (*UnlockSnapshotOutput, error) { + req, out := c.UnlockSnapshotRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opUnmonitorInstances = "UnmonitorInstances" // UnmonitorInstancesRequest generates a "aws/request.Request" representing the @@ -54340,10 +56145,10 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsEgressRequest(input *UpdateSecu // UpdateSecurityGroupRuleDescriptionsEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Updates the description of an egress (outbound) security group -// rule. You can replace an existing description, or add a description to a -// rule that did not have one previously. You can remove a description for a -// security group rule by omitting the description parameter in the request. +// Updates the description of an egress (outbound) security group rule. You +// can replace an existing description, or add a description to a rule that +// did not have one previously. You can remove a description for a security +// group rule by omitting the description parameter in the request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -56220,6 +58025,9 @@ func (s *AddressTransfer) SetTransferOfferExpirationTimestamp(v time.Time) *Addr type AdvertiseByoipCidrInput struct { _ struct{} `type:"structure"` + // The public 2-byte or 4-byte ASN that you want to advertise. + Asn *string `type:"string"` + // The address range, in CIDR notation. This must be the exact range that you // provisioned. You can't advertise only a portion of the provisioned range. // @@ -56231,6 +58039,25 @@ type AdvertiseByoipCidrInput struct { // the required permissions, the error response is DryRunOperation. Otherwise, // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + + // If you have Local Zones (https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html) + // enabled, you can choose a network border group for Local Zones when you provision + // and advertise a BYOIPv4 CIDR. Choose the network border group carefully as + // the EIP and the Amazon Web Services resource it is associated with must reside + // in the same network border group. + // + // You can provision BYOIP address ranges to and advertise them in the following + // Local Zone network border groups: + // + // * us-east-1-dfw-2 + // + // * us-west-2-lax-1 + // + // * us-west-2-phx-2 + // + // You cannot provision or advertise BYOIPv6 address ranges in Local Zones at + // this time. + NetworkBorderGroup *string `type:"string"` } // String returns the string representation. @@ -56264,6 +58091,12 @@ func (s *AdvertiseByoipCidrInput) Validate() error { return nil } +// SetAsn sets the Asn field's value. +func (s *AdvertiseByoipCidrInput) SetAsn(v string) *AdvertiseByoipCidrInput { + s.Asn = &v + return s +} + // SetCidr sets the Cidr field's value. func (s *AdvertiseByoipCidrInput) SetCidr(v string) *AdvertiseByoipCidrInput { s.Cidr = &v @@ -56276,6 +58109,12 @@ func (s *AdvertiseByoipCidrInput) SetDryRun(v bool) *AdvertiseByoipCidrInput { return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *AdvertiseByoipCidrInput) SetNetworkBorderGroup(v string) *AdvertiseByoipCidrInput { + s.NetworkBorderGroup = &v + return s +} + type AdvertiseByoipCidrOutput struct { _ struct{} `type:"structure"` @@ -56334,9 +58173,6 @@ type AllocateAddressInput struct { // // Use DescribeAvailabilityZones (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) // to view the network border groups. - // - // You cannot use a network border group with EC2 Classic. If you attempt this - // operation on EC2 Classic, you receive an InvalidParameterCombination error. NetworkBorderGroup *string `type:"string"` // The ID of an address pool that you own. Use this parameter to let Amazon @@ -56721,6 +58557,10 @@ func (s *AllocateHostsOutput) SetHostIds(v []*string) *AllocateHostsOutput { type AllocateIpamPoolCidrInput struct { _ struct{} `type:"structure"` + // Include a particular CIDR range that can be returned by the pool. Allowed + // CIDRs are only allowed if using netmask length for allocation. + AllowedCidrs []*string `locationName:"AllowedCidr" locationNameList:"item" type:"list"` + // The CIDR you would like to allocate from the IPAM pool. Note the following: // // * If there is no DefaultNetmaskLength allocation rule set on the pool, @@ -56804,6 +58644,12 @@ func (s *AllocateIpamPoolCidrInput) Validate() error { return nil } +// SetAllowedCidrs sets the AllowedCidrs field's value. +func (s *AllocateIpamPoolCidrInput) SetAllowedCidrs(v []*string) *AllocateIpamPoolCidrInput { + s.AllowedCidrs = v + return s +} + // SetCidr sets the Cidr field's value. func (s *AllocateIpamPoolCidrInput) SetCidr(v string) *AllocateIpamPoolCidrInput { s.Cidr = &v @@ -57648,6 +59494,130 @@ func (s *ApplySecurityGroupsToClientVpnTargetNetworkOutput) SetSecurityGroupIds( return s } +// An Autonomous System Number (ASN) and BYOIP CIDR association. +type AsnAssociation struct { + _ struct{} `type:"structure"` + + // The association's ASN. + Asn *string `locationName:"asn" type:"string"` + + // The association's CIDR. + Cidr *string `locationName:"cidr" type:"string"` + + // The association's state. + State *string `locationName:"state" type:"string" enum:"AsnAssociationState"` + + // The association's status message. + StatusMessage *string `locationName:"statusMessage" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsnAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsnAssociation) GoString() string { + return s.String() +} + +// SetAsn sets the Asn field's value. +func (s *AsnAssociation) SetAsn(v string) *AsnAssociation { + s.Asn = &v + return s +} + +// SetCidr sets the Cidr field's value. +func (s *AsnAssociation) SetCidr(v string) *AsnAssociation { + s.Cidr = &v + return s +} + +// SetState sets the State field's value. +func (s *AsnAssociation) SetState(v string) *AsnAssociation { + s.State = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *AsnAssociation) SetStatusMessage(v string) *AsnAssociation { + s.StatusMessage = &v + return s +} + +// Provides authorization for Amazon to bring an Autonomous System Number (ASN) +// to a specific Amazon Web Services account using bring your own ASN (BYOASN). +// For details on the format of the message and signature, see Tutorial: Bring +// your ASN to IPAM (https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-byoasn.html) +// in the Amazon VPC IPAM guide. +type AsnAuthorizationContext struct { + _ struct{} `type:"structure"` + + // The authorization context's message. + // + // Message is a required field + Message *string `type:"string" required:"true"` + + // The authorization context's signature. + // + // Signature is a required field + Signature *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsnAuthorizationContext) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsnAuthorizationContext) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AsnAuthorizationContext) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AsnAuthorizationContext"} + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) + } + if s.Signature == nil { + invalidParams.Add(request.NewErrParamRequired("Signature")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMessage sets the Message field's value. +func (s *AsnAuthorizationContext) SetMessage(v string) *AsnAuthorizationContext { + s.Message = &v + return s +} + +// SetSignature sets the Signature field's value. +func (s *AsnAuthorizationContext) SetSignature(v string) *AsnAuthorizationContext { + s.Signature = &v + return s +} + type AssignIpv6AddressesInput struct { _ struct{} `type:"structure"` @@ -57948,7 +59918,7 @@ type AssignPrivateNatGatewayAddressInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The NAT gateway ID. + // The ID of the NAT gateway. // // NatGatewayId is a required field NatGatewayId *string `type:"string" required:"true"` @@ -58025,7 +59995,7 @@ type AssignPrivateNatGatewayAddressOutput struct { // NAT gateway IP addresses. NatGatewayAddresses []*NatGatewayAddress `locationName:"natGatewayAddressSet" locationNameList:"item" type:"list"` - // The NAT gateway ID. + // The ID of the NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` } @@ -58754,6 +60724,109 @@ func (s *AssociateInstanceEventWindowOutput) SetInstanceEventWindow(v *InstanceE return s } +type AssociateIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // A public 2-byte or 4-byte ASN. + // + // Asn is a required field + Asn *string `type:"string" required:"true"` + + // The BYOIP CIDR you want to associate with an ASN. + // + // Cidr is a required field + Cidr *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateIpamByoasnInput"} + if s.Asn == nil { + invalidParams.Add(request.NewErrParamRequired("Asn")) + } + if s.Cidr == nil { + invalidParams.Add(request.NewErrParamRequired("Cidr")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsn sets the Asn field's value. +func (s *AssociateIpamByoasnInput) SetAsn(v string) *AssociateIpamByoasnInput { + s.Asn = &v + return s +} + +// SetCidr sets the Cidr field's value. +func (s *AssociateIpamByoasnInput) SetCidr(v string) *AssociateIpamByoasnInput { + s.Cidr = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *AssociateIpamByoasnInput) SetDryRun(v bool) *AssociateIpamByoasnInput { + s.DryRun = &v + return s +} + +type AssociateIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // The ASN and BYOIP CIDR association. + AsnAssociation *AsnAssociation `locationName:"asnAssociation" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetAsnAssociation sets the AsnAssociation field's value. +func (s *AssociateIpamByoasnOutput) SetAsnAssociation(v *AsnAssociation) *AssociateIpamByoasnOutput { + s.AsnAssociation = v + return s +} + type AssociateIpamResourceDiscoveryInput struct { _ struct{} `type:"structure"` @@ -58890,7 +60963,7 @@ type AssociateNatGatewayAddressInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The NAT gateway ID. + // The ID of the NAT gateway. // // NatGatewayId is a required field NatGatewayId *string `type:"string" required:"true"` @@ -58963,7 +61036,7 @@ type AssociateNatGatewayAddressOutput struct { // The IP addresses. NatGatewayAddresses []*NatGatewayAddress `locationName:"natGatewayAddressSet" locationNameList:"item" type:"list"` - // The NAT gateway ID. + // The ID of the NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` } @@ -59117,10 +61190,14 @@ func (s *AssociateRouteTableOutput) SetAssociationState(v *RouteTableAssociation type AssociateSubnetCidrBlockInput struct { _ struct{} `type:"structure"` - // The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length. - // - // Ipv6CidrBlock is a required field - Ipv6CidrBlock *string `locationName:"ipv6CidrBlock" type:"string" required:"true"` + // The IPv6 CIDR block for your subnet. + Ipv6CidrBlock *string `locationName:"ipv6CidrBlock" type:"string"` + + // An IPv6 IPAM pool ID. + Ipv6IpamPoolId *string `type:"string"` + + // An IPv6 netmask length. + Ipv6NetmaskLength *int64 `type:"integer"` // The ID of your subnet. // @@ -59149,9 +61226,6 @@ func (s AssociateSubnetCidrBlockInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *AssociateSubnetCidrBlockInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "AssociateSubnetCidrBlockInput"} - if s.Ipv6CidrBlock == nil { - invalidParams.Add(request.NewErrParamRequired("Ipv6CidrBlock")) - } if s.SubnetId == nil { invalidParams.Add(request.NewErrParamRequired("SubnetId")) } @@ -59168,6 +61242,18 @@ func (s *AssociateSubnetCidrBlockInput) SetIpv6CidrBlock(v string) *AssociateSub return s } +// SetIpv6IpamPoolId sets the Ipv6IpamPoolId field's value. +func (s *AssociateSubnetCidrBlockInput) SetIpv6IpamPoolId(v string) *AssociateSubnetCidrBlockInput { + s.Ipv6IpamPoolId = &v + return s +} + +// SetIpv6NetmaskLength sets the Ipv6NetmaskLength field's value. +func (s *AssociateSubnetCidrBlockInput) SetIpv6NetmaskLength(v int64) *AssociateSubnetCidrBlockInput { + s.Ipv6NetmaskLength = &v + return s +} + // SetSubnetId sets the SubnetId field's value. func (s *AssociateSubnetCidrBlockInput) SetSubnetId(v string) *AssociateSubnetCidrBlockInput { s.SubnetId = &v @@ -59686,7 +61772,7 @@ type AssociateVpcCidrBlockInput struct { _ struct{} `type:"structure"` // Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for - // the VPC. You cannot specify the range of IPv6 addresses, or the size of the + // the VPC. You cannot specify the range of IPv6 addresses or the size of the // CIDR block. AmazonProvidedIpv6CidrBlock *bool `locationName:"amazonProvidedIpv6CidrBlock" type:"boolean"` @@ -60110,18 +62196,18 @@ type AttachClassicLinkVpcInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The ID of one or more of the VPC's security groups. You cannot specify security - // groups from a different VPC. + // The IDs of the security groups. You cannot specify security groups from a + // different VPC. // // Groups is a required field Groups []*string `locationName:"SecurityGroupId" locationNameList:"groupId" type:"list" required:"true"` - // The ID of an EC2-Classic instance to link to the ClassicLink-enabled VPC. + // The ID of the EC2-Classic instance. // // InstanceId is a required field InstanceId *string `locationName:"instanceId" type:"string" required:"true"` - // The ID of a ClassicLink-enabled VPC. + // The ID of the ClassicLink-enabled VPC. // // VpcId is a required field VpcId *string `locationName:"vpcId" type:"string" required:"true"` @@ -60548,10 +62634,10 @@ func (s *AttachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type AttachVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` - // The ID of the Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -60777,16 +62863,25 @@ func (s *AttachVpnGatewayOutput) SetVpcAttachment(v *VpcAttachment) *AttachVpnGa return s } -// Describes the ENA Express configuration for the network interface that's -// attached to the instance. +// ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology +// to increase the maximum bandwidth used per stream and minimize tail latency +// of network traffic between EC2 instances. With ENA Express, you can communicate +// between two EC2 instances in the same subnet within the same account, or +// in different accounts. Both sending and receiving instances must have ENA +// Express enabled. +// +// To improve the reliability of network packet delivery, ENA Express reorders +// network packets on the receiving end by default. However, some UDP-based +// applications are designed to handle network packets that are out of order +// to reduce the overhead for packet delivery at the network layer. When ENA +// Express is enabled, you can specify whether UDP network traffic uses it. type AttachmentEnaSrdSpecification struct { _ struct{} `type:"structure"` - // Indicates whether ENA Express is enabled for the network interface that's - // attached to the instance. + // Indicates whether ENA Express is enabled for the network interface. EnaSrdEnabled *bool `locationName:"enaSrdEnabled" type:"boolean"` - // ENA Express configuration for UDP network traffic. + // Configures ENA Express for UDP network traffic. EnaSrdUdpSpecification *AttachmentEnaSrdUdpSpecification `locationName:"enaSrdUdpSpecification" type:"structure"` } @@ -60820,8 +62915,12 @@ func (s *AttachmentEnaSrdSpecification) SetEnaSrdUdpSpecification(v *AttachmentE return s } -// Describes the ENA Express configuration for UDP traffic on the network interface -// that's attached to the instance. +// ENA Express is compatible with both TCP and UDP transport protocols. When +// it's enabled, TCP traffic automatically uses it. However, some UDP-based +// applications are designed to handle network packets that are out of order, +// without a need for retransmission, such as live video broadcasting or other +// near-real-time applications. For UDP traffic, you can specify whether to +// use ENA Express, based on your application environment needs. type AttachmentEnaSrdUdpSpecification struct { _ struct{} `type:"structure"` @@ -61346,10 +63445,9 @@ type AuthorizeSecurityGroupIngressInput struct { // VPC, you must specify the security group ID. GroupId *string `type:"string"` - // [EC2-Classic, default VPC] The name of the security group. You must specify - // either the security group ID or the security group name in the request. For - // security groups in a nondefault VPC, you must specify the security group - // ID. + // [Default VPC] The name of the security group. You must specify either the + // security group ID or the security group name in the request. For security + // groups in a nondefault VPC, you must specify the security group ID. GroupName *string `type:"string"` // The sets of IP permissions. @@ -61358,24 +63456,23 @@ type AuthorizeSecurityGroupIngressInput struct { // The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). // To specify icmpv6, use a set of IP permissions. // - // [VPC only] Use -1 to specify all protocols. If you specify -1 or a protocol - // other than tcp, udp, or icmp, traffic on all ports is allowed, regardless - // of any ports you specify. + // Use -1 to specify all protocols. If you specify -1 or a protocol other than + // tcp, udp, or icmp, traffic on all ports is allowed, regardless of any ports + // you specify. // // Alternatively, use a set of IP permissions to specify multiple rules and // a description for the rule. IpProtocol *string `type:"string"` - // [EC2-Classic, default VPC] The name of the source security group. You can't - // specify this parameter in combination with the following parameters: the - // CIDR IP address range, the start of the port range, the IP protocol, and - // the end of the port range. Creates rules that grant full ICMP, UDP, and TCP - // access. To create a rule with a specific IP protocol and port range, use - // a set of IP permissions instead. For EC2-VPC, the source security group must - // be in the same VPC. + // [Default VPC] The name of the source security group. You can't specify this + // parameter in combination with the following parameters: the CIDR IP address + // range, the start of the port range, the IP protocol, and the end of the port + // range. Creates rules that grant full ICMP, UDP, and TCP access. To create + // a rule with a specific IP protocol and port range, use a set of IP permissions + // instead. The source security group must be in the same VPC. SourceSecurityGroupName *string `type:"string"` - // [nondefault VPC] The Amazon Web Services account ID for the source security + // [Nondefault VPC] The Amazon Web Services account ID for the source security // group, if the source security group is in a different account. You can't // specify this parameter in combination with the following parameters: the // CIDR IP address range, the IP protocol, the start of the port range, and @@ -62177,17 +64274,98 @@ func (s *BundleTaskError) SetMessage(v string) *BundleTaskError { return s } +// The Autonomous System Number (ASN) and BYOIP CIDR association. +type Byoasn struct { + _ struct{} `type:"structure"` + + // A public 2-byte or 4-byte ASN. + Asn *string `locationName:"asn" type:"string"` + + // An IPAM ID. + IpamId *string `locationName:"ipamId" type:"string"` + + // The provisioning state of the BYOASN. + State *string `locationName:"state" type:"string" enum:"AsnState"` + + // The status message. + StatusMessage *string `locationName:"statusMessage" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Byoasn) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Byoasn) GoString() string { + return s.String() +} + +// SetAsn sets the Asn field's value. +func (s *Byoasn) SetAsn(v string) *Byoasn { + s.Asn = &v + return s +} + +// SetIpamId sets the IpamId field's value. +func (s *Byoasn) SetIpamId(v string) *Byoasn { + s.IpamId = &v + return s +} + +// SetState sets the State field's value. +func (s *Byoasn) SetState(v string) *Byoasn { + s.State = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *Byoasn) SetStatusMessage(v string) *Byoasn { + s.StatusMessage = &v + return s +} + // Information about an address range that is provisioned for use with your // Amazon Web Services resources through bring your own IP addresses (BYOIP). type ByoipCidr struct { _ struct{} `type:"structure"` + // The BYOIP CIDR associations with ASNs. + AsnAssociations []*AsnAssociation `locationName:"asnAssociationSet" locationNameList:"item" type:"list"` + // The address range, in CIDR notation. Cidr *string `locationName:"cidr" type:"string"` // The description of the address range. Description *string `locationName:"description" type:"string"` + // If you have Local Zones (https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html) + // enabled, you can choose a network border group for Local Zones when you provision + // and advertise a BYOIPv4 CIDR. Choose the network border group carefully as + // the EIP and the Amazon Web Services resource it is associated with must reside + // in the same network border group. + // + // You can provision BYOIP address ranges to and advertise them in the following + // Local Zone network border groups: + // + // * us-east-1-dfw-2 + // + // * us-west-2-lax-1 + // + // * us-west-2-phx-2 + // + // You cannot provision or advertise BYOIPv6 address ranges in Local Zones at + // this time. + NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` + // The state of the address pool. State *string `locationName:"state" type:"string" enum:"ByoipCidrState"` @@ -62214,6 +64392,12 @@ func (s ByoipCidr) GoString() string { return s.String() } +// SetAsnAssociations sets the AsnAssociations field's value. +func (s *ByoipCidr) SetAsnAssociations(v []*AsnAssociation) *ByoipCidr { + s.AsnAssociations = v + return s +} + // SetCidr sets the Cidr field's value. func (s *ByoipCidr) SetCidr(v string) *ByoipCidr { s.Cidr = &v @@ -62226,6 +64410,12 @@ func (s *ByoipCidr) SetDescription(v string) *ByoipCidr { return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *ByoipCidr) SetNetworkBorderGroup(v string) *ByoipCidr { + s.NetworkBorderGroup = &v + return s +} + // SetState sets the State field's value. func (s *ByoipCidr) SetState(v string) *ByoipCidr { s.State = &v @@ -62650,7 +64840,8 @@ func (s CancelConversionTaskOutput) GoString() string { type CancelExportTaskInput struct { _ struct{} `type:"structure"` - // The ID of the export task. This is the ID returned by CreateInstanceExportTask. + // The ID of the export task. This is the ID returned by the CreateInstanceExportTask + // and ExportImage operations. // // ExportTaskId is a required field ExportTaskId *string `locationName:"exportTaskId" type:"string" required:"true"` @@ -63410,6 +65601,119 @@ func (s *CapacityAllocation) SetCount(v int64) *CapacityAllocation { return s } +// The recommended Capacity Block that fits your search requirements. +type CapacityBlockOffering struct { + _ struct{} `type:"structure"` + + // The Availability Zone of the Capacity Block offering. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The amount of time of the Capacity Block reservation in hours. + CapacityBlockDurationHours *int64 `locationName:"capacityBlockDurationHours" type:"integer"` + + // The ID of the Capacity Block offering. + CapacityBlockOfferingId *string `locationName:"capacityBlockOfferingId" type:"string"` + + // The currency of the payment for the Capacity Block. + CurrencyCode *string `locationName:"currencyCode" type:"string"` + + // The end date of the Capacity Block offering. + EndDate *time.Time `locationName:"endDate" type:"timestamp"` + + // The number of instances in the Capacity Block offering. + InstanceCount *int64 `locationName:"instanceCount" type:"integer"` + + // The instance type of the Capacity Block offering. + InstanceType *string `locationName:"instanceType" type:"string"` + + // The start date of the Capacity Block offering. + StartDate *time.Time `locationName:"startDate" type:"timestamp"` + + // The tenancy of the Capacity Block. + Tenancy *string `locationName:"tenancy" type:"string" enum:"CapacityReservationTenancy"` + + // The total price to be paid up front. + UpfrontFee *string `locationName:"upfrontFee" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CapacityBlockOffering) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CapacityBlockOffering) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *CapacityBlockOffering) SetAvailabilityZone(v string) *CapacityBlockOffering { + s.AvailabilityZone = &v + return s +} + +// SetCapacityBlockDurationHours sets the CapacityBlockDurationHours field's value. +func (s *CapacityBlockOffering) SetCapacityBlockDurationHours(v int64) *CapacityBlockOffering { + s.CapacityBlockDurationHours = &v + return s +} + +// SetCapacityBlockOfferingId sets the CapacityBlockOfferingId field's value. +func (s *CapacityBlockOffering) SetCapacityBlockOfferingId(v string) *CapacityBlockOffering { + s.CapacityBlockOfferingId = &v + return s +} + +// SetCurrencyCode sets the CurrencyCode field's value. +func (s *CapacityBlockOffering) SetCurrencyCode(v string) *CapacityBlockOffering { + s.CurrencyCode = &v + return s +} + +// SetEndDate sets the EndDate field's value. +func (s *CapacityBlockOffering) SetEndDate(v time.Time) *CapacityBlockOffering { + s.EndDate = &v + return s +} + +// SetInstanceCount sets the InstanceCount field's value. +func (s *CapacityBlockOffering) SetInstanceCount(v int64) *CapacityBlockOffering { + s.InstanceCount = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *CapacityBlockOffering) SetInstanceType(v string) *CapacityBlockOffering { + s.InstanceType = &v + return s +} + +// SetStartDate sets the StartDate field's value. +func (s *CapacityBlockOffering) SetStartDate(v time.Time) *CapacityBlockOffering { + s.StartDate = &v + return s +} + +// SetTenancy sets the Tenancy field's value. +func (s *CapacityBlockOffering) SetTenancy(v string) *CapacityBlockOffering { + s.Tenancy = &v + return s +} + +// SetUpfrontFee sets the UpfrontFee field's value. +func (s *CapacityBlockOffering) SetUpfrontFee(v string) *CapacityBlockOffering { + s.UpfrontFee = &v + return s +} + // Describes a Capacity Reservation. type CapacityReservation struct { _ struct{} `type:"structure"` @@ -63501,6 +65805,9 @@ type CapacityReservation struct { // in the Amazon EC2 User Guide. PlacementGroupArn *string `locationName:"placementGroupArn" type:"string"` + // The type of Capacity Reservation. + ReservationType *string `locationName:"reservationType" type:"string" enum:"CapacityReservationType"` + // The date and time at which the Capacity Reservation was started. StartDate *time.Time `locationName:"startDate" type:"timestamp"` @@ -63669,6 +65976,12 @@ func (s *CapacityReservation) SetPlacementGroupArn(v string) *CapacityReservatio return s } +// SetReservationType sets the ReservationType field's value. +func (s *CapacityReservation) SetReservationType(v string) *CapacityReservation { + s.ReservationType = &v + return s +} + // SetStartDate sets the StartDate field's value. func (s *CapacityReservation) SetStartDate(v time.Time) *CapacityReservation { s.StartDate = &v @@ -64502,6 +66815,8 @@ func (s *CidrBlock) SetCidrBlock(v string) *CidrBlock { return s } +// Deprecated. +// // Describes the ClassicLink DNS support status of a VPC. type ClassicLinkDnsSupport struct { _ struct{} `type:"structure"` @@ -64543,15 +66858,13 @@ func (s *ClassicLinkDnsSupport) SetVpcId(v string) *ClassicLinkDnsSupport { return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Deprecated. // // Describes a linked EC2-Classic instance. type ClassicLinkInstance struct { _ struct{} `type:"structure"` - // A list of security groups. + // The security groups. Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The ID of the instance. @@ -66394,6 +68707,242 @@ func (s *ConnectionNotification) SetVpcEndpointId(v string) *ConnectionNotificat return s } +// A security group connection tracking configuration that enables you to set +// the idle timeout for connection tracking on an Elastic network interface. +// For more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) +// in the Amazon Elastic Compute Cloud User Guide. +type ConnectionTrackingConfiguration struct { + _ struct{} `type:"structure"` + + // Timeout (in seconds) for idle TCP connections in an established state. Min: + // 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: + // Less than 432000 seconds. + TcpEstablishedTimeout *int64 `locationName:"tcpEstablishedTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows classified as streams which have + // seen more than one request-response transaction. Min: 60 seconds. Max: 180 + // seconds (3 minutes). Default: 180 seconds. + UdpStreamTimeout *int64 `locationName:"udpStreamTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows that have seen traffic only in a + // single direction or a single request-response transaction. Min: 30 seconds. + // Max: 60 seconds. Default: 30 seconds. + UdpTimeout *int64 `locationName:"udpTimeout" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingConfiguration) GoString() string { + return s.String() +} + +// SetTcpEstablishedTimeout sets the TcpEstablishedTimeout field's value. +func (s *ConnectionTrackingConfiguration) SetTcpEstablishedTimeout(v int64) *ConnectionTrackingConfiguration { + s.TcpEstablishedTimeout = &v + return s +} + +// SetUdpStreamTimeout sets the UdpStreamTimeout field's value. +func (s *ConnectionTrackingConfiguration) SetUdpStreamTimeout(v int64) *ConnectionTrackingConfiguration { + s.UdpStreamTimeout = &v + return s +} + +// SetUdpTimeout sets the UdpTimeout field's value. +func (s *ConnectionTrackingConfiguration) SetUdpTimeout(v int64) *ConnectionTrackingConfiguration { + s.UdpTimeout = &v + return s +} + +// A security group connection tracking specification that enables you to set +// the idle timeout for connection tracking on an Elastic network interface. +// For more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) +// in the Amazon Elastic Compute Cloud User Guide. +type ConnectionTrackingSpecification struct { + _ struct{} `type:"structure"` + + // Timeout (in seconds) for idle TCP connections in an established state. Min: + // 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: + // Less than 432000 seconds. + TcpEstablishedTimeout *int64 `locationName:"tcpEstablishedTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows classified as streams which have + // seen more than one request-response transaction. Min: 60 seconds. Max: 180 + // seconds (3 minutes). Default: 180 seconds. + UdpStreamTimeout *int64 `locationName:"udpStreamTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows that have seen traffic only in a + // single direction or a single request-response transaction. Min: 30 seconds. + // Max: 60 seconds. Default: 30 seconds. + UdpTimeout *int64 `locationName:"udpTimeout" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecification) GoString() string { + return s.String() +} + +// SetTcpEstablishedTimeout sets the TcpEstablishedTimeout field's value. +func (s *ConnectionTrackingSpecification) SetTcpEstablishedTimeout(v int64) *ConnectionTrackingSpecification { + s.TcpEstablishedTimeout = &v + return s +} + +// SetUdpStreamTimeout sets the UdpStreamTimeout field's value. +func (s *ConnectionTrackingSpecification) SetUdpStreamTimeout(v int64) *ConnectionTrackingSpecification { + s.UdpStreamTimeout = &v + return s +} + +// SetUdpTimeout sets the UdpTimeout field's value. +func (s *ConnectionTrackingSpecification) SetUdpTimeout(v int64) *ConnectionTrackingSpecification { + s.UdpTimeout = &v + return s +} + +// A security group connection tracking specification request that enables you +// to set the idle timeout for connection tracking on an Elastic network interface. +// For more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) +// in the Amazon Elastic Compute Cloud User Guide. +type ConnectionTrackingSpecificationRequest struct { + _ struct{} `type:"structure"` + + // Timeout (in seconds) for idle TCP connections in an established state. Min: + // 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: + // Less than 432000 seconds. + TcpEstablishedTimeout *int64 `type:"integer"` + + // Timeout (in seconds) for idle UDP flows classified as streams which have + // seen more than one request-response transaction. Min: 60 seconds. Max: 180 + // seconds (3 minutes). Default: 180 seconds. + UdpStreamTimeout *int64 `type:"integer"` + + // Timeout (in seconds) for idle UDP flows that have seen traffic only in a + // single direction or a single request-response transaction. Min: 30 seconds. + // Max: 60 seconds. Default: 30 seconds. + UdpTimeout *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecificationRequest) GoString() string { + return s.String() +} + +// SetTcpEstablishedTimeout sets the TcpEstablishedTimeout field's value. +func (s *ConnectionTrackingSpecificationRequest) SetTcpEstablishedTimeout(v int64) *ConnectionTrackingSpecificationRequest { + s.TcpEstablishedTimeout = &v + return s +} + +// SetUdpStreamTimeout sets the UdpStreamTimeout field's value. +func (s *ConnectionTrackingSpecificationRequest) SetUdpStreamTimeout(v int64) *ConnectionTrackingSpecificationRequest { + s.UdpStreamTimeout = &v + return s +} + +// SetUdpTimeout sets the UdpTimeout field's value. +func (s *ConnectionTrackingSpecificationRequest) SetUdpTimeout(v int64) *ConnectionTrackingSpecificationRequest { + s.UdpTimeout = &v + return s +} + +// A security group connection tracking specification response that enables +// you to set the idle timeout for connection tracking on an Elastic network +// interface. For more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) +// in the Amazon Elastic Compute Cloud User Guide. +type ConnectionTrackingSpecificationResponse struct { + _ struct{} `type:"structure"` + + // Timeout (in seconds) for idle TCP connections in an established state. Min: + // 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: + // Less than 432000 seconds. + TcpEstablishedTimeout *int64 `locationName:"tcpEstablishedTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows classified as streams which have + // seen more than one request-response transaction. Min: 60 seconds. Max: 180 + // seconds (3 minutes). Default: 180 seconds. + UdpStreamTimeout *int64 `locationName:"udpStreamTimeout" type:"integer"` + + // Timeout (in seconds) for idle UDP flows that have seen traffic only in a + // single direction or a single request-response transaction. Min: 30 seconds. + // Max: 60 seconds. Default: 30 seconds. + UdpTimeout *int64 `locationName:"udpTimeout" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecificationResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectionTrackingSpecificationResponse) GoString() string { + return s.String() +} + +// SetTcpEstablishedTimeout sets the TcpEstablishedTimeout field's value. +func (s *ConnectionTrackingSpecificationResponse) SetTcpEstablishedTimeout(v int64) *ConnectionTrackingSpecificationResponse { + s.TcpEstablishedTimeout = &v + return s +} + +// SetUdpStreamTimeout sets the UdpStreamTimeout field's value. +func (s *ConnectionTrackingSpecificationResponse) SetUdpStreamTimeout(v int64) *ConnectionTrackingSpecificationResponse { + s.UdpStreamTimeout = &v + return s +} + +// SetUdpTimeout sets the UdpTimeout field's value. +func (s *ConnectionTrackingSpecificationResponse) SetUdpTimeout(v int64) *ConnectionTrackingSpecificationResponse { + s.UdpTimeout = &v + return s +} + // Describes a conversion task. type ConversionTask struct { _ struct{} `type:"structure"` @@ -69140,7 +71689,7 @@ type CreateFleetInput struct { SpotOptions *SpotOptionsRequest `type:"structure"` // The key-value pair for tagging the EC2 Fleet request on creation. For more - // information, see Tagging your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + // information, see Tag your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). // // If the fleet type is instant, specify a resource type of fleet to tag the // fleet or instance to tag the instances at launch. @@ -69498,9 +72047,7 @@ type CreateFlowLogsInput struct { // in the Amazon VPC User Guide or Transit Gateway Flow Log records (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-flow-logs.html#flow-log-records) // in the Amazon Web Services Transit Gateway Guide. // - // Specify the fields using the ${field-id} format, separated by spaces. For - // the CLI, surround this parameter value with single quotes on Linux or double - // quotes on Windows. + // Specify the fields using the ${field-id} format, separated by spaces. LogFormat *string `type:"string"` // The name of a new or existing CloudWatch Logs log group where Amazon EC2 @@ -69860,9 +72407,22 @@ func (s *CreateFpgaImageOutput) SetFpgaImageId(v string) *CreateFpgaImageOutput type CreateImageInput struct { _ struct{} `type:"structure"` - // The block device mappings. This parameter cannot be used to modify the encryption - // status of existing volumes or snapshots. To create an AMI with encrypted - // snapshots, use the CopyImage action. + // The block device mappings. + // + // When using the CreateImage action: + // + // * You can't change the volume size using the VolumeSize parameter. If + // you want a different volume size, you must first change the volume size + // of the source instance. + // + // * You can't modify the encryption status of existing volumes or snapshots. + // To create an AMI with volumes or snapshots that have a different encryption + // status (for example, where the source volume and snapshots are unencrypted, + // and you want to create an AMI with encrypted volumes or snapshots), use + // the CopyImage action. + // + // * The only option that can be changed for existing mappings or snapshots + // is DeleteOnTermination. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // A description for the new image. @@ -69888,17 +72448,20 @@ type CreateImageInput struct { // Name is a required field Name *string `locationName:"name" type:"string" required:"true"` - // By default, when Amazon EC2 creates the new AMI, it reboots the instance - // so that it can take snapshots of the attached volumes while data is at rest, - // in order to ensure a consistent state. You can set the NoReboot parameter - // to true in the API request, or use the --no-reboot option in the CLI to prevent - // Amazon EC2 from shutting down and rebooting the instance. + // Indicates whether or not the instance should be automatically rebooted before + // creating the image. Specify one of the following values: + // + // * true - The instance is not rebooted before creating the image. This + // creates crash-consistent snapshots that include only the data that has + // been written to the volumes at the time the snapshots are created. Buffered + // data and data in memory that has not yet been written to the volumes is + // not included in the snapshots. // - // If you choose to bypass the shutdown and reboot process by setting the NoReboot - // parameter to true in the API request, or by using the --no-reboot option - // in the CLI, we can't guarantee the file system integrity of the created image. + // * false - The instance is rebooted before creating the image. This ensures + // that all buffered data and data in memory is written to the volumes before + // the snapshots are created. // - // Default: false (follow standard reboot process) + // Default: false NoReboot *bool `locationName:"noReboot" type:"boolean"` // The tags to apply to the AMI and snapshots on creation. You can tag the AMI, @@ -70521,6 +73084,11 @@ type CreateIpamInput struct { // to find all resources that have a tag with the key Owner and the value TeamA, // specify tag:Owner for the filter name and TeamA for the filter value. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // IPAM is offered in a Free Tier and an Advanced Tier. For more information + // about the features available in each tier and the costs associated with the + // tiers, see Amazon VPC pricing > IPAM tab (http://aws.amazon.com/vpc/pricing/). + Tier *string `type:"string" enum:"IpamTier"` } // String returns the string representation. @@ -70571,6 +73139,12 @@ func (s *CreateIpamInput) SetTagSpecifications(v []*TagSpecification) *CreateIpa return s } +// SetTier sets the Tier field's value. +func (s *CreateIpamInput) SetTier(v string) *CreateIpamInput { + s.Tier = &v + return s +} + type CreateIpamOutput struct { _ struct{} `type:"structure"` @@ -70700,6 +73274,9 @@ type CreateIpamPoolInput struct { // pool must be available in the source pool's CIDR range. SourceIpamPoolId *string `type:"string"` + // The resource used to provision CIDRs to a resource planning pool. + SourceResource *IpamPoolSourceResourceRequest `type:"structure"` + // The key/value combination of a tag assigned to the resource. Use the tag // key in the filter name and the tag value as the filter value. For example, // to find all resources that have a tag with the key Owner and the value TeamA, @@ -70831,6 +73408,12 @@ func (s *CreateIpamPoolInput) SetSourceIpamPoolId(v string) *CreateIpamPoolInput return s } +// SetSourceResource sets the SourceResource field's value. +func (s *CreateIpamPoolInput) SetSourceResource(v *IpamPoolSourceResourceRequest) *CreateIpamPoolInput { + s.SourceResource = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateIpamPoolInput) SetTagSpecifications(v []*TagSpecification) *CreateIpamPoolInput { s.TagSpecifications = v @@ -72248,20 +74831,20 @@ type CreateNatGatewayInput struct { // an address, a private IPv4 address will be automatically assigned. PrivateIpAddress *string `type:"string"` - // Secondary EIP allocation IDs. For more information about secondary addresses, - // see Create a NAT gateway (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) - // in the Amazon Virtual Private Cloud User Guide. + // Secondary EIP allocation IDs. For more information, see Create a NAT gateway + // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) + // in the Amazon VPC User Guide. SecondaryAllocationIds []*string `locationName:"SecondaryAllocationId" locationNameList:"AllocationId" type:"list"` // [Private NAT gateway only] The number of secondary private IPv4 addresses // you want to assign to the NAT gateway. For more information about secondary // addresses, see Create a NAT gateway (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) - // in the Amazon Virtual Private Cloud User Guide. + // in the Amazon VPC User Guide. SecondaryPrivateIpAddressCount *int64 `min:"1" type:"integer"` // Secondary private IPv4 addresses. For more information about secondary addresses, // see Create a NAT gateway (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) - // in the Amazon Virtual Private Cloud User Guide. + // in the Amazon VPC User Guide. SecondaryPrivateIpAddresses []*string `locationName:"SecondaryPrivateIpAddress" locationNameList:"item" type:"list"` // The ID of the subnet in which to create the NAT gateway. @@ -72993,6 +75576,9 @@ type CreateNetworkInterfaceInput struct { // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` + // A connection tracking specification for the network interface. + ConnectionTrackingSpecification *ConnectionTrackingSpecificationRequest `type:"structure"` + // A description for the network interface. Description *string `locationName:"description" type:"string"` @@ -73002,6 +75588,21 @@ type CreateNetworkInterfaceInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // If you’re creating a network interface in a dual-stack or IPv6-only subnet, + // you have the option to assign a primary IPv6 IP address. A primary IPv6 address + // is an IPv6 GUA address associated with an ENI that you have enabled to use + // a primary IPv6 address. Use this option if the instance that this ENI will + // be attached to relies on its IPv6 address not changing. Amazon Web Services + // will automatically assign an IPv6 address associated with the ENI attached + // to your instance to be the primary IPv6 address. Once you enable an IPv6 + // GUA address to be a primary IPv6, you cannot disable it. When you enable + // an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made + // the primary IPv6 address until the instance is terminated or the network + // interface is detached. If you have multiple IPv6 addresses associated with + // an ENI attached to your instance and you enable a primary IPv6 address, the + // first IPv6 GUA address associated with the ENI becomes the primary IPv6 address. + EnablePrimaryIpv6 *bool `type:"boolean"` + // The IDs of one or more security groups. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` @@ -73127,6 +75728,12 @@ func (s *CreateNetworkInterfaceInput) SetClientToken(v string) *CreateNetworkInt return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *CreateNetworkInterfaceInput) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecificationRequest) *CreateNetworkInterfaceInput { + s.ConnectionTrackingSpecification = v + return s +} + // SetDescription sets the Description field's value. func (s *CreateNetworkInterfaceInput) SetDescription(v string) *CreateNetworkInterfaceInput { s.Description = &v @@ -73139,6 +75746,12 @@ func (s *CreateNetworkInterfaceInput) SetDryRun(v bool) *CreateNetworkInterfaceI return s } +// SetEnablePrimaryIpv6 sets the EnablePrimaryIpv6 field's value. +func (s *CreateNetworkInterfaceInput) SetEnablePrimaryIpv6(v bool) *CreateNetworkInterfaceInput { + s.EnablePrimaryIpv6 = &v + return s +} + // SetGroups sets the Groups field's value. func (s *CreateNetworkInterfaceInput) SetGroups(v []*string) *CreateNetworkInterfaceInput { s.Groups = v @@ -74311,9 +76924,7 @@ type CreateSecurityGroupInput struct { // // Constraints: Up to 255 characters in length // - // Constraints for EC2-Classic: ASCII characters - // - // Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + // Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* // // Description is a required field Description *string `locationName:"GroupDescription" type:"string" required:"true"` @@ -74328,9 +76939,7 @@ type CreateSecurityGroupInput struct { // // Constraints: Up to 255 characters in length. Cannot start with sg-. // - // Constraints for EC2-Classic: ASCII characters - // - // Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + // Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* // // GroupName is a required field GroupName *string `type:"string" required:"true"` @@ -74338,7 +76947,7 @@ type CreateSecurityGroupInput struct { // The tags to assign to the security group. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` - // [EC2-VPC] The ID of the VPC. Required for EC2-VPC. + // The ID of the VPC. Required for a nondefault VPC. VpcId *string `type:"string"` } @@ -74928,18 +77537,13 @@ type CreateSubnetCidrReservationInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The type of reservation. - // - // The following are valid values: + // The type of reservation. The reservation type determines how the reserved + // IP addresses are assigned to resources. // - // * prefix: The Amazon EC2 Prefix Delegation feature assigns the IP addresses - // to network interfaces that are associated with an instance. For information - // about Prefix Delegation, see Prefix Delegation for Amazon EC2 network - // interfaces (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-delegation.html) - // in the Amazon Elastic Compute Cloud User Guide. + // * prefix - Amazon Web Services assigns the reserved IP addresses to network + // interfaces. // - // * explicit: You manually assign the IP addresses to resources that reside - // in your subnet. + // * explicit - You assign the reserved IP addresses to network interfaces. // // ReservationType is a required field ReservationType *string `type:"string" required:"true" enum:"SubnetCidrReservationType"` @@ -75068,8 +77672,7 @@ type CreateSubnetInput struct { // // To create a subnet in a Local Zone, set this value to the Local Zone ID, // for example us-west-2-lax-1a. For information about the Regions that support - // Local Zones, see Available Regions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) - // in the Amazon Elastic Compute Cloud User Guide. + // Local Zones, see Local Zones locations (http://aws.amazon.com/about-aws/global-infrastructure/localzones/locations/). // // To create a subnet in an Outpost, set this value to the Availability Zone // for the Outpost and specify the Outpost ARN. @@ -75091,15 +77694,25 @@ type CreateSubnetInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The IPv6 network range for the subnet, in CIDR notation. The subnet size - // must use a /64 prefix length. - // - // This parameter is required for an IPv6 only subnet. + // An IPv4 IPAM pool ID for the subnet. + Ipv4IpamPoolId *string `type:"string"` + + // An IPv4 netmask length for the subnet. + Ipv4NetmaskLength *int64 `type:"integer"` + + // The IPv6 network range for the subnet, in CIDR notation. This parameter is + // required for an IPv6 only subnet. Ipv6CidrBlock *string `type:"string"` + // An IPv6 IPAM pool ID for the subnet. + Ipv6IpamPoolId *string `type:"string"` + // Indicates whether to create an IPv6 only subnet. Ipv6Native *bool `type:"boolean"` + // An IPv6 netmask length for the subnet. + Ipv6NetmaskLength *int64 `type:"integer"` + // The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost // ARN, you must also specify the Availability Zone of the Outpost subnet. OutpostArn *string `type:"string"` @@ -75168,18 +77781,42 @@ func (s *CreateSubnetInput) SetDryRun(v bool) *CreateSubnetInput { return s } +// SetIpv4IpamPoolId sets the Ipv4IpamPoolId field's value. +func (s *CreateSubnetInput) SetIpv4IpamPoolId(v string) *CreateSubnetInput { + s.Ipv4IpamPoolId = &v + return s +} + +// SetIpv4NetmaskLength sets the Ipv4NetmaskLength field's value. +func (s *CreateSubnetInput) SetIpv4NetmaskLength(v int64) *CreateSubnetInput { + s.Ipv4NetmaskLength = &v + return s +} + // SetIpv6CidrBlock sets the Ipv6CidrBlock field's value. func (s *CreateSubnetInput) SetIpv6CidrBlock(v string) *CreateSubnetInput { s.Ipv6CidrBlock = &v return s } +// SetIpv6IpamPoolId sets the Ipv6IpamPoolId field's value. +func (s *CreateSubnetInput) SetIpv6IpamPoolId(v string) *CreateSubnetInput { + s.Ipv6IpamPoolId = &v + return s +} + // SetIpv6Native sets the Ipv6Native field's value. func (s *CreateSubnetInput) SetIpv6Native(v bool) *CreateSubnetInput { s.Ipv6Native = &v return s } +// SetIpv6NetmaskLength sets the Ipv6NetmaskLength field's value. +func (s *CreateSubnetInput) SetIpv6NetmaskLength(v int64) *CreateSubnetInput { + s.Ipv6NetmaskLength = &v + return s +} + // SetOutpostArn sets the OutpostArn field's value. func (s *CreateSubnetInput) SetOutpostArn(v string) *CreateSubnetInput { s.OutpostArn = &v @@ -75680,6 +78317,10 @@ type CreateTrafficMirrorSessionInput struct { // // If you do not want to mirror the entire packet, use the PacketLength parameter // to specify the number of bytes in each packet to mirror. + // + // For sessions with Network Load Balancer (NLB) Traffic Mirror targets the + // default PacketLength will be set to 8500. Valid values are 1-8500. Setting + // a PacketLength greater than 8500 will result in an error response. PacketLength *int64 `type:"integer"` // The session number determines the order in which sessions are evaluated when @@ -77438,6 +80079,24 @@ type CreateTransitGatewayVpcAttachmentRequestOptions struct { // Enable or disable IPv6 support. The default is disable. Ipv6Support *string `type:"string" enum:"Ipv6SupportValue"` + + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // If you don't enable or disable SecurityGroupReferencingSupport in the request, + // the attachment will inherit the security group referencing support setting + // on the transit gateway. + // + // For important information about this feature, see Create a transit gateway + // attachment to a VPC (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `type:"string" enum:"SecurityGroupReferencingSupportValue"` } // String returns the string representation. @@ -77476,6 +80135,12 @@ func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetSecurityGroupReferencingSupport(v string) *CreateTransitGatewayVpcAttachmentRequestOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // Describes the network interface options when creating an Amazon Web Services // Verified Access endpoint using the network-interface type. type CreateVerifiedAccessEndpointEniOptions struct { @@ -77597,8 +80262,12 @@ type CreateVerifiedAccessEndpointInput struct { PolicyDocument *string `type:"string"` // The IDs of the security groups to associate with the Verified Access endpoint. + // Required if AttachmentType is set to vpc. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + // The tags to assign to the Verified Access endpoint. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` @@ -77736,6 +80405,12 @@ func (s *CreateVerifiedAccessEndpointInput) SetSecurityGroupIds(v []*string) *Cr return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *CreateVerifiedAccessEndpointInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *CreateVerifiedAccessEndpointInput { + s.SseSpecification = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVerifiedAccessEndpointInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessEndpointInput { s.TagSpecifications = v @@ -77824,7 +80499,7 @@ func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*stri type CreateVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access endpoint. + // Details about the Verified Access endpoint. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -77872,6 +80547,9 @@ type CreateVerifiedAccessGroupInput struct { // The Verified Access policy document. PolicyDocument *string `type:"string"` + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + // The tags to assign to the Verified Access group. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` @@ -77936,6 +80614,12 @@ func (s *CreateVerifiedAccessGroupInput) SetPolicyDocument(v string) *CreateVeri return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *CreateVerifiedAccessGroupInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *CreateVerifiedAccessGroupInput { + s.SseSpecification = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVerifiedAccessGroupInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessGroupInput { s.TagSpecifications = v @@ -77951,7 +80635,7 @@ func (s *CreateVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) * type CreateVerifiedAccessGroupOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access group. + // Details about the Verified Access group. VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` } @@ -77996,6 +80680,10 @@ type CreateVerifiedAccessInstanceInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // Enable or disable support for Federal Information Processing Standards (FIPS) + // on the instance. + FIPSEnabled *bool `type:"boolean"` + // The tags to assign to the Verified Access instance. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } @@ -78036,6 +80724,12 @@ func (s *CreateVerifiedAccessInstanceInput) SetDryRun(v bool) *CreateVerifiedAcc return s } +// SetFIPSEnabled sets the FIPSEnabled field's value. +func (s *CreateVerifiedAccessInstanceInput) SetFIPSEnabled(v bool) *CreateVerifiedAccessInstanceInput { + s.FIPSEnabled = &v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVerifiedAccessInstanceInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessInstanceInput { s.TagSpecifications = v @@ -78045,7 +80739,7 @@ func (s *CreateVerifiedAccessInstanceInput) SetTagSpecifications(v []*TagSpecifi type CreateVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -78078,6 +80772,10 @@ func (s *CreateVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *Verifi type CreateVerifiedAccessTrustProviderDeviceOptions struct { _ struct{} `type:"structure"` + // The URL Amazon Web Services Verified Access will use to verify the authenticity + // of the device tokens. + PublicSigningKeyUrl *string `type:"string"` + // The ID of the tenant application with the device-identity provider. TenantId *string `type:"string"` } @@ -78100,6 +80798,12 @@ func (s CreateVerifiedAccessTrustProviderDeviceOptions) GoString() string { return s.String() } +// SetPublicSigningKeyUrl sets the PublicSigningKeyUrl field's value. +func (s *CreateVerifiedAccessTrustProviderDeviceOptions) SetPublicSigningKeyUrl(v string) *CreateVerifiedAccessTrustProviderDeviceOptions { + s.PublicSigningKeyUrl = &v + return s +} + // SetTenantId sets the TenantId field's value. func (s *CreateVerifiedAccessTrustProviderDeviceOptions) SetTenantId(v string) *CreateVerifiedAccessTrustProviderDeviceOptions { s.TenantId = &v @@ -78140,6 +80844,9 @@ type CreateVerifiedAccessTrustProviderInput struct { // PolicyReferenceName is a required field PolicyReferenceName *string `type:"string" required:"true"` + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + // The tags to assign to the Verified Access trust provider. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` @@ -78229,6 +80936,12 @@ func (s *CreateVerifiedAccessTrustProviderInput) SetPolicyReferenceName(v string return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *CreateVerifiedAccessTrustProviderInput { + s.SseSpecification = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateVerifiedAccessTrustProviderInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessTrustProviderInput { s.TagSpecifications = v @@ -78343,7 +81056,7 @@ func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetUserInfoEndpoint(v str type CreateVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -78374,7 +81087,8 @@ func (s *CreateVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider type CreateVolumeInput struct { _ struct{} `type:"structure"` - // The Availability Zone in which to create the volume. + // The ID of the Availability Zone in which to create the volume. For example, + // us-east-1a. // // AvailabilityZone is a required field AvailabilityZone *string `type:"string" required:"true"` @@ -78406,15 +81120,15 @@ type CreateVolumeInput struct { // // The following are the supported values for each volume type: // - // * gp3: 3,000-16,000 IOPS + // * gp3: 3,000 - 16,000 IOPS // - // * io1: 100-64,000 IOPS + // * io1: 100 - 64,000 IOPS // - // * io2: 100-64,000 IOPS + // * io2: 100 - 256,000 IOPS // - // io1 and io2 volumes support up to 64,000 IOPS only on Instances built on + // For io2 volumes, you can achieve up to 256,000 IOPS on instances built on // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families support performance up to 32,000 IOPS. + // On other instances, you can achieve performance up to 32,000 IOPS. // // This parameter is required for io1 and io2 volumes. The default for gp3 volumes // is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard @@ -78458,13 +81172,15 @@ type CreateVolumeInput struct { // // The following are the supported volumes sizes for each volume type: // - // * gp2 and gp3: 1-16,384 + // * gp2 and gp3: 1 - 16,384 GiB // - // * io1 and io2: 4-16,384 + // * io1: 4 - 16,384 GiB // - // * st1 and sc1: 125-16,384 + // * io2: 4 - 65,536 GiB // - // * standard: 1-1,024 + // * st1 and sc1: 125 - 16,384 GiB + // + // * standard: 1 - 1024 GiB Size *int64 `type:"integer"` // The snapshot from which to create the volume. You must specify either a snapshot @@ -78881,17 +81597,20 @@ type CreateVpcEndpointInput struct { RouteTableIds []*string `locationName:"RouteTableId" locationNameList:"item" type:"list"` // (Interface endpoint) The IDs of the security groups to associate with the - // endpoint network interface. If this parameter is not specified, we use the + // endpoint network interfaces. If this parameter is not specified, we use the // default security group for the VPC. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` - // The service name. + // The name of the endpoint service. // // ServiceName is a required field ServiceName *string `type:"string" required:"true"` + // The subnet configurations for the endpoint. + SubnetConfigurations []*SubnetConfiguration `locationName:"SubnetConfiguration" locationNameList:"item" type:"list"` + // (Interface and Gateway Load Balancer endpoints) The IDs of the subnets in - // which to create an endpoint network interface. For a Gateway Load Balancer + // which to create endpoint network interfaces. For a Gateway Load Balancer // endpoint, you can specify only one subnet. SubnetIds []*string `locationName:"SubnetId" locationNameList:"item" type:"list"` @@ -78903,7 +81622,7 @@ type CreateVpcEndpointInput struct { // Default: Gateway VpcEndpointType *string `type:"string" enum:"VpcEndpointType"` - // The ID of the VPC for the endpoint. + // The ID of the VPC. // // VpcId is a required field VpcId *string `type:"string" required:"true"` @@ -78997,6 +81716,12 @@ func (s *CreateVpcEndpointInput) SetServiceName(v string) *CreateVpcEndpointInpu return s } +// SetSubnetConfigurations sets the SubnetConfigurations field's value. +func (s *CreateVpcEndpointInput) SetSubnetConfigurations(v []*SubnetConfiguration) *CreateVpcEndpointInput { + s.SubnetConfigurations = v + return s +} + // SetSubnetIds sets the SubnetIds field's value. func (s *CreateVpcEndpointInput) SetSubnetIds(v []*string) *CreateVpcEndpointInput { s.SubnetIds = v @@ -81781,6 +84506,14 @@ func (s *DeleteIpamOutput) SetIpam(v *Ipam) *DeleteIpamOutput { type DeleteIpamPoolInput struct { _ struct{} `type:"structure"` + // Enables you to quickly delete an IPAM pool and all resources within that + // pool, including provisioned CIDRs, allocations, and other pools. + // + // You can only use this option to delete pools in the private scope or pools + // in the public scope with a source resource. A source resource is a resource + // used to provision CIDRs to a resource planning pool. + Cascade *bool `type:"boolean"` + // A check for whether you have the required permissions for the action without // actually making the request and provides an error response. If you have the // required permissions, the error response is DryRunOperation. Otherwise, it @@ -81824,6 +84557,12 @@ func (s *DeleteIpamPoolInput) Validate() error { return nil } +// SetCascade sets the Cascade field's value. +func (s *DeleteIpamPoolInput) SetCascade(v bool) *DeleteIpamPoolInput { + s.Cascade = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *DeleteIpamPoolInput) SetDryRun(v bool) *DeleteIpamPoolInput { s.DryRun = &v @@ -82099,6 +84838,12 @@ func (s *DeleteKeyPairInput) SetKeyPairId(v string) *DeleteKeyPairInput { type DeleteKeyPairOutput struct { _ struct{} `type:"structure"` + + // The ID of the key pair. + KeyPairId *string `locationName:"keyPairId" type:"string"` + + // Is true if the request succeeds, and an error otherwise. + Return *bool `locationName:"return" type:"boolean"` } // String returns the string representation. @@ -82119,6 +84864,18 @@ func (s DeleteKeyPairOutput) GoString() string { return s.String() } +// SetKeyPairId sets the KeyPairId field's value. +func (s *DeleteKeyPairOutput) SetKeyPairId(v string) *DeleteKeyPairOutput { + s.KeyPairId = &v + return s +} + +// SetReturn sets the Return field's value. +func (s *DeleteKeyPairOutput) SetReturn(v bool) *DeleteKeyPairOutput { + s.Return = &v + return s +} + type DeleteLaunchTemplateInput struct { _ struct{} `type:"structure"` @@ -82242,7 +84999,8 @@ type DeleteLaunchTemplateVersionsInput struct { // not both. LaunchTemplateName *string `min:"3" type:"string"` - // The version numbers of one or more launch template versions to delete. + // The version numbers of one or more launch template versions to delete. You + // can specify up to 200 launch template version numbers. // // Versions is a required field Versions []*string `locationName:"LaunchTemplateVersion" locationNameList:"item" type:"list" required:"true"` @@ -84244,12 +87002,12 @@ type DeleteSecurityGroupInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The ID of the security group. Required for a nondefault VPC. + // The ID of the security group. GroupId *string `type:"string"` - // [EC2-Classic, default VPC] The name of the security group. You can specify - // either the security group name or the security group ID. For security groups - // in a nondefault VPC, you must specify the security group ID. + // [Default VPC] The name of the security group. You can specify either the + // security group name or the security group ID. For security groups in a nondefault + // VPC, you must specify the security group ID. GroupName *string `type:"string"` } @@ -86154,7 +88912,7 @@ func (s *DeleteVerifiedAccessEndpointInput) SetVerifiedAccessEndpointId(v string type DeleteVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access endpoint. + // Details about the Verified Access endpoint. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -86254,7 +89012,7 @@ func (s *DeleteVerifiedAccessGroupInput) SetVerifiedAccessGroupId(v string) *Del type DeleteVerifiedAccessGroupOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access group. + // Details about the Verified Access group. VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` } @@ -86354,7 +89112,7 @@ func (s *DeleteVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string type DeleteVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -86454,7 +89212,7 @@ func (s *DeleteVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type DeleteVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -87333,6 +90091,109 @@ func (s *DeprovisionByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *DeprovisionByoi return s } +type DeprovisionIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // An ASN. + // + // Asn is a required field + Asn *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IPAM ID. + // + // IpamId is a required field + IpamId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeprovisionIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeprovisionIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeprovisionIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeprovisionIpamByoasnInput"} + if s.Asn == nil { + invalidParams.Add(request.NewErrParamRequired("Asn")) + } + if s.IpamId == nil { + invalidParams.Add(request.NewErrParamRequired("IpamId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsn sets the Asn field's value. +func (s *DeprovisionIpamByoasnInput) SetAsn(v string) *DeprovisionIpamByoasnInput { + s.Asn = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeprovisionIpamByoasnInput) SetDryRun(v bool) *DeprovisionIpamByoasnInput { + s.DryRun = &v + return s +} + +// SetIpamId sets the IpamId field's value. +func (s *DeprovisionIpamByoasnInput) SetIpamId(v string) *DeprovisionIpamByoasnInput { + s.IpamId = &v + return s +} + +type DeprovisionIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // An ASN and BYOIP CIDR association. + Byoasn *Byoasn `locationName:"byoasn" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeprovisionIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeprovisionIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetByoasn sets the Byoasn field's value. +func (s *DeprovisionIpamByoasnOutput) SetByoasn(v *Byoasn) *DeprovisionIpamByoasnOutput { + s.Byoasn = v + return s +} + type DeprovisionIpamPoolCidrInput struct { _ struct{} `type:"structure"` @@ -88918,6 +91779,174 @@ func (s *DescribeByoipCidrsOutput) SetNextToken(v string) *DescribeByoipCidrsOut return s } +type DescribeCapacityBlockOfferingsInput struct { + _ struct{} `type:"structure"` + + // The number of hours for which to reserve Capacity Block. + // + // CapacityDurationHours is a required field + CapacityDurationHours *int64 `type:"integer" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The latest end date for the Capacity Block offering. + EndDateRange *time.Time `type:"timestamp"` + + // The number of instances for which to reserve capacity. + // + // InstanceCount is a required field + InstanceCount *int64 `type:"integer" required:"true"` + + // The type of instance for which the Capacity Block offering reserves capacity. + // + // InstanceType is a required field + InstanceType *string `type:"string" required:"true"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + MaxResults *int64 `min:"1" type:"integer"` + + // The token to use to retrieve the next page of results. + NextToken *string `type:"string"` + + // The earliest start date for the Capacity Block offering. + StartDateRange *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCapacityBlockOfferingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCapacityBlockOfferingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeCapacityBlockOfferingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeCapacityBlockOfferingsInput"} + if s.CapacityDurationHours == nil { + invalidParams.Add(request.NewErrParamRequired("CapacityDurationHours")) + } + if s.InstanceCount == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceCount")) + } + if s.InstanceType == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceType")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCapacityDurationHours sets the CapacityDurationHours field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetCapacityDurationHours(v int64) *DescribeCapacityBlockOfferingsInput { + s.CapacityDurationHours = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetDryRun(v bool) *DescribeCapacityBlockOfferingsInput { + s.DryRun = &v + return s +} + +// SetEndDateRange sets the EndDateRange field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetEndDateRange(v time.Time) *DescribeCapacityBlockOfferingsInput { + s.EndDateRange = &v + return s +} + +// SetInstanceCount sets the InstanceCount field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetInstanceCount(v int64) *DescribeCapacityBlockOfferingsInput { + s.InstanceCount = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetInstanceType(v string) *DescribeCapacityBlockOfferingsInput { + s.InstanceType = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetMaxResults(v int64) *DescribeCapacityBlockOfferingsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetNextToken(v string) *DescribeCapacityBlockOfferingsInput { + s.NextToken = &v + return s +} + +// SetStartDateRange sets the StartDateRange field's value. +func (s *DescribeCapacityBlockOfferingsInput) SetStartDateRange(v time.Time) *DescribeCapacityBlockOfferingsInput { + s.StartDateRange = &v + return s +} + +type DescribeCapacityBlockOfferingsOutput struct { + _ struct{} `type:"structure"` + + // The recommended Capacity Block offering for the dates specified. + CapacityBlockOfferings []*CapacityBlockOffering `locationName:"capacityBlockOfferingSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCapacityBlockOfferingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCapacityBlockOfferingsOutput) GoString() string { + return s.String() +} + +// SetCapacityBlockOfferings sets the CapacityBlockOfferings field's value. +func (s *DescribeCapacityBlockOfferingsOutput) SetCapacityBlockOfferings(v []*CapacityBlockOffering) *DescribeCapacityBlockOfferingsOutput { + s.CapacityBlockOfferings = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeCapacityBlockOfferingsOutput) SetNextToken(v string) *DescribeCapacityBlockOfferingsOutput { + s.NextToken = &v + return s +} + type DescribeCapacityReservationFleetsInput struct { _ struct{} `type:"structure"` @@ -88944,10 +91973,9 @@ type DescribeCapacityReservationFleetsInput struct { // prioritized is supported. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // The maximum number of results to return for the request in a single page. - // The remaining results can be seen by sending another request with the returned - // nextToken value. This value can be between 5 and 500. If maxResults is given - // a larger value than 500, you receive an error. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"1" type:"integer"` // The token to use to retrieve the next page of results. @@ -89131,10 +92159,9 @@ type DescribeCapacityReservationsInput struct { // the Capacity Reservation was created. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // The maximum number of results to return for the request in a single page. - // The remaining results can be seen by sending another request with the returned - // nextToken value. This value can be between 5 and 500. If maxResults is given - // a larger value than 500, you receive an error. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"1" type:"integer"` // The token to use to retrieve the next page of results. @@ -89397,7 +92424,7 @@ type DescribeClassicLinkInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * group-id - The ID of a VPC security group that's associated with the // instance. @@ -89414,11 +92441,10 @@ type DescribeClassicLinkInstancesInput struct { // to find all resources assigned a tag with a specific key, regardless of // the tag value. // - // * vpc-id - The ID of the VPC to which the instance is linked. vpc-id - - // The ID of the VPC that the instance is linked to. + // * vpc-id - The ID of the VPC to which the instance is linked. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more instance IDs. Must be instances linked to a VPC through ClassicLink. + // The instance IDs. Must be instances linked to a VPC through ClassicLink. InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list"` // The maximum number of items to return for this request. To get the next page @@ -90553,7 +93579,7 @@ type DescribeDhcpOptionsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * dhcp-options-id - The ID of a DHCP options set. // @@ -90696,10 +93722,10 @@ type DescribeEgressOnlyInternetGatewaysInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more egress-only internet gateway IDs. + // The IDs of the egress-only internet gateways. EgressOnlyInternetGatewayIds []*string `locationName:"EgressOnlyInternetGatewayId" locationNameList:"item" type:"list"` - // One or more filters. + // The filters. // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -91184,15 +94210,12 @@ type DescribeFastLaunchImagesInput struct { // // * resource-type - The resource type for pre-provisioning. // - // * launch-template - The launch template that is associated with the pre-provisioned - // Windows AMI. - // // * owner-id - The owner ID for the pre-provisioning resource. // // * state - The current state of fast launching for the Windows AMI. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // Details for one or more Windows AMI image IDs. + // Specify one or more Windows AMI image IDs for the request. ImageIds []*string `locationName:"ImageId" locationNameList:"ImageId" type:"list"` // The maximum number of items to return for this request. To get the next page @@ -91295,43 +94318,41 @@ func (s *DescribeFastLaunchImagesOutput) SetNextToken(v string) *DescribeFastLau return s } -// Describe details about a fast-launch enabled Windows image that meets the -// requested criteria. Criteria are defined by the DescribeFastLaunchImages +// Describe details about a Windows image with Windows fast launch enabled that +// meets the requested criteria. Criteria are defined by the DescribeFastLaunchImages // action filters. type DescribeFastLaunchImagesSuccessItem struct { _ struct{} `type:"structure"` - // The image ID that identifies the fast-launch enabled Windows image. + // The image ID that identifies the Windows fast launch enabled image. ImageId *string `locationName:"imageId" type:"string"` - // The launch template that the fast-launch enabled Windows AMI uses when it + // The launch template that the Windows fast launch enabled AMI uses when it // launches Windows instances from pre-provisioned snapshots. LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` // The maximum number of instances that Amazon EC2 can launch at the same time - // to create pre-provisioned snapshots for Windows faster launching. + // to create pre-provisioned snapshots for Windows fast launch. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` - // The owner ID for the fast-launch enabled Windows AMI. + // The owner ID for the Windows fast launch enabled AMI. OwnerId *string `locationName:"ownerId" type:"string"` - // The resource type that is used for pre-provisioning the Windows AMI. Supported - // values include: snapshot. + // The resource type that Amazon EC2 uses for pre-provisioning the Windows AMI. + // Supported values include: snapshot. ResourceType *string `locationName:"resourceType" type:"string" enum:"FastLaunchResourceType"` // A group of parameters that are used for pre-provisioning the associated Windows // AMI using snapshots. SnapshotConfiguration *FastLaunchSnapshotConfigurationResponse `locationName:"snapshotConfiguration" type:"structure"` - // The current state of faster launching for the specified Windows AMI. + // The current state of Windows fast launch for the specified Windows AMI. State *string `locationName:"state" type:"string" enum:"FastLaunchStateCode"` - // The reason that faster launching for the Windows AMI changed to the current - // state. + // The reason that Windows fast launch for the AMI changed to the current state. StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` - // The time that faster launching for the Windows AMI changed to the current - // state. + // The time that Windows fast launch for the AMI changed to the current state. StateTransitionTime *time.Time `locationName:"stateTransitionTime" type:"timestamp"` } @@ -93568,7 +96589,8 @@ type DescribeImagesInput struct { // The filters. // - // * architecture - The image architecture (i386 | x86_64 | arm64). + // * architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac + // | arm64_mac). // // * block-device-mapping.delete-on-termination - A Boolean value that indicates // whether the Amazon EBS volume is deleted on instance termination. @@ -93633,6 +96655,10 @@ type DescribeImagesInput struct { // // * root-device-type - The type of the root device volume (ebs | instance-store). // + // * source-instance-id - The ID of the instance that the AMI was created + // from if the AMI was created using CreateImage. This filter is applicable + // only if the AMI was created using CreateImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html). + // // * state - The state of the image (available | pending | failed). // // * state-reason-code - The reason code for the state change. @@ -93668,6 +96694,11 @@ type DescribeImagesInput struct { // of what you specify for this parameter. IncludeDeprecated *bool `type:"boolean"` + // Specifies whether to include disabled AMIs. + // + // Default: No disabled AMIs are included in the response. + IncludeDisabled *bool `type:"boolean"` + // The maximum number of items to return for this request. To get the next page // of items, make another request with the token returned in the output. For // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). @@ -93732,6 +96763,12 @@ func (s *DescribeImagesInput) SetIncludeDeprecated(v bool) *DescribeImagesInput return s } +// SetIncludeDisabled sets the IncludeDisabled field's value. +func (s *DescribeImagesInput) SetIncludeDisabled(v bool) *DescribeImagesInput { + s.IncludeDisabled = &v + return s +} + // SetMaxResults sets the MaxResults field's value. func (s *DescribeImagesInput) SetMaxResults(v int64) *DescribeImagesInput { s.MaxResults = &v @@ -94964,6 +98001,164 @@ func (s *DescribeInstanceStatusOutput) SetNextToken(v string) *DescribeInstanceS return s } +type DescribeInstanceTopologyInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. + // + // * availability-zone - The name of the Availability Zone (for example, + // us-west-2a) or Local Zone (for example, us-west-2-lax-1b) that the instance + // is in. + // + // * instance-type - The instance type (for example, p4d.24xlarge) or instance + // family (for example, p4d*). You can use the * wildcard to match zero or + // more characters, or the ? wildcard to match zero or one character. + // + // * zone-id - The ID of the Availability Zone (for example, usw2-az2) or + // Local Zone (for example, usw2-lax1-az1) that the instance is in. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The name of the placement group that each instance is in. + // + // Constraints: Maximum 100 explicitly specified placement group names. + GroupNames []*string `locationName:"GroupName" type:"list"` + + // The instance IDs. + // + // Default: Describes all your instances. + // + // Constraints: Maximum 100 explicitly specified instance IDs. + InstanceIds []*string `locationName:"InstanceId" type:"list"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // + // You can't specify this parameter and the instance IDs parameter in the same + // request. + // + // Default: 20 + MaxResults *int64 `min:"1" type:"integer"` + + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceTopologyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceTopologyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeInstanceTopologyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeInstanceTopologyInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeInstanceTopologyInput) SetDryRun(v bool) *DescribeInstanceTopologyInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeInstanceTopologyInput) SetFilters(v []*Filter) *DescribeInstanceTopologyInput { + s.Filters = v + return s +} + +// SetGroupNames sets the GroupNames field's value. +func (s *DescribeInstanceTopologyInput) SetGroupNames(v []*string) *DescribeInstanceTopologyInput { + s.GroupNames = v + return s +} + +// SetInstanceIds sets the InstanceIds field's value. +func (s *DescribeInstanceTopologyInput) SetInstanceIds(v []*string) *DescribeInstanceTopologyInput { + s.InstanceIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeInstanceTopologyInput) SetMaxResults(v int64) *DescribeInstanceTopologyInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceTopologyInput) SetNextToken(v string) *DescribeInstanceTopologyInput { + s.NextToken = &v + return s +} + +type DescribeInstanceTopologyOutput struct { + _ struct{} `type:"structure"` + + // Information about the topology of each instance. + Instances []*InstanceTopology `locationName:"instanceSet" locationNameList:"item" type:"list"` + + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceTopologyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceTopologyOutput) GoString() string { + return s.String() +} + +// SetInstances sets the Instances field's value. +func (s *DescribeInstanceTopologyOutput) SetInstances(v []*InstanceTopology) *DescribeInstanceTopologyOutput { + s.Instances = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceTopologyOutput) SetNextToken(v string) *DescribeInstanceTopologyOutput { + s.NextToken = &v + return s +} + type DescribeInstanceTypeOfferingsInput struct { _ struct{} `type:"structure"` @@ -95114,8 +98309,8 @@ type DescribeInstanceTypesInput struct { // * bare-metal - Indicates whether it is a bare metal instance type (true // | false). // - // * burstable-performance-supported - Indicates whether it is a burstable - // performance instance type (true | false). + // * burstable-performance-supported - Indicates whether the instance type + // is a burstable performance T instance type (true | false). // // * current-generation - Indicates whether this instance type is the latest // generation instance type of an instance family (true | false). @@ -95211,6 +98406,14 @@ type DescribeInstanceTypesInput struct { // * network-info.network-performance - The network performance (for example, // "25 Gigabit"). // + // * nitro-enclaves-support - Indicates whether Nitro Enclaves is supported + // (supported | unsupported). + // + // * nitro-tpm-support - Indicates whether NitroTPM is supported (supported + // | unsupported). + // + // * nitro-tpm-info.supported-versions - The supported NitroTPM version (2.0). + // // * processor-info.supported-architecture - The CPU architecture (arm64 // | i386 | x86_64). // @@ -95323,12 +98526,6 @@ type DescribeInstanceTypesOutput struct { // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) // in the Amazon EC2 User Guide. - // - // When you change your EBS-backed instance type, instance restart or replacement - // behavior depends on the instance type compatibility between the old and new - // types. An instance that's backed by an instance store volume is always replaced. - // For more information, see Change the instance type (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html) - // in the Amazon EC2 User Guide. InstanceTypes []*InstanceTypeInfo `locationName:"instanceTypeSet" locationNameList:"item" type:"list"` // The token to include in another request to get the next page of items. This @@ -95385,7 +98582,7 @@ type DescribeInstancesInput struct { // * availability-zone - The Availability Zone of the instance. // // * block-device-mapping.attach-time - The attach time for an EBS volume - // mapped to the instance, for example, 2010-09-15T17:15:20.000Z. + // mapped to the instance, for example, 2022-09-15T17:15:20.000Z. // // * block-device-mapping.delete-on-termination - A Boolean that indicates // whether the EBS volume is deleted on instance termination. @@ -95398,14 +98595,38 @@ type DescribeInstancesInput struct { // // * block-device-mapping.volume-id - The volume ID of the EBS volume. // + // * boot-mode - The boot mode that was specified by the AMI (legacy-bios + // | uefi | uefi-preferred). + // // * capacity-reservation-id - The ID of the Capacity Reservation into which // the instance was launched. // + // * capacity-reservation-specification.capacity-reservation-preference - + // The instance's Capacity Reservation preference (open | none). + // + // * capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id + // - The ID of the targeted Capacity Reservation. + // + // * capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn + // - The ARN of the targeted Capacity Reservation group. + // // * client-token - The idempotency token you provided when you launched // the instance. // + // * current-instance-boot-mode - The boot mode that is used to launch the + // instance at launch or start (legacy-bios | uefi). + // // * dns-name - The public DNS name of the instance. // + // * ebs-optimized - A Boolean that indicates whether the instance is optimized + // for Amazon EBS I/O. + // + // * ena-support - A Boolean that indicates whether the instance is enabled + // for enhanced networking with ENA. + // + // * enclave-options.enabled - A Boolean that indicates whether the instance + // is enabled for Amazon Web Services Nitro Enclaves. + // // * hibernation-options.configured - A Boolean that indicates whether the // instance is enabled for hibernation. A value of true means that the instance // is enabled for hibernation. @@ -95419,12 +98640,18 @@ type DescribeInstancesInput struct { // * iam-instance-profile.arn - The instance profile associated with the // instance. Specified as an ARN. // + // * iam-instance-profile.id - The instance profile associated with the instance. + // Specified as an ID. + // + // * iam-instance-profile.name - The instance profile associated with the + // instance. Specified as an name. + // // * image-id - The ID of the image used to launch the instance. // // * instance-id - The ID of the instance. // - // * instance-lifecycle - Indicates whether this is a Spot Instance or a - // Scheduled Instance (spot | scheduled). + // * instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled + // Instance, or a Capacity Block (spot | scheduled | capacity-block). // // * instance-state-code - The state of the instance, as a 16-bit unsigned // integer. The high byte is used for internal purposes and should be ignored. @@ -95443,6 +98670,8 @@ type DescribeInstancesInput struct { // // * ip-address - The public IPv4 address of the instance. // + // * ipv6-address - The IPv6 address of the instance. + // // * kernel-id - The kernel ID. // // * key-name - The name of the key pair used when the instance was launched. @@ -95455,38 +98684,61 @@ type DescribeInstancesInput struct { // You can use a wildcard (*), for example, 2021-09-29T*, which matches an // entire day. // - // * metadata-options.http-tokens - The metadata request authorization state - // (optional | required) + // * maintenance-options.auto-recovery - The current automatic recovery behavior + // of the instance (disabled | default). + // + // * metadata-options.http-endpoint - The status of access to the HTTP metadata + // endpoint on your instance (enabled | disabled) + // + // * metadata-options.http-protocol-ipv4 - Indicates whether the IPv4 endpoint + // is enabled (disabled | enabled). + // + // * metadata-options.http-protocol-ipv6 - Indicates whether the IPv6 endpoint + // is enabled (disabled | enabled). // // * metadata-options.http-put-response-hop-limit - The HTTP metadata request // put response hop limit (integer, possible values 1 to 64) // - // * metadata-options.http-endpoint - The status of access to the HTTP metadata - // endpoint on your instance (enabled | disabled) + // * metadata-options.http-tokens - The metadata request authorization state + // (optional | required) // // * metadata-options.instance-metadata-tags - The status of access to instance // tags from the instance metadata (enabled | disabled) // + // * metadata-options.state - The state of the metadata option changes (pending + // | applied). + // // * monitoring-state - Indicates whether detailed monitoring is enabled // (disabled | enabled). // - // * network-interface.addresses.private-ip-address - The private IPv4 address - // associated with the network interface. + // * network-interface.addresses.association.allocation-id - The allocation + // ID. // - // * network-interface.addresses.primary - Specifies whether the IPv4 address - // of the network interface is the primary private IPv4 address. + // * network-interface.addresses.association.association-id - The association + // ID. // - // * network-interface.addresses.association.public-ip - The ID of the association - // of an Elastic IP address (IPv4) with a network interface. + // * network-interface.addresses.association.carrier-ip - The carrier IP + // address. + // + // * network-interface.addresses.association.customer-owned-ip - The customer-owned + // IP address. // // * network-interface.addresses.association.ip-owner-id - The owner ID of // the private IPv4 address associated with the network interface. // - // * network-interface.association.public-ip - The address of the Elastic - // IP address (IPv4) bound to the network interface. + // * network-interface.addresses.association.public-dns-name - The public + // DNS name. // - // * network-interface.association.ip-owner-id - The owner of the Elastic - // IP address (IPv4) associated with the network interface. + // * network-interface.addresses.association.public-ip - The ID of the association + // of an Elastic IP address (IPv4) with a network interface. + // + // * network-interface.addresses.primary - Specifies whether the IPv4 address + // of the network interface is the primary private IPv4 address. + // + // * network-interface.addresses.private-dns-name - The private DNS name. + // + // * network-interface.addresses.private-ip-address - The private IPv4 address + // associated with the network interface. // // * network-interface.association.allocation-id - The allocation ID returned // when you allocated the Elastic IP address (IPv4) for your network interface. @@ -95494,30 +98746,50 @@ type DescribeInstancesInput struct { // * network-interface.association.association-id - The association ID returned // when the network interface was associated with an IPv4 address. // + // * network-interface.association.carrier-ip - The customer-owned IP address. + // + // * network-interface.association.customer-owned-ip - The customer-owned + // IP address. + // + // * network-interface.association.ip-owner-id - The owner of the Elastic + // IP address (IPv4) associated with the network interface. + // + // * network-interface.association.public-dns-name - The public DNS name. + // + // * network-interface.association.public-ip - The address of the Elastic + // IP address (IPv4) bound to the network interface. + // + // * network-interface.attachment.attach-time - The time that the network + // interface was attached to an instance. + // // * network-interface.attachment.attachment-id - The ID of the interface // attachment. // + // * network-interface.attachment.delete-on-termination - Specifies whether + // the attachment is deleted when an instance is terminated. + // + // * network-interface.attachment.device-index - The device index to which + // the network interface is attached. + // // * network-interface.attachment.instance-id - The ID of the instance to // which the network interface is attached. // // * network-interface.attachment.instance-owner-id - The owner ID of the // instance to which the network interface is attached. // - // * network-interface.attachment.device-index - The device index to which - // the network interface is attached. + // * network-interface.attachment.network-card-index - The index of the network + // card. // // * network-interface.attachment.status - The status of the attachment (attaching // | attached | detaching | detached). // - // * network-interface.attachment.attach-time - The time that the network - // interface was attached to an instance. - // - // * network-interface.attachment.delete-on-termination - Specifies whether - // the attachment is deleted when an instance is terminated. - // // * network-interface.availability-zone - The Availability Zone for the // network interface. // + // * network-interface.deny-all-igw-traffic - A Boolean that indicates whether + // a network interface with an IPv6 address is unreachable from the public + // internet. + // // * network-interface.description - The description of the network interface. // // * network-interface.group-id - The ID of a security group associated with @@ -95526,18 +98798,39 @@ type DescribeInstancesInput struct { // * network-interface.group-name - The name of a security group associated // with the network interface. // + // * network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that + // are assigned to the network interface. + // + // * network-interface.ipv6-address - The IPv6 address associated with the + // network interface. + // // * network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated // with the network interface. // + // * network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates + // whether this is the primary IPv6 address. + // + // * network-interface.ipv6-native - A Boolean that indicates whether this + // is an IPv6 only network interface. + // + // * network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned + // to the network interface. + // // * network-interface.mac-address - The MAC address of the network interface. // // * network-interface.network-interface-id - The ID of the network interface. // + // * network-interface.outpost-arn - The ARN of the Outpost. + // // * network-interface.owner-id - The ID of the owner of the network interface. // // * network-interface.private-dns-name - The private DNS name of the network // interface. // + // * network-interface.private-ip-address - The private IPv4 address. + // + // * network-interface.public-dns-name - The public DNS name. + // // * network-interface.requester-id - The requester ID for the network interface. // // * network-interface.requester-managed - Indicates whether the network @@ -95554,6 +98847,12 @@ type DescribeInstancesInput struct { // // * network-interface.subnet-id - The ID of the subnet for the network interface. // + // * network-interface.tag-key - The key of a tag assigned to the network + // interface. + // + // * network-interface.tag-value - The value of a tag assigned to the network + // interface. + // // * network-interface.vpc-id - The ID of the VPC for the network interface. // // * outpost-arn - The Amazon Resource Name (ARN) of the Outpost. @@ -95567,8 +98866,29 @@ type DescribeInstancesInput struct { // // * platform - The platform. To list only Windows instances, use windows. // + // * platform-details - The platform (Linux/UNIX | Red Hat BYOL Linux | Red + // Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Red Hat Enterprise + // Linux with SQL Server Standard and HA | Red Hat Enterprise Linux with + // SQL Server Enterprise and HA | Red Hat Enterprise Linux with SQL Server + // Standard | Red Hat Enterprise Linux with SQL Server Web | Red Hat Enterprise + // Linux with SQL Server Enterprise | SQL Server Enterprise | SQL Server + // Standard | SQL Server Web | SUSE Linux | Ubuntu Pro | Windows | Windows + // BYOL | Windows with SQL Server Enterprise | Windows with SQL Server Standard + // | Windows with SQL Server Web). + // // * private-dns-name - The private IPv4 DNS name of the instance. // + // * private-dns-name-options.enable-resource-name-dns-a-record - A Boolean + // that indicates whether to respond to DNS queries for instance hostnames + // with DNS A records. + // + // * private-dns-name-options.enable-resource-name-dns-aaaa-record - A Boolean + // that indicates whether to respond to DNS queries for instance hostnames + // with DNS AAAA records. + // + // * private-dns-name-options.hostname-type - The type of hostname (ip-name + // | resource-name). + // // * private-ip-address - The private IPv4 address of the instance. // // * product-code - The product code associated with the AMI used to launch @@ -95624,6 +98944,19 @@ type DescribeInstancesInput struct { // // * tenancy - The tenancy of an instance (dedicated | default | host). // + // * tpm-support - Indicates if the instance is configured for NitroTPM support + // (v2.0). + // + // * usage-operation - The usage operation value for the instance (RunInstances + // | RunInstances:00g0 | RunInstances:0010 | RunInstances:1010 | RunInstances:1014 + // | RunInstances:1110 | RunInstances:0014 | RunInstances:0210 | RunInstances:0110 + // | RunInstances:0100 | RunInstances:0004 | RunInstances:0200 | RunInstances:000g + // | RunInstances:0g00 | RunInstances:0002 | RunInstances:0800 | RunInstances:0102 + // | RunInstances:0006 | RunInstances:0202). + // + // * usage-operation-update-time - The time that the usage operation was + // last updated, for example, 2022-09-15T17:15:20.000Z. + // // * virtualization-type - The virtualization type of the instance (paravirtual // | hvm). // @@ -95746,7 +99079,7 @@ type DescribeInternetGatewaysInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * attachment.state - The current state of the attachment between the gateway // and the VPC (available). Present only if a VPC is attached. @@ -95769,7 +99102,7 @@ type DescribeInternetGatewaysInput struct { // the tag value. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more internet gateway IDs. + // The IDs of the internet gateways. // // Default: Describes all your internet gateways. InternetGatewayIds []*string `locationName:"internetGatewayId" locationNameList:"item" type:"list"` @@ -95886,6 +99219,113 @@ func (s *DescribeInternetGatewaysOutput) SetNextToken(v string) *DescribeInterne return s } +type DescribeIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"1" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeIpamByoasnInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeIpamByoasnInput) SetDryRun(v bool) *DescribeIpamByoasnInput { + s.DryRun = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeIpamByoasnInput) SetMaxResults(v int64) *DescribeIpamByoasnInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeIpamByoasnInput) SetNextToken(v string) *DescribeIpamByoasnInput { + s.NextToken = &v + return s +} + +type DescribeIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // ASN and BYOIP CIDR associations. + Byoasns []*Byoasn `locationName:"byoasnSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetByoasns sets the Byoasns field's value. +func (s *DescribeIpamByoasnOutput) SetByoasns(v []*Byoasn) *DescribeIpamByoasnOutput { + s.Byoasns = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeIpamByoasnOutput) SetNextToken(v string) *DescribeIpamByoasnOutput { + s.NextToken = &v + return s +} + type DescribeIpamPoolsInput struct { _ struct{} `type:"structure"` @@ -97990,6 +101430,136 @@ func (s *DescribeLocalGatewaysOutput) SetNextToken(v string) *DescribeLocalGatew return s } +type DescribeLockedSnapshotsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. + // + // * lock-state - The state of the snapshot lock (compliance-cooloff | governance + // | compliance | expired). + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + MaxResults *int64 `min:"5" type:"integer"` + + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. + NextToken *string `type:"string"` + + // The IDs of the snapshots for which to view the lock status. + SnapshotIds []*string `locationName:"SnapshotId" locationNameList:"SnapshotId" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLockedSnapshotsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLockedSnapshotsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLockedSnapshotsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLockedSnapshotsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeLockedSnapshotsInput) SetDryRun(v bool) *DescribeLockedSnapshotsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeLockedSnapshotsInput) SetFilters(v []*Filter) *DescribeLockedSnapshotsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeLockedSnapshotsInput) SetMaxResults(v int64) *DescribeLockedSnapshotsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLockedSnapshotsInput) SetNextToken(v string) *DescribeLockedSnapshotsInput { + s.NextToken = &v + return s +} + +// SetSnapshotIds sets the SnapshotIds field's value. +func (s *DescribeLockedSnapshotsInput) SetSnapshotIds(v []*string) *DescribeLockedSnapshotsInput { + s.SnapshotIds = v + return s +} + +type DescribeLockedSnapshotsOutput struct { + _ struct{} `type:"structure"` + + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about the snapshots. + Snapshots []*LockedSnapshotsInfo `locationName:"snapshotSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLockedSnapshotsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLockedSnapshotsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLockedSnapshotsOutput) SetNextToken(v string) *DescribeLockedSnapshotsOutput { + s.NextToken = &v + return s +} + +// SetSnapshots sets the Snapshots field's value. +func (s *DescribeLockedSnapshotsOutput) SetSnapshots(v []*LockedSnapshotsInfo) *DescribeLockedSnapshotsOutput { + s.Snapshots = v + return s +} + type DescribeManagedPrefixListsInput struct { _ struct{} `type:"structure"` @@ -98262,7 +101832,7 @@ type DescribeNatGatewaysInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. // // * nat-gateway-id - The ID of the NAT gateway. // @@ -98289,7 +101859,7 @@ type DescribeNatGatewaysInput struct { // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"5" type:"integer"` - // One or more NAT gateway IDs. + // The IDs of the NAT gateways. NatGatewayIds []*string `locationName:"NatGatewayId" locationNameList:"item" type:"list"` // The token returned from a previous paginated request. Pagination continues @@ -98408,7 +101978,7 @@ type DescribeNetworkAclsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * association.association-id - The ID of an association ID for the ACL. // @@ -98467,7 +102037,7 @@ type DescribeNetworkAclsInput struct { // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"5" type:"integer"` - // One or more network ACL IDs. + // The IDs of the network ACLs. // // Default: Describes all your network ACLs. NetworkAclIds []*string `locationName:"NetworkAclId" locationNameList:"item" type:"list"` @@ -99449,23 +103019,23 @@ type DescribeNetworkInterfacesInput struct { // One or more filters. // - // * addresses.private-ip-address - The private IPv4 addresses associated - // with the network interface. - // - // * addresses.primary - Whether the private IPv4 address is the primary - // IP address associated with the network interface. + // * association.allocation-id - The allocation ID returned when you allocated + // the Elastic IP address (IPv4) for your network interface. // - // * addresses.association.public-ip - The association ID returned when the - // network interface was associated with the Elastic IP address (IPv4). + // * association.association-id - The association ID returned when the network + // interface was associated with an IPv4 address. // // * addresses.association.owner-id - The owner ID of the addresses associated // with the network interface. // - // * association.association-id - The association ID returned when the network - // interface was associated with an IPv4 address. + // * addresses.association.public-ip - The association ID returned when the + // network interface was associated with the Elastic IP address (IPv4). // - // * association.allocation-id - The allocation ID returned when you allocated - // the Elastic IP address (IPv4) for your network interface. + // * addresses.primary - Whether the private IPv4 address is the primary + // IP address associated with the network interface. + // + // * addresses.private-ip-address - The private IPv4 addresses associated + // with the network interface. // // * association.ip-owner-id - The owner of the Elastic IP address (IPv4) // associated with the network interface. @@ -99476,11 +103046,11 @@ type DescribeNetworkInterfacesInput struct { // * association.public-dns-name - The public DNS name for the network interface // (IPv4). // - // * attachment.attachment-id - The ID of the interface attachment. - // // * attachment.attach-time - The time that the network interface was attached // to an instance. // + // * attachment.attachment-id - The ID of the interface attachment. + // // * attachment.delete-on-termination - Indicates whether the attachment // is deleted when an instance is terminated. // @@ -99502,17 +103072,15 @@ type DescribeNetworkInterfacesInput struct { // // * group-id - The ID of a security group associated with the network interface. // - // * group-name - The name of a security group associated with the network - // interface. - // // * ipv6-addresses.ipv6-address - An IPv6 address associated with the network // interface. // // * interface-type - The type of network interface (api_gateway_managed - // | aws_codestar_connections_managed | branch | efa | gateway_load_balancer - // | gateway_load_balancer_endpoint | global_accelerator_managed | interface - // | iot_rules_managed | lambda | load_balancer | nat_gateway | network_load_balancer - // | quicksight | transit_gateway | trunk | vpc_endpoint). + // | aws_codestar_connections_managed | branch | ec2_instance_connect_endpoint + // | efa | efs | gateway_load_balancer | gateway_load_balancer_endpoint | + // global_accelerator_managed | interface | iot_rules_managed | lambda | + // load_balancer | nat_gateway | network_load_balancer | quicksight | transit_gateway + // | trunk | vpc_endpoint). // // * mac-address - The MAC address of the network interface. // @@ -99521,11 +103089,11 @@ type DescribeNetworkInterfacesInput struct { // * owner-id - The Amazon Web Services account ID of the network interface // owner. // + // * private-dns-name - The private DNS name of the network interface (IPv4). + // // * private-ip-address - The private IPv4 address or addresses of the network // interface. // - // * private-dns-name - The private DNS name of the network interface (IPv4). - // // * requester-id - The alias or Amazon Web Services account ID of the principal // or service that created the network interface. // @@ -101008,7 +104576,7 @@ type DescribeRouteTablesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * association.route-table-association-id - The ID of an association ID // for the route table. @@ -101084,7 +104652,7 @@ type DescribeRouteTablesInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more route table IDs. + // The IDs of the route tables. // // Default: Describes all your route tables. RouteTableIds []*string `locationName:"RouteTableId" locationNameList:"item" type:"list"` @@ -101825,10 +105393,8 @@ type DescribeSecurityGroupsInput struct { // Default: Describes all of your security groups. GroupIds []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` - // [EC2-Classic and default VPC only] The names of the security groups. You - // can specify either the security group name or the security group ID. For - // security groups in a nondefault VPC, use the group-name filter to describe - // security groups by name. + // [Default VPC] The names of the security groups. You can specify either the + // security group name or the security group ID. // // Default: Describes all of your security groups. GroupNames []*string `locationName:"GroupName" locationNameList:"GroupName" type:"list"` @@ -102887,8 +106453,8 @@ type DescribeSpotInstanceRequestsInput struct { // in GiB. // // * launch.block-device-mapping.volume-type - The type of EBS volume: gp2 - // for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 for - // Throughput Optimized HDD, sc1for Cold HDD, or standard for Magnetic. + // or gp3 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 + // for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic. // // * launch.group-id - The ID of the security group for the instance. // @@ -103104,8 +106670,8 @@ type DescribeSpotPriceHistoryInput struct { // greater than or less than comparison is not supported). // // * timestamp - The time stamp of the Spot price history, in UTC format - // (for example, YYYY-MM-DDTHH:MM:SSZ). You can use wildcards (* and ?). - // Greater than or less than comparison is not supported. + // (for example, ddd MMM dd HH:mm:ss UTC YYYY). You can use wildcards (* + // and ?). Greater than or less than comparison is not supported. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // Filters the results by the specified instance types. @@ -103384,6 +106950,9 @@ type DescribeStoreImageTasksInput struct { // // * bucket - Returns task information for tasks that targeted a specific // bucket. For the filter value, specify the bucket name. + // + // When you specify the ImageIds parameter, any filters that you specify are + // ignored. To use the filters, you must remove the ImageIds parameter. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The AMI IDs for which to show progress. Up to 20 AMI IDs can be included @@ -103394,7 +106963,7 @@ type DescribeStoreImageTasksInput struct { // of items, make another request with the token returned in the output. For // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). // - // You cannot specify this parameter and the ImageIDs parameter in the same + // You cannot specify this parameter and the ImageIds parameter in the same // call. MaxResults *int64 `min:"1" type:"integer"` @@ -103514,7 +107083,7 @@ type DescribeSubnetsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone for the subnet. You can also // use availabilityZone as the filter name. @@ -103609,7 +107178,7 @@ type DescribeSubnetsInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more subnet IDs. + // The IDs of the subnets. // // Default: Describes all your subnets. SubnetIds []*string `locationName:"SubnetId" locationNameList:"SubnetId" type:"list"` @@ -105870,7 +109439,7 @@ type DescribeVerifiedAccessEndpointsOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The ID of the Verified Access endpoint. + // Details about the Verified Access endpoints. VerifiedAccessEndpoints []*VerifiedAccessEndpoint `locationName:"verifiedAccessEndpointSet" locationNameList:"item" type:"list"` } @@ -106004,7 +109573,7 @@ type DescribeVerifiedAccessGroupsOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The ID of the Verified Access group. + // Details about the Verified Access groups. VerifiedAccessGroups []*VerifiedAccessGroup `locationName:"verifiedAccessGroupSet" locationNameList:"item" type:"list"` } @@ -106125,7 +109694,7 @@ func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetVerifiedAc type DescribeVerifiedAccessInstanceLoggingConfigurationsOutput struct { _ struct{} `type:"structure"` - // The current logging configuration for the Verified Access instances. + // The logging configuration for the Verified Access instances. LoggingConfigurations []*VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfigurationSet" locationNameList:"item" type:"list"` // The token to use to retrieve the next page of results. This value is null @@ -106254,7 +109823,7 @@ type DescribeVerifiedAccessInstancesOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The IDs of the Verified Access instances. + // Details about the Verified Access instances. VerifiedAccessInstances []*VerifiedAccessInstance `locationName:"verifiedAccessInstanceSet" locationNameList:"item" type:"list"` } @@ -106379,7 +109948,7 @@ type DescribeVerifiedAccessTrustProvidersOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The IDs of the Verified Access trust providers. + // Details about the Verified Access trust providers. VerifiedAccessTrustProviders []*VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProviderSet" locationNameList:"item" type:"list"` } @@ -107132,7 +110701,7 @@ type DescribeVpcClassicLinkDnsSupportInput struct { // from the end of the items returned by the previous request. NextToken *string `locationName:"nextToken" min:"1" type:"string"` - // One or more VPC IDs. + // The IDs of the VPCs. VpcIds []*string `locationNameList:"VpcId" type:"list"` } @@ -107238,7 +110807,7 @@ type DescribeVpcClassicLinkInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * is-classic-link-enabled - Whether the VPC is enabled for ClassicLink // (true | false). @@ -107254,7 +110823,7 @@ type DescribeVpcClassicLinkInput struct { // the tag value. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more VPCs for which you want to describe the ClassicLink status. + // The VPCs for which you want to describe the ClassicLink status. VpcIds []*string `locationName:"VpcId" locationNameList:"VpcId" type:"list"` } @@ -107297,7 +110866,7 @@ func (s *DescribeVpcClassicLinkInput) SetVpcIds(v []*string) *DescribeVpcClassic type DescribeVpcClassicLinkOutput struct { _ struct{} `type:"structure"` - // The ClassicLink status of one or more VPCs. + // The ClassicLink status of the VPCs. Vpcs []*VpcClassicLink `locationName:"vpcSet" locationNameList:"item" type:"list"` } @@ -108130,7 +111699,7 @@ type DescribeVpcPeeringConnectionsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * accepter-vpc-info.cidr-block - The IPv4 CIDR block of the accepter VPC. // @@ -108177,7 +111746,7 @@ type DescribeVpcPeeringConnectionsInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more VPC peering connection IDs. + // The IDs of the VPC peering connections. // // Default: Describes all your VPC peering connections. VpcPeeringConnectionIds []*string `locationName:"VpcPeeringConnectionId" locationNameList:"item" type:"list"` @@ -108294,7 +111863,7 @@ type DescribeVpcsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify // must exactly match the VPC's CIDR block for information to be returned @@ -108352,7 +111921,7 @@ type DescribeVpcsInput struct { // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more VPC IDs. + // The IDs of the VPCs. // // Default: Describes all your VPCs. VpcIds []*string `locationName:"VpcId" locationNameList:"VpcId" type:"list"` @@ -109192,10 +112761,10 @@ func (s *DetachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type DetachVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` - // The ID of the Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -109421,6 +112990,10 @@ func (s DetachVpnGatewayOutput) GoString() string { type DeviceOptions struct { _ struct{} `type:"structure"` + // The URL Amazon Web Services Verified Access will use to verify the authenticity + // of the device tokens. + PublicSigningKeyUrl *string `locationName:"publicSigningKeyUrl" type:"string"` + // The ID of the tenant application with the device-identity provider. TenantId *string `locationName:"tenantId" type:"string"` } @@ -109443,6 +113016,12 @@ func (s DeviceOptions) GoString() string { return s.String() } +// SetPublicSigningKeyUrl sets the PublicSigningKeyUrl field's value. +func (s *DeviceOptions) SetPublicSigningKeyUrl(v string) *DeviceOptions { + s.PublicSigningKeyUrl = &v + return s +} + // SetTenantId sets the TenantId field's value. func (s *DeviceOptions) SetTenantId(v string) *DeviceOptions { s.TenantId = &v @@ -109456,7 +113035,7 @@ type DhcpConfiguration struct { // The name of a DHCP option. Key *string `locationName:"key" type:"string"` - // One or more values for the DHCP option. + // The values for the DHCP option. Values []*AttributeValue `locationName:"valueSet" locationNameList:"item" type:"list"` } @@ -109490,11 +113069,11 @@ func (s *DhcpConfiguration) SetValues(v []*AttributeValue) *DhcpConfiguration { return s } -// Describes a set of DHCP options. +// The set of DHCP options. type DhcpOptions struct { _ struct{} `type:"structure"` - // One or more DHCP options in the set. + // The DHCP options in the set. DhcpConfigurations []*DhcpConfiguration `locationName:"dhcpConfigurationSet" locationNameList:"item" type:"list"` // The ID of the set of DHCP options. @@ -109879,13 +113458,12 @@ type DisableFastLaunchInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // Forces the image settings to turn off faster launching for your Windows AMI. - // This parameter overrides any errors that are encountered while cleaning up - // resources in your account. + // Forces the image settings to turn off Windows fast launch for your Windows + // AMI. This parameter overrides any errors that are encountered while cleaning + // up resources in your account. Force *bool `type:"boolean"` - // The ID of the image for which you’re turning off faster launching, and - // removing pre-provisioned snapshots. + // Specify the ID of the image for which to disable Windows fast launch. // // ImageId is a required field ImageId *string `type:"string" required:"true"` @@ -109943,7 +113521,7 @@ func (s *DisableFastLaunchInput) SetImageId(v string) *DisableFastLaunchInput { type DisableFastLaunchOutput struct { _ struct{} `type:"structure"` - // The ID of the image for which faster-launching has been turned off. + // The ID of the image for which Windows fast launch was disabled. ImageId *string `locationName:"imageId" type:"string"` // The launch template that was used to launch Windows instances from pre-provisioned @@ -109951,27 +113529,28 @@ type DisableFastLaunchOutput struct { LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` // The maximum number of instances that Amazon EC2 can launch at the same time - // to create pre-provisioned snapshots for Windows faster launching. + // to create pre-provisioned snapshots for Windows fast launch. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` - // The owner of the Windows AMI for which faster launching was turned off. + // The owner of the Windows AMI for which Windows fast launch was disabled. OwnerId *string `locationName:"ownerId" type:"string"` // The pre-provisioning resource type that must be cleaned after turning off - // faster launching for the Windows AMI. Supported values include: snapshot. + // Windows fast launch for the Windows AMI. Supported values include: snapshot. ResourceType *string `locationName:"resourceType" type:"string" enum:"FastLaunchResourceType"` - // Parameters that were used for faster launching for the Windows AMI before - // faster launching was turned off. This informs the clean-up process. + // Parameters that were used for Windows fast launch for the Windows AMI before + // Windows fast launch was disabled. This informs the clean-up process. SnapshotConfiguration *FastLaunchSnapshotConfigurationResponse `locationName:"snapshotConfiguration" type:"structure"` - // The current state of faster launching for the specified Windows AMI. + // The current state of Windows fast launch for the specified Windows AMI. State *string `locationName:"state" type:"string" enum:"FastLaunchStateCode"` - // The reason that the state changed for faster launching for the Windows AMI. + // The reason that the state changed for Windows fast launch for the Windows + // AMI. StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` - // The time that the state changed for faster launching for the Windows AMI. + // The time that the state changed for Windows fast launch for the Windows AMI. StateTransitionTime *time.Time `locationName:"stateTransitionTime" type:"timestamp"` } @@ -110416,6 +113995,71 @@ func (s *DisableFastSnapshotRestoresOutput) SetUnsuccessful(v []*DisableFastSnap return s } +type DisableImageBlockPublicAccessInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageBlockPublicAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageBlockPublicAccessInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableImageBlockPublicAccessInput) SetDryRun(v bool) *DisableImageBlockPublicAccessInput { + s.DryRun = &v + return s +} + +type DisableImageBlockPublicAccessOutput struct { + _ struct{} `type:"structure"` + + // Returns unblocked if the request succeeds; otherwise, it returns an error. + ImageBlockPublicAccessState *string `locationName:"imageBlockPublicAccessState" type:"string" enum:"ImageBlockPublicAccessDisabledState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageBlockPublicAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageBlockPublicAccessOutput) GoString() string { + return s.String() +} + +// SetImageBlockPublicAccessState sets the ImageBlockPublicAccessState field's value. +func (s *DisableImageBlockPublicAccessOutput) SetImageBlockPublicAccessState(v string) *DisableImageBlockPublicAccessOutput { + s.ImageBlockPublicAccessState = &v + return s +} + type DisableImageDeprecationInput struct { _ struct{} `type:"structure"` @@ -110505,6 +114149,95 @@ func (s *DisableImageDeprecationOutput) SetReturn(v bool) *DisableImageDeprecati return s } +type DisableImageInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the AMI. + // + // ImageId is a required field + ImageId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableImageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableImageInput"} + if s.ImageId == nil { + invalidParams.Add(request.NewErrParamRequired("ImageId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableImageInput) SetDryRun(v bool) *DisableImageInput { + s.DryRun = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *DisableImageInput) SetImageId(v string) *DisableImageInput { + s.ImageId = &v + return s +} + +type DisableImageOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, it returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableImageOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *DisableImageOutput) SetReturn(v bool) *DisableImageOutput { + s.Return = &v + return s +} + type DisableIpamOrganizationAdminAccountInput struct { _ struct{} `type:"structure"` @@ -110661,6 +114394,71 @@ func (s *DisableSerialConsoleAccessOutput) SetSerialConsoleAccessEnabled(v bool) return s } +type DisableSnapshotBlockPublicAccessInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableSnapshotBlockPublicAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableSnapshotBlockPublicAccessInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableSnapshotBlockPublicAccessInput) SetDryRun(v bool) *DisableSnapshotBlockPublicAccessInput { + s.DryRun = &v + return s +} + +type DisableSnapshotBlockPublicAccessOutput struct { + _ struct{} `type:"structure"` + + // Returns unblocked if the request succeeds. + State *string `locationName:"state" type:"string" enum:"SnapshotBlockPublicAccessState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableSnapshotBlockPublicAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableSnapshotBlockPublicAccessOutput) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *DisableSnapshotBlockPublicAccessOutput) SetState(v string) *DisableSnapshotBlockPublicAccessOutput { + s.State = &v + return s +} + type DisableTransitGatewayRouteTablePropagationInput struct { _ struct{} `type:"structure"` @@ -111483,6 +115281,109 @@ func (s *DisassociateInstanceEventWindowOutput) SetInstanceEventWindow(v *Instan return s } +type DisassociateIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // A public 2-byte or 4-byte ASN. + // + // Asn is a required field + Asn *string `type:"string" required:"true"` + + // A BYOIP CIDR. + // + // Cidr is a required field + Cidr *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateIpamByoasnInput"} + if s.Asn == nil { + invalidParams.Add(request.NewErrParamRequired("Asn")) + } + if s.Cidr == nil { + invalidParams.Add(request.NewErrParamRequired("Cidr")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsn sets the Asn field's value. +func (s *DisassociateIpamByoasnInput) SetAsn(v string) *DisassociateIpamByoasnInput { + s.Asn = &v + return s +} + +// SetCidr sets the Cidr field's value. +func (s *DisassociateIpamByoasnInput) SetCidr(v string) *DisassociateIpamByoasnInput { + s.Cidr = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DisassociateIpamByoasnInput) SetDryRun(v bool) *DisassociateIpamByoasnInput { + s.DryRun = &v + return s +} + +type DisassociateIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // An ASN and BYOIP CIDR association. + AsnAssociation *AsnAssociation `locationName:"asnAssociation" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetAsnAssociation sets the AsnAssociation field's value. +func (s *DisassociateIpamByoasnOutput) SetAsnAssociation(v *AsnAssociation) *DisassociateIpamByoasnOutput { + s.AsnAssociation = v + return s +} + type DisassociateIpamResourceDiscoveryInput struct { _ struct{} `type:"structure"` @@ -111591,7 +115492,7 @@ type DisassociateNatGatewayAddressInput struct { // seconds. MaxDrainDurationSeconds *int64 `min:"1" type:"integer"` - // The NAT gateway ID. + // The ID of the NAT gateway. // // NatGatewayId is a required field NatGatewayId *string `type:"string" required:"true"` @@ -111664,7 +115565,7 @@ type DisassociateNatGatewayAddressOutput struct { // Information about the NAT gateway IP addresses. NatGatewayAddresses []*NatGatewayAddress `locationName:"natGatewayAddressSet" locationNameList:"item" type:"list"` - // The NAT gateway ID. + // The ID of the NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` } @@ -112937,19 +116838,18 @@ type EbsBlockDevice struct { // // The following are the supported values for each volume type: // - // * gp3: 3,000-16,000 IOPS + // * gp3: 3,000 - 16,000 IOPS // - // * io1: 100-64,000 IOPS + // * io1: 100 - 64,000 IOPS // - // * io2: 100-64,000 IOPS + // * io2: 100 - 256,000 IOPS // - // For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built - // on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families guarantee performance up to 32,000 IOPS. + // For io2 volumes, you can achieve up to 256,000 IOPS on instances built on + // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // On other instances, you can achieve performance up to 32,000 IOPS. // // This parameter is required for io1 and io2 volumes. The default for gp3 volumes - // is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard - // volumes. + // is 3,000 IOPS. Iops *int64 `locationName:"iops" type:"integer"` // Identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed @@ -112963,8 +116863,7 @@ type EbsBlockDevice struct { // The ARN of the Outpost on which the snapshot is stored. // - // This parameter is only supported on BlockDeviceMapping objects called by - // CreateImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html). + // This parameter is not supported when using CreateImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html). OutpostArn *string `locationName:"outpostArn" type:"string"` // The ID of the snapshot. @@ -112982,20 +116881,21 @@ type EbsBlockDevice struct { // You can specify a volume size that is equal to or larger than the snapshot // size. // - // The following are the supported volumes sizes for each volume type: + // The following are the supported sizes for each volume type: + // + // * gp2 and gp3: 1 - 16,384 GiB // - // * gp2 and gp3:1-16,384 + // * io1: 4 - 16,384 GiB // - // * io1 and io2: 4-16,384 + // * io2: 4 - 65,536 GiB // - // * st1 and sc1: 125-16,384 + // * st1 and sc1: 125 - 16,384 GiB // - // * standard: 1-1,024 + // * standard: 1 - 1024 GiB VolumeSize *int64 `locationName:"volumeSize" type:"integer"` // The volume type. For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) - // in the Amazon EC2 User Guide. If the volume type is io1 or io2, you must - // specify the IOPS that the volume supports. + // in the Amazon EC2 User Guide. VolumeType *string `locationName:"volumeType" type:"string" enum:"VolumeType"` } @@ -113136,6 +117036,9 @@ func (s *EbsInfo) SetNvmeSupport(v string) *EbsInfo { type EbsInstanceBlockDevice struct { _ struct{} `type:"structure"` + // The ARN of the Amazon ECS or Fargate task to which the volume is attached. + AssociatedResource *string `locationName:"associatedResource" type:"string"` + // The time stamp when the attachment initiated. AttachTime *time.Time `locationName:"attachTime" type:"timestamp"` @@ -113147,6 +117050,12 @@ type EbsInstanceBlockDevice struct { // The ID of the EBS volume. VolumeId *string `locationName:"volumeId" type:"string"` + + // The ID of the Amazon Web Services account that owns the volume. + // + // This parameter is returned only for volumes that are attached to Fargate + // tasks. + VolumeOwnerId *string `locationName:"volumeOwnerId" type:"string"` } // String returns the string representation. @@ -113167,6 +117076,12 @@ func (s EbsInstanceBlockDevice) GoString() string { return s.String() } +// SetAssociatedResource sets the AssociatedResource field's value. +func (s *EbsInstanceBlockDevice) SetAssociatedResource(v string) *EbsInstanceBlockDevice { + s.AssociatedResource = &v + return s +} + // SetAttachTime sets the AttachTime field's value. func (s *EbsInstanceBlockDevice) SetAttachTime(v time.Time) *EbsInstanceBlockDevice { s.AttachTime = &v @@ -113191,6 +117106,12 @@ func (s *EbsInstanceBlockDevice) SetVolumeId(v string) *EbsInstanceBlockDevice { return s } +// SetVolumeOwnerId sets the VolumeOwnerId field's value. +func (s *EbsInstanceBlockDevice) SetVolumeOwnerId(v string) *EbsInstanceBlockDevice { + s.VolumeOwnerId = &v + return s +} + // Describes information used to set up an EBS volume specified in a block device // mapping. type EbsInstanceBlockDeviceSpecification struct { @@ -114002,8 +117923,50 @@ func (s *EnaSrdSpecification) SetEnaSrdUdpSpecification(v *EnaSrdUdpSpecificatio return s } +// Launch instances with ENA Express settings configured from your launch template. +type EnaSrdSpecificationRequest struct { + _ struct{} `type:"structure"` + + // Specifies whether ENA Express is enabled for the network interface when you + // launch an instance from your launch template. + EnaSrdEnabled *bool `type:"boolean"` + + // Contains ENA Express settings for UDP network traffic in your launch template. + EnaSrdUdpSpecification *EnaSrdUdpSpecificationRequest `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdSpecificationRequest) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *EnaSrdSpecificationRequest) SetEnaSrdEnabled(v bool) *EnaSrdSpecificationRequest { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *EnaSrdSpecificationRequest) SetEnaSrdUdpSpecification(v *EnaSrdUdpSpecificationRequest) *EnaSrdSpecificationRequest { + s.EnaSrdUdpSpecification = v + return s +} + // ENA Express is compatible with both TCP and UDP transport protocols. When -// it’s enabled, TCP traffic automatically uses it. However, some UDP-based +// it's enabled, TCP traffic automatically uses it. However, some UDP-based // applications are designed to handle network packets that are out of order, // without a need for retransmission, such as live video broadcasting or other // near-real-time applications. For UDP traffic, you can specify whether to @@ -114011,8 +117974,8 @@ func (s *EnaSrdSpecification) SetEnaSrdUdpSpecification(v *EnaSrdUdpSpecificatio type EnaSrdUdpSpecification struct { _ struct{} `type:"structure"` - // Indicates whether UDP traffic uses ENA Express. To specify this setting, - // you must first enable ENA Express. + // Indicates whether UDP traffic to and from the instance uses ENA Express. + // To specify this setting, you must first enable ENA Express. EnaSrdUdpEnabled *bool `type:"boolean"` } @@ -114040,6 +118003,41 @@ func (s *EnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *EnaSrdUdpSpecifica return s } +// Configures ENA Express for UDP network traffic from your launch template. +type EnaSrdUdpSpecificationRequest struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic uses ENA Express for your instance. To ensure + // that UDP traffic can use ENA Express when you launch an instance, you must + // also set EnaSrdEnabled in the EnaSrdSpecificationRequest to true in your + // launch template. + EnaSrdUdpEnabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdUdpSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdUdpSpecificationRequest) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *EnaSrdUdpSpecificationRequest) SetEnaSrdUdpEnabled(v bool) *EnaSrdUdpSpecificationRequest { + s.EnaSrdUdpEnabled = &v + return s +} + type EnableAddressTransferInput struct { _ struct{} `type:"structure"` @@ -114320,7 +118318,7 @@ type EnableFastLaunchInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the image for which you’re enabling faster launching. + // Specify the ID of the image for which to enable Windows fast launch. // // ImageId is a required field ImageId *string `type:"string" required:"true"` @@ -114331,17 +118329,17 @@ type EnableFastLaunchInput struct { LaunchTemplate *FastLaunchLaunchTemplateSpecificationRequest `type:"structure"` // The maximum number of instances that Amazon EC2 can launch at the same time - // to create pre-provisioned snapshots for Windows faster launching. Value must - // be 6 or greater. + // to create pre-provisioned snapshots for Windows fast launch. Value must be + // 6 or greater. MaxParallelLaunches *int64 `type:"integer"` - // The type of resource to use for pre-provisioning the Windows AMI for faster - // launching. Supported values include: snapshot, which is the default value. + // The type of resource to use for pre-provisioning the AMI for Windows fast + // launch. Supported values include: snapshot, which is the default value. ResourceType *string `type:"string"` // Configuration settings for creating and managing the snapshots that are used - // for pre-provisioning the Windows AMI for faster launching. The associated - // ResourceType must be snapshot. + // for pre-provisioning the AMI for Windows fast launch. The associated ResourceType + // must be snapshot. SnapshotConfiguration *FastLaunchSnapshotConfigurationRequest `type:"structure"` } @@ -114420,8 +118418,7 @@ func (s *EnableFastLaunchInput) SetSnapshotConfiguration(v *FastLaunchSnapshotCo type EnableFastLaunchOutput struct { _ struct{} `type:"structure"` - // The image ID that identifies the Windows AMI for which faster launching was - // enabled. + // The image ID that identifies the AMI for which Windows fast launch was enabled. ImageId *string `locationName:"imageId" type:"string"` // The launch template that is used when launching Windows instances from pre-provisioned @@ -114429,14 +118426,14 @@ type EnableFastLaunchOutput struct { LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` // The maximum number of instances that Amazon EC2 can launch at the same time - // to create pre-provisioned snapshots for Windows faster launching. + // to create pre-provisioned snapshots for Windows fast launch. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` - // The owner ID for the Windows AMI for which faster launching was enabled. + // The owner ID for the AMI for which Windows fast launch was enabled. OwnerId *string `locationName:"ownerId" type:"string"` - // The type of resource that was defined for pre-provisioning the Windows AMI - // for faster launching. + // The type of resource that was defined for pre-provisioning the AMI for Windows + // fast launch. ResourceType *string `locationName:"resourceType" type:"string" enum:"FastLaunchResourceType"` // Settings to create and manage the pre-provisioned snapshots that Amazon EC2 @@ -114444,13 +118441,13 @@ type EnableFastLaunchOutput struct { // when the associated resourceType is snapshot. SnapshotConfiguration *FastLaunchSnapshotConfigurationResponse `locationName:"snapshotConfiguration" type:"structure"` - // The current state of faster launching for the specified Windows AMI. + // The current state of Windows fast launch for the specified AMI. State *string `locationName:"state" type:"string" enum:"FastLaunchStateCode"` - // The reason that the state changed for faster launching for the Windows AMI. + // The reason that the state changed for Windows fast launch for the AMI. StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` - // The time that the state changed for faster launching for the Windows AMI. + // The time that the state changed for Windows fast launch for the AMI. StateTransitionTime *time.Time `locationName:"stateTransitionTime" type:"timestamp"` } @@ -114897,6 +118894,98 @@ func (s *EnableFastSnapshotRestoresOutput) SetUnsuccessful(v []*EnableFastSnapsh return s } +type EnableImageBlockPublicAccessInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // Specify block-new-sharing to enable block public access for AMIs at the account + // level in the specified Region. This will block any attempt to publicly share + // your AMIs in the specified Region. + // + // ImageBlockPublicAccessState is a required field + ImageBlockPublicAccessState *string `type:"string" required:"true" enum:"ImageBlockPublicAccessEnabledState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageBlockPublicAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageBlockPublicAccessInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableImageBlockPublicAccessInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableImageBlockPublicAccessInput"} + if s.ImageBlockPublicAccessState == nil { + invalidParams.Add(request.NewErrParamRequired("ImageBlockPublicAccessState")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableImageBlockPublicAccessInput) SetDryRun(v bool) *EnableImageBlockPublicAccessInput { + s.DryRun = &v + return s +} + +// SetImageBlockPublicAccessState sets the ImageBlockPublicAccessState field's value. +func (s *EnableImageBlockPublicAccessInput) SetImageBlockPublicAccessState(v string) *EnableImageBlockPublicAccessInput { + s.ImageBlockPublicAccessState = &v + return s +} + +type EnableImageBlockPublicAccessOutput struct { + _ struct{} `type:"structure"` + + // Returns block-new-sharing if the request succeeds; otherwise, it returns + // an error. + ImageBlockPublicAccessState *string `locationName:"imageBlockPublicAccessState" type:"string" enum:"ImageBlockPublicAccessEnabledState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageBlockPublicAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageBlockPublicAccessOutput) GoString() string { + return s.String() +} + +// SetImageBlockPublicAccessState sets the ImageBlockPublicAccessState field's value. +func (s *EnableImageBlockPublicAccessOutput) SetImageBlockPublicAccessState(v string) *EnableImageBlockPublicAccessOutput { + s.ImageBlockPublicAccessState = &v + return s +} + type EnableImageDeprecationInput struct { _ struct{} `type:"structure"` @@ -115006,6 +119095,95 @@ func (s *EnableImageDeprecationOutput) SetReturn(v bool) *EnableImageDeprecation return s } +type EnableImageInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the AMI. + // + // ImageId is a required field + ImageId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableImageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableImageInput"} + if s.ImageId == nil { + invalidParams.Add(request.NewErrParamRequired("ImageId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableImageInput) SetDryRun(v bool) *EnableImageInput { + s.DryRun = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *EnableImageInput) SetImageId(v string) *EnableImageInput { + s.ImageId = &v + return s +} + +type EnableImageOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, it returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableImageOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *EnableImageOutput) SetReturn(v bool) *EnableImageOutput { + s.Return = &v + return s +} + type EnableIpamOrganizationAdminAccountInput struct { _ struct{} `type:"structure"` @@ -115227,6 +119405,114 @@ func (s *EnableSerialConsoleAccessOutput) SetSerialConsoleAccessEnabled(v bool) return s } +type EnableSnapshotBlockPublicAccessInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The mode in which to enable block public access for snapshots for the Region. + // Specify one of the following values: + // + // * block-all-sharing - Prevents all public sharing of snapshots in the + // Region. Users in the account will no longer be able to request new public + // sharing. Additionally, snapshots that are already publicly shared are + // treated as private and they are no longer publicly available. If you enable + // block public access for snapshots in block-all-sharing mode, it does not + // change the permissions for snapshots that are already publicly shared. + // Instead, it prevents these snapshots from be publicly visible and publicly + // accessible. Therefore, the attributes for these snapshots still indicate + // that they are publicly shared, even though they are not publicly available. + // + // * block-new-sharing - Prevents only new public sharing of snapshots in + // the Region. Users in the account will no longer be able to request new + // public sharing. However, snapshots that are already publicly shared, remain + // publicly available. + // + // unblocked is not a valid value for EnableSnapshotBlockPublicAccess. + // + // State is a required field + State *string `type:"string" required:"true" enum:"SnapshotBlockPublicAccessState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableSnapshotBlockPublicAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableSnapshotBlockPublicAccessInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableSnapshotBlockPublicAccessInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableSnapshotBlockPublicAccessInput"} + if s.State == nil { + invalidParams.Add(request.NewErrParamRequired("State")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableSnapshotBlockPublicAccessInput) SetDryRun(v bool) *EnableSnapshotBlockPublicAccessInput { + s.DryRun = &v + return s +} + +// SetState sets the State field's value. +func (s *EnableSnapshotBlockPublicAccessInput) SetState(v string) *EnableSnapshotBlockPublicAccessInput { + s.State = &v + return s +} + +type EnableSnapshotBlockPublicAccessOutput struct { + _ struct{} `type:"structure"` + + // The state of block public access for snapshots for the account and Region. + // Returns either block-all-sharing or block-new-sharing if the request succeeds. + State *string `locationName:"state" type:"string" enum:"SnapshotBlockPublicAccessState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableSnapshotBlockPublicAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableSnapshotBlockPublicAccessOutput) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *EnableSnapshotBlockPublicAccessOutput) SetState(v string) *EnableSnapshotBlockPublicAccessOutput { + s.State = &v + return s +} + type EnableTransitGatewayRouteTablePropagationInput struct { _ struct{} `type:"structure"` @@ -117425,22 +121711,23 @@ func (s *FailedQueuedPurchaseDeletion) SetReservedInstancesId(v string) *FailedQ return s } -// Request to create a launch template for a fast-launch enabled Windows AMI. +// Request to create a launch template for a Windows fast launch enabled AMI. // // Note - You can specify either the LaunchTemplateName or the LaunchTemplateId, // but not both. type FastLaunchLaunchTemplateSpecificationRequest struct { _ struct{} `type:"structure"` - // The ID of the launch template to use for faster launching for a Windows AMI. + // Specify the ID of the launch template that the AMI should use for Windows + // fast launch. LaunchTemplateId *string `type:"string"` - // The name of the launch template to use for faster launching for a Windows - // AMI. + // Specify the name of the launch template that the AMI should use for Windows + // fast launch. LaunchTemplateName *string `type:"string"` - // The version of the launch template to use for faster launching for a Windows - // AMI. + // Specify the version of the launch template that the AMI should use for Windows + // fast launch. // // Version is a required field Version *string `type:"string" required:"true"` @@ -117495,21 +121782,17 @@ func (s *FastLaunchLaunchTemplateSpecificationRequest) SetVersion(v string) *Fas return s } -// Identifies the launch template to use for faster launching of the Windows -// AMI. +// Identifies the launch template that the AMI uses for Windows fast launch. type FastLaunchLaunchTemplateSpecificationResponse struct { _ struct{} `type:"structure"` - // The ID of the launch template for faster launching of the associated Windows - // AMI. + // The ID of the launch template that the AMI uses for Windows fast launch. LaunchTemplateId *string `locationName:"launchTemplateId" type:"string"` - // The name of the launch template for faster launching of the associated Windows - // AMI. + // The name of the launch template that the AMI uses for Windows fast launch. LaunchTemplateName *string `locationName:"launchTemplateName" type:"string"` - // The version of the launch template for faster launching of the associated - // Windows AMI. + // The version of the launch template that the AMI uses for Windows fast launch. Version *string `locationName:"version" type:"string"` } @@ -117550,12 +121833,12 @@ func (s *FastLaunchLaunchTemplateSpecificationResponse) SetVersion(v string) *Fa } // Configuration settings for creating and managing pre-provisioned snapshots -// for a fast-launch enabled Windows AMI. +// for a Windows fast launch enabled AMI. type FastLaunchSnapshotConfigurationRequest struct { _ struct{} `type:"structure"` - // The number of pre-provisioned snapshots to keep on hand for a fast-launch - // enabled Windows AMI. + // The number of pre-provisioned snapshots to keep on hand for a Windows fast + // launch enabled AMI. TargetResourceCount *int64 `type:"integer"` } @@ -117584,12 +121867,12 @@ func (s *FastLaunchSnapshotConfigurationRequest) SetTargetResourceCount(v int64) } // Configuration settings for creating and managing pre-provisioned snapshots -// for a fast-launch enabled Windows AMI. +// for a Windows fast launch enabled Windows AMI. type FastLaunchSnapshotConfigurationResponse struct { _ struct{} `type:"structure"` - // The number of pre-provisioned snapshots requested to keep on hand for a fast-launch - // enabled Windows AMI. + // The number of pre-provisioned snapshots requested to keep on hand for a Windows + // fast launch enabled AMI. TargetResourceCount *int64 `locationName:"targetResourceCount" type:"integer"` } @@ -120053,12 +124336,9 @@ type GetCapacityReservationUsageInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The maximum number of results to return for the request in a single page. - // The remaining results can be seen by sending another request with the returned - // nextToken value. This value can be between 5 and 500. If maxResults is given - // a larger value than 500, you receive an error. - // - // Valid range: Minimum value of 1. Maximum value of 1000. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"1" type:"integer"` // The token to use to retrieve the next page of results. @@ -120338,6 +124618,10 @@ type GetCoipPoolUsageOutput struct { // The ID of the local gateway route table. LocalGatewayRouteTableId *string `locationName:"localGatewayRouteTableId" type:"string"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation. @@ -120376,6 +124660,12 @@ func (s *GetCoipPoolUsageOutput) SetLocalGatewayRouteTableId(v string) *GetCoipP return s } +// SetNextToken sets the NextToken field's value. +func (s *GetCoipPoolUsageOutput) SetNextToken(v string) *GetCoipPoolUsageOutput { + s.NextToken = &v + return s +} + type GetConsoleOutputInput struct { _ struct{} `type:"structure"` @@ -120796,6 +125086,9 @@ type GetEbsEncryptionByDefaultOutput struct { // Indicates whether encryption by default is enabled. EbsEncryptionByDefault *bool `locationName:"ebsEncryptionByDefault" type:"boolean"` + + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` } // String returns the string representation. @@ -120822,6 +125115,12 @@ func (s *GetEbsEncryptionByDefaultOutput) SetEbsEncryptionByDefault(v bool) *Get return s } +// SetSseType sets the SseType field's value. +func (s *GetEbsEncryptionByDefaultOutput) SetSseType(v string) *GetEbsEncryptionByDefaultOutput { + s.SseType = &v + return s +} + type GetFlowLogsIntegrationTemplateInput struct { _ struct{} `type:"structure"` @@ -120961,10 +125260,9 @@ type GetGroupsForCapacityReservationInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The maximum number of results to return for the request in a single page. - // The remaining results can be seen by sending another request with the returned - // nextToken value. This value can be between 5 and 500. If maxResults is given - // a larger value than 500, you receive an error. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"1" type:"integer"` // The token to use to retrieve the next page of results. @@ -121191,6 +125489,79 @@ func (s *GetHostReservationPurchasePreviewOutput) SetTotalUpfrontPrice(v string) return s } +type GetImageBlockPublicAccessStateInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetImageBlockPublicAccessStateInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetImageBlockPublicAccessStateInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *GetImageBlockPublicAccessStateInput) SetDryRun(v bool) *GetImageBlockPublicAccessStateInput { + s.DryRun = &v + return s +} + +type GetImageBlockPublicAccessStateOutput struct { + _ struct{} `type:"structure"` + + // The current state of block public access for AMIs at the account level in + // the specified Amazon Web Services Region. + // + // Possible values: + // + // * block-new-sharing - Any attempt to publicly share your AMIs in the specified + // Region is blocked. + // + // * unblocked - Your AMIs in the specified Region can be publicly shared. + ImageBlockPublicAccessState *string `locationName:"imageBlockPublicAccessState" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetImageBlockPublicAccessStateOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetImageBlockPublicAccessStateOutput) GoString() string { + return s.String() +} + +// SetImageBlockPublicAccessState sets the ImageBlockPublicAccessState field's value. +func (s *GetImageBlockPublicAccessStateOutput) SetImageBlockPublicAccessState(v string) *GetImageBlockPublicAccessStateOutput { + s.ImageBlockPublicAccessState = &v + return s +} + type GetInstanceTypesFromInstanceRequirementsInput struct { _ struct{} `type:"structure"` @@ -121754,6 +126125,159 @@ func (s *GetIpamDiscoveredAccountsOutput) SetNextToken(v string) *GetIpamDiscove return s } +type GetIpamDiscoveredPublicAddressesInput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Region for the IP address. + // + // AddressRegion is a required field + AddressRegion *string `type:"string" required:"true"` + + // A check for whether you have the required permissions for the action without + // actually making the request and provides an error response. If you have the + // required permissions, the error response is DryRunOperation. Otherwise, it + // is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // Filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // An IPAM resource discovery ID. + // + // IpamResourceDiscoveryId is a required field + IpamResourceDiscoveryId *string `type:"string" required:"true"` + + // The maximum number of IPAM discovered public addresses to return in one page + // of results. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpamDiscoveredPublicAddressesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpamDiscoveredPublicAddressesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetIpamDiscoveredPublicAddressesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetIpamDiscoveredPublicAddressesInput"} + if s.AddressRegion == nil { + invalidParams.Add(request.NewErrParamRequired("AddressRegion")) + } + if s.IpamResourceDiscoveryId == nil { + invalidParams.Add(request.NewErrParamRequired("IpamResourceDiscoveryId")) + } + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAddressRegion sets the AddressRegion field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetAddressRegion(v string) *GetIpamDiscoveredPublicAddressesInput { + s.AddressRegion = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetDryRun(v bool) *GetIpamDiscoveredPublicAddressesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetFilters(v []*Filter) *GetIpamDiscoveredPublicAddressesInput { + s.Filters = v + return s +} + +// SetIpamResourceDiscoveryId sets the IpamResourceDiscoveryId field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetIpamResourceDiscoveryId(v string) *GetIpamDiscoveredPublicAddressesInput { + s.IpamResourceDiscoveryId = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetMaxResults(v int64) *GetIpamDiscoveredPublicAddressesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetIpamDiscoveredPublicAddressesInput) SetNextToken(v string) *GetIpamDiscoveredPublicAddressesInput { + s.NextToken = &v + return s +} + +type GetIpamDiscoveredPublicAddressesOutput struct { + _ struct{} `type:"structure"` + + // IPAM discovered public addresses. + IpamDiscoveredPublicAddresses []*IpamDiscoveredPublicAddress `locationName:"ipamDiscoveredPublicAddressSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The oldest successful resource discovery time. + OldestSampleTime *time.Time `locationName:"oldestSampleTime" type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpamDiscoveredPublicAddressesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetIpamDiscoveredPublicAddressesOutput) GoString() string { + return s.String() +} + +// SetIpamDiscoveredPublicAddresses sets the IpamDiscoveredPublicAddresses field's value. +func (s *GetIpamDiscoveredPublicAddressesOutput) SetIpamDiscoveredPublicAddresses(v []*IpamDiscoveredPublicAddress) *GetIpamDiscoveredPublicAddressesOutput { + s.IpamDiscoveredPublicAddresses = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetIpamDiscoveredPublicAddressesOutput) SetNextToken(v string) *GetIpamDiscoveredPublicAddressesOutput { + s.NextToken = &v + return s +} + +// SetOldestSampleTime sets the OldestSampleTime field's value. +func (s *GetIpamDiscoveredPublicAddressesOutput) SetOldestSampleTime(v time.Time) *GetIpamDiscoveredPublicAddressesOutput { + s.OldestSampleTime = &v + return s +} + type GetIpamDiscoveredResourceCidrsInput struct { _ struct{} `type:"structure"` @@ -122978,7 +127502,11 @@ type GetPasswordDataOutput struct { // The password of the instance. Returns an empty string if the password is // not available. - PasswordData *string `locationName:"passwordData" type:"string"` + // + // PasswordData is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetPasswordDataOutput's + // String and GoString methods. + PasswordData *string `locationName:"passwordData" type:"string" sensitive:"true"` // The time the data was last updated. Timestamp *time.Time `locationName:"timestamp" type:"timestamp"` @@ -123203,6 +127731,149 @@ func (s *GetReservedInstancesExchangeQuoteOutput) SetValidationFailureReason(v s return s } +type GetSecurityGroupsForVpcInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. If using multiple filters, the results include security groups + // which match all filters. + // + // * group-id: The security group ID. + // + // * description: The security group's description. + // + // * group-name: The security group name. + // + // * owner-id: The security group owner ID. + // + // * primary-vpc-id: The VPC ID in which the security group was created. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + MaxResults *int64 `min:"5" type:"integer"` + + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. + NextToken *string `type:"string"` + + // The VPC ID where the security group can be used. + // + // VpcId is a required field + VpcId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecurityGroupsForVpcInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecurityGroupsForVpcInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetSecurityGroupsForVpcInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetSecurityGroupsForVpcInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + if s.VpcId == nil { + invalidParams.Add(request.NewErrParamRequired("VpcId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetSecurityGroupsForVpcInput) SetDryRun(v bool) *GetSecurityGroupsForVpcInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *GetSecurityGroupsForVpcInput) SetFilters(v []*Filter) *GetSecurityGroupsForVpcInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetSecurityGroupsForVpcInput) SetMaxResults(v int64) *GetSecurityGroupsForVpcInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetSecurityGroupsForVpcInput) SetNextToken(v string) *GetSecurityGroupsForVpcInput { + s.NextToken = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *GetSecurityGroupsForVpcInput) SetVpcId(v string) *GetSecurityGroupsForVpcInput { + s.VpcId = &v + return s +} + +type GetSecurityGroupsForVpcOutput struct { + _ struct{} `type:"structure"` + + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The security group that can be used by interfaces in the VPC. + SecurityGroupForVpcs []*SecurityGroupForVpc `locationName:"securityGroupForVpcSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecurityGroupsForVpcOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecurityGroupsForVpcOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *GetSecurityGroupsForVpcOutput) SetNextToken(v string) *GetSecurityGroupsForVpcOutput { + s.NextToken = &v + return s +} + +// SetSecurityGroupForVpcs sets the SecurityGroupForVpcs field's value. +func (s *GetSecurityGroupsForVpcOutput) SetSecurityGroupForVpcs(v []*SecurityGroupForVpc) *GetSecurityGroupsForVpcOutput { + s.SecurityGroupForVpcs = v + return s +} + type GetSerialConsoleAccessStatusInput struct { _ struct{} `type:"structure"` @@ -123270,6 +127941,83 @@ func (s *GetSerialConsoleAccessStatusOutput) SetSerialConsoleAccessEnabled(v boo return s } +type GetSnapshotBlockPublicAccessStateInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSnapshotBlockPublicAccessStateInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSnapshotBlockPublicAccessStateInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *GetSnapshotBlockPublicAccessStateInput) SetDryRun(v bool) *GetSnapshotBlockPublicAccessStateInput { + s.DryRun = &v + return s +} + +type GetSnapshotBlockPublicAccessStateOutput struct { + _ struct{} `type:"structure"` + + // The current state of block public access for snapshots. Possible values include: + // + // * block-all-sharing - All public sharing of snapshots is blocked. Users + // in the account can't request new public sharing. Additionally, snapshots + // that were already publicly shared are treated as private and are not publicly + // available. + // + // * block-new-sharing - Only new public sharing of snapshots is blocked. + // Users in the account can't request new public sharing. However, snapshots + // that were already publicly shared, remain publicly available. + // + // * unblocked - Public sharing is not blocked. Users can publicly share + // snapshots. + State *string `locationName:"state" type:"string" enum:"SnapshotBlockPublicAccessState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSnapshotBlockPublicAccessStateOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSnapshotBlockPublicAccessStateOutput) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *GetSnapshotBlockPublicAccessStateOutput) SetState(v string) *GetSnapshotBlockPublicAccessStateOutput { + s.State = &v + return s +} + type GetSpotPlacementScoresInput struct { _ struct{} `type:"structure"` @@ -123319,8 +128067,6 @@ type GetSpotPlacementScoresInput struct { TargetCapacity *int64 `min:"1" type:"integer" required:"true"` // The unit for the target capacity. - // - // Default: units (translates to number of instances) TargetCapacityUnitType *string `type:"string" enum:"TargetCapacityUnitType"` } @@ -125375,6 +130121,15 @@ type HibernationOptionsRequest struct { // Set to true to enable your instance for hibernation. // + // For Spot Instances, if you set Configured to true, either omit the InstanceInterruptionBehavior + // parameter (for SpotMarketOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotMarketOptions.html)), + // or set it to hibernate. When Configured is true: + // + // * If you omit InstanceInterruptionBehavior, it defaults to hibernate. + // + // * If you set InstanceInterruptionBehavior to a value other than hibernate, + // you'll get an error. + // // Default: false Configured *bool `type:"boolean"` } @@ -126418,7 +131173,7 @@ type Image struct { // Specifies whether enhanced networking with ENA is enabled. EnaSupport *bool `locationName:"enaSupport" type:"boolean"` - // The hypervisor type of the image. + // The hypervisor type of the image. Only xen is supported. ovm is not supported. Hypervisor *string `locationName:"hypervisor" type:"string" enum:"HypervisorType"` // The ID of the AMI. @@ -126479,6 +131234,11 @@ type Image struct { // or an instance store volume. RootDeviceType *string `locationName:"rootDeviceType" type:"string" enum:"DeviceType"` + // The ID of the instance that the AMI was created from if the AMI was created + // using CreateImage (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html). + // This field only appears if the AMI was created using CreateImage. + SourceInstanceId *string `locationName:"sourceInstanceId" type:"string"` + // Specifies whether enhanced networking with the Intel 82599 Virtual Function // interface is enabled. SriovNetSupport *string `locationName:"sriovNetSupport" type:"string"` @@ -126668,6 +131428,12 @@ func (s *Image) SetRootDeviceType(v string) *Image { return s } +// SetSourceInstanceId sets the SourceInstanceId field's value. +func (s *Image) SetSourceInstanceId(v string) *Image { + s.SourceInstanceId = &v + return s +} + // SetSriovNetSupport sets the SriovNetSupport field's value. func (s *Image) SetSriovNetSupport(v string) *Image { s.SriovNetSupport = &v @@ -126978,6 +131744,10 @@ type ImportImageInput struct { Architecture *string `type:"string"` // The boot mode of the virtual machine. + // + // The uefi-preferred boot mode isn't supported for importing images. For more + // information, see Boot modes (https://docs.aws.amazon.com/vm-import/latest/userguide/prerequisites.html#vmimport-boot-modes) + // in the VM Import/Export User Guide. BootMode *string `type:"string" enum:"BootModeValues"` // The client-specific data. @@ -127018,9 +131788,7 @@ type ImportImageInput struct { // // * Key ID // - // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed - // by the Region of the key, the Amazon Web Services account ID of the key - // owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Key alias // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed // by the Region of the key, the Amazon Web Services account ID of the key @@ -127058,7 +131826,9 @@ type ImportImageInput struct { // in the VM Import/Export User Guide. LicenseType *string `type:"string"` - // The operating system of the virtual machine. + // The operating system of the virtual machine. If you import a VM that is compatible + // with Unified Extensible Firmware Interface (UEFI) using an EBS snapshot, + // you must specify a value for the platform. // // Valid values: Windows | Linux Platform *string `type:"string"` @@ -128181,9 +132951,7 @@ type ImportSnapshotInput struct { // // * Key ID // - // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed - // by the Region of the key, the Amazon Web Services account ID of the key - // owner, the alias namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Key alias // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed // by the Region of the key, the Amazon Web Services account ID of the key @@ -128610,6 +133378,10 @@ type InferenceAcceleratorInfo struct { // Describes the Inference accelerators for the instance type. Accelerators []*InferenceDeviceInfo `locationName:"accelerators" type:"list"` + + // The total size of the memory for the inference accelerators for the instance + // type, in MiB. + TotalInferenceMemoryInMiB *int64 `locationName:"totalInferenceMemoryInMiB" type:"integer"` } // String returns the string representation. @@ -128636,6 +133408,12 @@ func (s *InferenceAcceleratorInfo) SetAccelerators(v []*InferenceDeviceInfo) *In return s } +// SetTotalInferenceMemoryInMiB sets the TotalInferenceMemoryInMiB field's value. +func (s *InferenceAcceleratorInfo) SetTotalInferenceMemoryInMiB(v int64) *InferenceAcceleratorInfo { + s.TotalInferenceMemoryInMiB = &v + return s +} + // Describes the Inference accelerators for the instance type. type InferenceDeviceInfo struct { _ struct{} `type:"structure"` @@ -128646,6 +133424,9 @@ type InferenceDeviceInfo struct { // The manufacturer of the Inference accelerator. Manufacturer *string `locationName:"manufacturer" type:"string"` + // Describes the memory available to the inference accelerator. + MemoryInfo *InferenceDeviceMemoryInfo `locationName:"memoryInfo" type:"structure"` + // The name of the Inference accelerator. Name *string `locationName:"name" type:"string"` } @@ -128680,12 +133461,50 @@ func (s *InferenceDeviceInfo) SetManufacturer(v string) *InferenceDeviceInfo { return s } +// SetMemoryInfo sets the MemoryInfo field's value. +func (s *InferenceDeviceInfo) SetMemoryInfo(v *InferenceDeviceMemoryInfo) *InferenceDeviceInfo { + s.MemoryInfo = v + return s +} + // SetName sets the Name field's value. func (s *InferenceDeviceInfo) SetName(v string) *InferenceDeviceInfo { s.Name = &v return s } +// Describes the memory available to the inference accelerator. +type InferenceDeviceMemoryInfo struct { + _ struct{} `type:"structure"` + + // The size of the memory available to the inference accelerator, in MiB. + SizeInMiB *int64 `locationName:"sizeInMiB" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InferenceDeviceMemoryInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InferenceDeviceMemoryInfo) GoString() string { + return s.String() +} + +// SetSizeInMiB sets the SizeInMiB field's value. +func (s *InferenceDeviceMemoryInfo) SetSizeInMiB(v int64) *InferenceDeviceMemoryInfo { + s.SizeInMiB = &v + return s +} + // Describes an instance. type Instance struct { _ struct{} `type:"structure"` @@ -128803,7 +133622,8 @@ type Instance struct { // The location where the instance launched, if applicable. Placement *Placement `locationName:"placement" type:"structure"` - // The value is Windows for Windows instances; otherwise blank. + // The platform. This value is windows for Windows instances; otherwise, it + // is empty. Platform *string `locationName:"platform" type:"string" enum:"PlatformValues"` // The platform details value for the instance. For more information, see AMI @@ -129260,6 +134080,96 @@ func (s *Instance) SetVpcId(v string) *Instance { return s } +// ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology +// to increase the maximum bandwidth used per stream and minimize tail latency +// of network traffic between EC2 instances. With ENA Express, you can communicate +// between two EC2 instances in the same subnet within the same account, or +// in different accounts. Both sending and receiving instances must have ENA +// Express enabled. +// +// To improve the reliability of network packet delivery, ENA Express reorders +// network packets on the receiving end by default. However, some UDP-based +// applications are designed to handle network packets that are out of order +// to reduce the overhead for packet delivery at the network layer. When ENA +// Express is enabled, you can specify whether UDP network traffic uses it. +type InstanceAttachmentEnaSrdSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether ENA Express is enabled for the network interface. + EnaSrdEnabled *bool `locationName:"enaSrdEnabled" type:"boolean"` + + // Configures ENA Express for UDP network traffic. + EnaSrdUdpSpecification *InstanceAttachmentEnaSrdUdpSpecification `locationName:"enaSrdUdpSpecification" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceAttachmentEnaSrdSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceAttachmentEnaSrdSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *InstanceAttachmentEnaSrdSpecification) SetEnaSrdEnabled(v bool) *InstanceAttachmentEnaSrdSpecification { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *InstanceAttachmentEnaSrdSpecification) SetEnaSrdUdpSpecification(v *InstanceAttachmentEnaSrdUdpSpecification) *InstanceAttachmentEnaSrdSpecification { + s.EnaSrdUdpSpecification = v + return s +} + +// ENA Express is compatible with both TCP and UDP transport protocols. When +// it's enabled, TCP traffic automatically uses it. However, some UDP-based +// applications are designed to handle network packets that are out of order, +// without a need for retransmission, such as live video broadcasting or other +// near-real-time applications. For UDP traffic, you can specify whether to +// use ENA Express, based on your application environment needs. +type InstanceAttachmentEnaSrdUdpSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic to and from the instance uses ENA Express. + // To specify this setting, you must first enable ENA Express. + EnaSrdUdpEnabled *bool `locationName:"enaSrdUdpEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceAttachmentEnaSrdUdpSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceAttachmentEnaSrdUdpSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *InstanceAttachmentEnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *InstanceAttachmentEnaSrdUdpSpecification { + s.EnaSrdUdpEnabled = &v + return s +} + // Describes a block device mapping. type InstanceBlockDeviceMapping struct { _ struct{} `type:"structure"` @@ -130083,6 +134993,13 @@ type InstanceIpv6Address struct { // The IPv6 address. Ipv6Address *string `locationName:"ipv6Address" type:"string"` + + // Determines if an IPv6 address associated with a network interface is the + // primary IPv6 address. When you enable an IPv6 GUA address to be a primary + // IPv6, the first IPv6 GUA will be made the primary IPv6 address until the + // instance is terminated or the network interface is detached. For more information, + // see RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). + IsPrimaryIpv6 *bool `locationName:"isPrimaryIpv6" type:"boolean"` } // String returns the string representation. @@ -130109,6 +135026,12 @@ func (s *InstanceIpv6Address) SetIpv6Address(v string) *InstanceIpv6Address { return s } +// SetIsPrimaryIpv6 sets the IsPrimaryIpv6 field's value. +func (s *InstanceIpv6Address) SetIsPrimaryIpv6(v bool) *InstanceIpv6Address { + s.IsPrimaryIpv6 = &v + return s +} + // Describes an IPv6 address. type InstanceIpv6AddressRequest struct { _ struct{} `type:"structure"` @@ -130301,22 +135224,21 @@ type InstanceMetadataOptionsRequest struct { // Possible values: Integers from 1 to 64 HttpPutResponseHopLimit *int64 `type:"integer"` - // IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional - // (in other words, set the use of IMDSv2 to optional) or required (in other - // words, set the use of IMDSv2 to required). + // Indicates whether IMDSv2 is required. // - // * optional - When IMDSv2 is optional, you can choose to retrieve instance - // metadata with or without a session token in your request. If you retrieve - // the IAM role credentials without a token, the IMDSv1 role credentials - // are returned. If you retrieve the IAM role credentials using a valid session - // token, the IMDSv2 role credentials are returned. + // * optional - IMDSv2 is optional. You can choose whether to send a session + // token in your instance metadata retrieval requests. If you retrieve IAM + // role credentials without a session token, you receive the IMDSv1 role + // credentials. If you retrieve IAM role credentials using a valid session + // token, you receive the IMDSv2 role credentials. // - // * required - When IMDSv2 is required, you must send a session token with - // any instance metadata retrieval requests. In this state, retrieving the + // * required - IMDSv2 is required. You must send a session token in your + // instance metadata retrieval requests. With this option, retrieving the // IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials // are not available. // - // Default: optional + // Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) for + // your instance is v2.0, the default is required. HttpTokens *string `type:"string" enum:"HttpTokensState"` // Set to enabled to allow access to instance tags from the instance metadata. @@ -130398,22 +135320,18 @@ type InstanceMetadataOptionsResponse struct { // Possible values: Integers from 1 to 64 HttpPutResponseHopLimit *int64 `locationName:"httpPutResponseHopLimit" type:"integer"` - // IMDSv2 uses token-backed sessions. Indicates whether the use of HTTP tokens - // is optional (in other words, indicates whether the use of IMDSv2 is optional) - // or required (in other words, indicates whether the use of IMDSv2 is required). + // Indicates whether IMDSv2 is required. // - // * optional - When IMDSv2 is optional, you can choose to retrieve instance - // metadata with or without a session token in your request. If you retrieve - // the IAM role credentials without a token, the IMDSv1 role credentials - // are returned. If you retrieve the IAM role credentials using a valid session - // token, the IMDSv2 role credentials are returned. + // * optional - IMDSv2 is optional. You can choose whether to send a session + // token in your instance metadata retrieval requests. If you retrieve IAM + // role credentials without a session token, you receive the IMDSv1 role + // credentials. If you retrieve IAM role credentials using a valid session + // token, you receive the IMDSv2 role credentials. // - // * required - When IMDSv2 is required, you must send a session token with - // any instance metadata retrieval requests. In this state, retrieving the + // * required - IMDSv2 is required. You must send a session token in your + // instance metadata retrieval requests. With this option, retrieving the // IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials // are not available. - // - // Default: optional HttpTokens *string `locationName:"httpTokens" type:"string" enum:"HttpTokensState"` // Indicates whether access to instance tags from the instance metadata is enabled @@ -130536,6 +135454,12 @@ type InstanceNetworkInterface struct { // The network interface attachment. Attachment *InstanceNetworkInterfaceAttachment `locationName:"attachment" type:"structure"` + // A security group connection tracking configuration that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingConfiguration *ConnectionTrackingSpecificationResponse `locationName:"connectionTrackingConfiguration" type:"structure"` + // The description. Description *string `locationName:"description" type:"string"` @@ -130617,6 +135541,12 @@ func (s *InstanceNetworkInterface) SetAttachment(v *InstanceNetworkInterfaceAtta return s } +// SetConnectionTrackingConfiguration sets the ConnectionTrackingConfiguration field's value. +func (s *InstanceNetworkInterface) SetConnectionTrackingConfiguration(v *ConnectionTrackingSpecificationResponse) *InstanceNetworkInterface { + s.ConnectionTrackingConfiguration = v + return s +} + // SetDescription sets the Description field's value. func (s *InstanceNetworkInterface) SetDescription(v string) *InstanceNetworkInterface { s.Description = &v @@ -130797,6 +135727,10 @@ type InstanceNetworkInterfaceAttachment struct { // The index of the device on the instance for the network interface attachment. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` + // Contains the ENA Express settings for the network interface that's attached + // to the instance. + EnaSrdSpecification *InstanceAttachmentEnaSrdSpecification `locationName:"enaSrdSpecification" type:"structure"` + // The index of the network card. NetworkCardIndex *int64 `locationName:"networkCardIndex" type:"integer"` @@ -130846,6 +135780,12 @@ func (s *InstanceNetworkInterfaceAttachment) SetDeviceIndex(v int64) *InstanceNe return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *InstanceNetworkInterfaceAttachment) SetEnaSrdSpecification(v *InstanceAttachmentEnaSrdSpecification) *InstanceNetworkInterfaceAttachment { + s.EnaSrdSpecification = v + return s +} + // SetNetworkCardIndex sets the NetworkCardIndex field's value. func (s *InstanceNetworkInterfaceAttachment) SetNetworkCardIndex(v int64) *InstanceNetworkInterfaceAttachment { s.NetworkCardIndex = &v @@ -130875,8 +135815,19 @@ type InstanceNetworkInterfaceSpecification struct { // for eth0, and can only be assigned to a new network interface, not an existing // one. You cannot specify more than one network interface in the request. If // launching into a default subnet, the default value is true. + // + // Starting on February 1, 2024, Amazon Web Services will charge for all public + // IPv4 addresses, including public IPv4 addresses associated with running instances + // and Elastic IP addresses. For more information, see the Public IPv4 Address + // tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/). AssociatePublicIpAddress *bool `locationName:"associatePublicIpAddress" type:"boolean"` + // A security group connection tracking specification that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingSpecification *ConnectionTrackingSpecificationRequest `type:"structure"` + // If set to true, the interface is deleted when the instance is terminated. // You can specify true only if creating a new network interface when launching // an instance. @@ -130893,6 +135844,10 @@ type InstanceNetworkInterfaceSpecification struct { // the device index. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` + // Specifies the ENA Express settings for the network interface that's attached + // to the instance. + EnaSrdSpecification *EnaSrdSpecificationRequest `type:"structure"` + // The IDs of the security groups for the network interface. Applies only if // creating a network interface when launching an instance. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` @@ -130947,6 +135902,13 @@ type InstanceNetworkInterfaceSpecification struct { // specify a network interface ID in a launch specification. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + // The primary IPv6 address of the network interface. When you enable an IPv6 + // GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary + // IPv6 address until the instance is terminated or the network interface is + // detached. For more information about primary IPv6 addresses, see RunInstances + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). + PrimaryIpv6 *bool `type:"boolean"` + // The private IPv4 address of the network interface. Applies only if creating // a network interface when launching an instance. You cannot specify this option // if you're launching more than one instance in a RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) @@ -131001,6 +135963,12 @@ func (s *InstanceNetworkInterfaceSpecification) SetAssociatePublicIpAddress(v bo return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *InstanceNetworkInterfaceSpecification) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecificationRequest) *InstanceNetworkInterfaceSpecification { + s.ConnectionTrackingSpecification = v + return s +} + // SetDeleteOnTermination sets the DeleteOnTermination field's value. func (s *InstanceNetworkInterfaceSpecification) SetDeleteOnTermination(v bool) *InstanceNetworkInterfaceSpecification { s.DeleteOnTermination = &v @@ -131019,6 +135987,12 @@ func (s *InstanceNetworkInterfaceSpecification) SetDeviceIndex(v int64) *Instanc return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *InstanceNetworkInterfaceSpecification) SetEnaSrdSpecification(v *EnaSrdSpecificationRequest) *InstanceNetworkInterfaceSpecification { + s.EnaSrdSpecification = v + return s +} + // SetGroups sets the Groups field's value. func (s *InstanceNetworkInterfaceSpecification) SetGroups(v []*string) *InstanceNetworkInterfaceSpecification { s.Groups = v @@ -131079,6 +136053,12 @@ func (s *InstanceNetworkInterfaceSpecification) SetNetworkInterfaceId(v string) return s } +// SetPrimaryIpv6 sets the PrimaryIpv6 field's value. +func (s *InstanceNetworkInterfaceSpecification) SetPrimaryIpv6(v bool) *InstanceNetworkInterfaceSpecification { + s.PrimaryIpv6 = &v + return s +} + // SetPrivateIpAddress sets the PrivateIpAddress field's value. func (s *InstanceNetworkInterfaceSpecification) SetPrivateIpAddress(v string) *InstanceNetworkInterfaceSpecification { s.PrivateIpAddress = &v @@ -131166,6 +136146,9 @@ func (s *InstancePrivateIpAddress) SetPrivateIpAddress(v string) *InstancePrivat // The attributes for the instance types. When you specify instance attributes, // Amazon EC2 will identify instance types with these attributes. // +// You must specify VCpuCount and MemoryMiB. All other attributes are optional. +// Any unspecified optional attribute is set to its default. +// // When you specify multiple attributes, you get instance types that satisfy // all of the specified attributes. If you specify multiple values for an attribute, // you get instance types that satisfy any of the specified values. @@ -131180,11 +136163,18 @@ func (s *InstancePrivateIpAddress) SetPrivateIpAddress(v string) *InstancePrivat // - ExcludedInstanceTypes - The instance types to exclude from the list, // even if they match your specified attributes. // -// You must specify VCpuCount and MemoryMiB. All other attributes are optional. -// Any unspecified optional attribute is set to its default. +// If you specify InstanceRequirements, you can't specify InstanceType. // -// For more information, see Attribute-based instance type selection for EC2 -// Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), +// Attribute-based instance type selection is only supported when using Auto +// Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan +// to use the launch template in the launch instance wizard (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html) +// or with the RunInstances API (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html), +// you can't specify InstanceRequirements. +// +// For more information, see Create a mixed instances group using attribute-based +// instance type selection (https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) +// in the Amazon EC2 Auto Scaling User Guide, and also Attribute-based instance +// type selection for EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), // Attribute-based instance type selection for Spot Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), // and Spot placement score (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) // in the Amazon EC2 User Guide. @@ -131201,11 +136191,13 @@ type InstanceRequirements struct { // Indicates whether instance types must have accelerators by specific manufacturers. // - // * For instance types with NVIDIA devices, specify nvidia. + // * For instance types with Amazon Web Services devices, specify amazon-web-services. // // * For instance types with AMD devices, specify amd. // - // * For instance types with Amazon Web Services devices, specify amazon-web-services. + // * For instance types with Habana devices, specify habana. + // + // * For instance types with NVIDIA devices, specify nvidia. // // * For instance types with Xilinx devices, specify xilinx. // @@ -131214,24 +136206,30 @@ type InstanceRequirements struct { // The accelerators that must be on the instance type. // + // * For instance types with NVIDIA A10G GPUs, specify a10g. + // // * For instance types with NVIDIA A100 GPUs, specify a100. // - // * For instance types with NVIDIA V100 GPUs, specify v100. + // * For instance types with NVIDIA H100 GPUs, specify h100. // - // * For instance types with NVIDIA K80 GPUs, specify k80. + // * For instance types with Amazon Web Services Inferentia chips, specify + // inferentia. // - // * For instance types with NVIDIA T4 GPUs, specify t4. + // * For instance types with NVIDIA GRID K520 GPUs, specify k520. + // + // * For instance types with NVIDIA K80 GPUs, specify k80. // // * For instance types with NVIDIA M60 GPUs, specify m60. // // * For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520. // - // * For instance types with Xilinx VU9P FPGAs, specify vu9p. + // * For instance types with NVIDIA T4 GPUs, specify t4. // - // * For instance types with Amazon Web Services Inferentia chips, specify - // inferentia. + // * For instance types with NVIDIA T4G GPUs, specify t4g. // - // * For instance types with NVIDIA GRID K520 GPUs, specify k520. + // * For instance types with Xilinx VU9P FPGAs, specify vu9p. + // + // * For instance types with NVIDIA V100 GPUs, specify v100. // // Default: Any accelerator AcceleratorNames []*string `locationName:"acceleratorNameSet" locationNameList:"item" type:"list" enum:"AcceleratorName"` @@ -131601,6 +136599,9 @@ func (s *InstanceRequirements) SetVCpuCount(v *VCpuCountRange) *InstanceRequirem // The attributes for the instance types. When you specify instance attributes, // Amazon EC2 will identify instance types with these attributes. // +// You must specify VCpuCount and MemoryMiB. All other attributes are optional. +// Any unspecified optional attribute is set to its default. +// // When you specify multiple attributes, you get instance types that satisfy // all of the specified attributes. If you specify multiple values for an attribute, // you get instance types that satisfy any of the specified values. @@ -131615,8 +136616,14 @@ func (s *InstanceRequirements) SetVCpuCount(v *VCpuCountRange) *InstanceRequirem // - ExcludedInstanceTypes - The instance types to exclude from the list, // even if they match your specified attributes. // -// You must specify VCpuCount and MemoryMiB. All other attributes are optional. -// Any unspecified optional attribute is set to its default. +// If you specify InstanceRequirements, you can't specify InstanceType. +// +// Attribute-based instance type selection is only supported when using Auto +// Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan +// to use the launch template in the launch instance wizard (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), +// or with the RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) +// API or AWS::EC2::Instance (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) +// Amazon Web Services CloudFormation resource, you can't specify InstanceRequirements. // // For more information, see Attribute-based instance type selection for EC2 // Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), @@ -131636,11 +136643,13 @@ type InstanceRequirementsRequest struct { // Indicates whether instance types must have accelerators by specific manufacturers. // - // * For instance types with NVIDIA devices, specify nvidia. + // * For instance types with Amazon Web Services devices, specify amazon-web-services. // // * For instance types with AMD devices, specify amd. // - // * For instance types with Amazon Web Services devices, specify amazon-web-services. + // * For instance types with Habana devices, specify habana. + // + // * For instance types with NVIDIA devices, specify nvidia. // // * For instance types with Xilinx devices, specify xilinx. // @@ -131649,24 +136658,30 @@ type InstanceRequirementsRequest struct { // The accelerators that must be on the instance type. // + // * For instance types with NVIDIA A10G GPUs, specify a10g. + // // * For instance types with NVIDIA A100 GPUs, specify a100. // - // * For instance types with NVIDIA V100 GPUs, specify v100. + // * For instance types with NVIDIA H100 GPUs, specify h100. // - // * For instance types with NVIDIA K80 GPUs, specify k80. + // * For instance types with Amazon Web Services Inferentia chips, specify + // inferentia. // - // * For instance types with NVIDIA T4 GPUs, specify t4. + // * For instance types with NVIDIA GRID K520 GPUs, specify k520. + // + // * For instance types with NVIDIA K80 GPUs, specify k80. // // * For instance types with NVIDIA M60 GPUs, specify m60. // // * For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520. // - // * For instance types with Xilinx VU9P FPGAs, specify vu9p. + // * For instance types with NVIDIA T4 GPUs, specify t4. // - // * For instance types with Amazon Web Services Inferentia chips, specify - // inferentia. + // * For instance types with NVIDIA T4G GPUs, specify t4g. // - // * For instance types with NVIDIA GRID K520 GPUs, specify k520. + // * For instance types with Xilinx VU9P FPGAs, specify vu9p. + // + // * For instance types with NVIDIA V100 GPUs, specify v100. // // Default: Any accelerator AcceleratorNames []*string `locationName:"AcceleratorName" locationNameList:"item" type:"list" enum:"AcceleratorName"` @@ -131812,8 +136827,10 @@ type InstanceRequirementsRequest struct { // MemoryMiB is a required field MemoryMiB *MemoryMiBRequest `type:"structure" required:"true"` - // The minimum and maximum amount of network bandwidth, in gigabits per second - // (Gbps). + // The minimum and maximum amount of baseline network bandwidth, in gigabits + // per second (Gbps). For more information, see Amazon EC2 instance network + // bandwidth (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html) + // in the Amazon EC2 User Guide. // // Default: No minimum or maximum limits NetworkBandwidthGbps *NetworkBandwidthGbpsRequest `type:"structure"` @@ -132685,6 +137702,85 @@ func (s *InstanceTagNotificationAttribute) SetInstanceTagKeys(v []*string) *Inst return s } +// Information about the instance topology. +type InstanceTopology struct { + _ struct{} `type:"structure"` + + // The name of the Availability Zone or Local Zone that the instance is in. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The name of the placement group that the instance is in. + GroupName *string `locationName:"groupName" type:"string"` + + // The instance ID. + InstanceId *string `locationName:"instanceId" type:"string"` + + // The instance type. + InstanceType *string `locationName:"instanceType" type:"string"` + + // The network nodes. The nodes are hashed based on your account. Instances + // from different accounts running under the same droplet will return a different + // hashed list of strings. + NetworkNodes []*string `locationName:"networkNodeSet" locationNameList:"item" type:"list"` + + // The ID of the Availability Zone or Local Zone that the instance is in. + ZoneId *string `locationName:"zoneId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceTopology) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceTopology) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *InstanceTopology) SetAvailabilityZone(v string) *InstanceTopology { + s.AvailabilityZone = &v + return s +} + +// SetGroupName sets the GroupName field's value. +func (s *InstanceTopology) SetGroupName(v string) *InstanceTopology { + s.GroupName = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *InstanceTopology) SetInstanceId(v string) *InstanceTopology { + s.InstanceId = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *InstanceTopology) SetInstanceType(v string) *InstanceTopology { + s.InstanceType = &v + return s +} + +// SetNetworkNodes sets the NetworkNodes field's value. +func (s *InstanceTopology) SetNetworkNodes(v []*string) *InstanceTopology { + s.NetworkNodes = v + return s +} + +// SetZoneId sets the ZoneId field's value. +func (s *InstanceTopology) SetZoneId(v string) *InstanceTopology { + s.ZoneId = &v + return s +} + // Describes the instance type. type InstanceTypeInfo struct { _ struct{} `type:"structure"` @@ -132695,7 +137791,8 @@ type InstanceTypeInfo struct { // Indicates whether the instance is a bare metal instance type. BareMetal *bool `locationName:"bareMetal" type:"boolean"` - // Indicates whether the instance type is a burstable performance instance type. + // Indicates whether the instance type is a burstable performance T instance + // type. For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html). BurstablePerformanceSupported *bool `locationName:"burstablePerformanceSupported" type:"boolean"` // Indicates whether the instance type is current generation. @@ -132744,6 +137841,12 @@ type InstanceTypeInfo struct { // Indicates whether Nitro Enclaves is supported. NitroEnclavesSupport *string `locationName:"nitroEnclavesSupport" type:"string" enum:"NitroEnclavesSupport"` + // Describes the supported NitroTPM versions for the instance type. + NitroTpmInfo *NitroTpmInfo `locationName:"nitroTpmInfo" type:"structure"` + + // Indicates whether NitroTPM is supported. + NitroTpmSupport *string `locationName:"nitroTpmSupport" type:"string" enum:"NitroTpmSupport"` + // Describes the placement group settings for the instance type. PlacementGroupInfo *PlacementGroupInfo `locationName:"placementGroupInfo" type:"structure"` @@ -132893,6 +137996,18 @@ func (s *InstanceTypeInfo) SetNitroEnclavesSupport(v string) *InstanceTypeInfo { return s } +// SetNitroTpmInfo sets the NitroTpmInfo field's value. +func (s *InstanceTypeInfo) SetNitroTpmInfo(v *NitroTpmInfo) *InstanceTypeInfo { + s.NitroTpmInfo = v + return s +} + +// SetNitroTpmSupport sets the NitroTpmSupport field's value. +func (s *InstanceTypeInfo) SetNitroTpmSupport(v string) *InstanceTypeInfo { + s.NitroTpmSupport = &v + return s +} + // SetPlacementGroupInfo sets the PlacementGroupInfo field's value. func (s *InstanceTypeInfo) SetPlacementGroupInfo(v *PlacementGroupInfo) *InstanceTypeInfo { s.PlacementGroupInfo = v @@ -133233,21 +138348,20 @@ type IpPermission struct { // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). // - // [VPC only] Use -1 to specify all protocols. When authorizing security group - // rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 - // allows traffic on all ports, regardless of any port range you specify. For - // tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range - // is optional; if you omit the port range, traffic for all types and codes - // is allowed. + // Use -1 to specify all protocols. When authorizing security group rules, specifying + // -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic + // on all ports, regardless of any port range you specify. For tcp, udp, and + // icmp, you must specify a port range. For icmpv6, the port range is optional; + // if you omit the port range, traffic for all types and codes is allowed. IpProtocol *string `locationName:"ipProtocol" type:"string"` // The IPv4 ranges. IpRanges []*IpRange `locationName:"ipRanges" locationNameList:"item" type:"list"` - // [VPC only] The IPv6 ranges. + // The IPv6 ranges. Ipv6Ranges []*Ipv6Range `locationName:"ipv6Ranges" locationNameList:"item" type:"list"` - // [VPC only] The prefix list IDs. + // The prefix list IDs. PrefixListIds []*PrefixListId `locationName:"prefixListIds" locationNameList:"item" type:"list"` // If the protocol is TCP or UDP, this is the end of the port range. If the @@ -133422,11 +138536,19 @@ type Ipam struct { // The state of the IPAM. State *string `locationName:"state" type:"string" enum:"IpamState"` + // The state message. + StateMessage *string `locationName:"stateMessage" type:"string"` + // The key/value combination of a tag assigned to the resource. Use the tag // key in the filter name and the tag value as the filter value. For example, // to find all resources that have a tag with the key Owner and the value TeamA, // specify tag:Owner for the filter name and TeamA for the filter value. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // IPAM is offered in a Free Tier and an Advanced Tier. For more information + // about the features available in each tier and the costs associated with the + // tiers, see Amazon VPC pricing > IPAM tab (http://aws.amazon.com/vpc/pricing/). + Tier *string `locationName:"tier" type:"string" enum:"IpamTier"` } // String returns the string representation. @@ -133525,12 +138647,24 @@ func (s *Ipam) SetState(v string) *Ipam { return s } +// SetStateMessage sets the StateMessage field's value. +func (s *Ipam) SetStateMessage(v string) *Ipam { + s.StateMessage = &v + return s +} + // SetTags sets the Tags field's value. func (s *Ipam) SetTags(v []*Tag) *Ipam { s.Tags = v return s } +// SetTier sets the Tier field's value. +func (s *Ipam) SetTier(v string) *Ipam { + s.Tier = &v + return s +} + // The historical record of a CIDR within an IPAM scope. For more information, // see View the history of IP addresses (https://docs.aws.amazon.com/vpc/latest/ipam/view-history-cidr-ipam.html) // in the Amazon VPC IPAM User Guide. @@ -133779,6 +138913,203 @@ func (s *IpamDiscoveredAccount) SetLastSuccessfulDiscoveryTime(v time.Time) *Ipa return s } +// A public IP Address discovered by IPAM. +type IpamDiscoveredPublicAddress struct { + _ struct{} `type:"structure"` + + // The IP address. + Address *string `locationName:"address" type:"string"` + + // The allocation ID of the resource the IP address is assigned to. + AddressAllocationId *string `locationName:"addressAllocationId" type:"string"` + + // The ID of the owner of the resource the IP address is assigned to. + AddressOwnerId *string `locationName:"addressOwnerId" type:"string"` + + // The Region of the resource the IP address is assigned to. + AddressRegion *string `locationName:"addressRegion" type:"string"` + + // The IP address type. + AddressType *string `locationName:"addressType" type:"string" enum:"IpamPublicAddressType"` + + // The association status. + AssociationStatus *string `locationName:"associationStatus" type:"string" enum:"IpamPublicAddressAssociationStatus"` + + // The instance ID of the instance the assigned IP address is assigned to. + InstanceId *string `locationName:"instanceId" type:"string"` + + // The resource discovery ID. + IpamResourceDiscoveryId *string `locationName:"ipamResourceDiscoveryId" type:"string"` + + // The network border group that the resource that the IP address is assigned + // to is in. + NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` + + // The description of the network interface that IP address is assigned to. + NetworkInterfaceDescription *string `locationName:"networkInterfaceDescription" type:"string"` + + // The network interface ID of the resource with the assigned IP address. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + + // The ID of the public IPv4 pool that the resource with the assigned IP address + // is from. + PublicIpv4PoolId *string `locationName:"publicIpv4PoolId" type:"string"` + + // The last successful resource discovery time. + SampleTime *time.Time `locationName:"sampleTime" type:"timestamp"` + + // Security groups associated with the resource that the IP address is assigned + // to. + SecurityGroups []*IpamPublicAddressSecurityGroup `locationName:"securityGroupSet" locationNameList:"item" type:"list"` + + // The Amazon Web Services service associated with the IP address. + Service *string `locationName:"service" type:"string" enum:"IpamPublicAddressAwsService"` + + // The resource ARN or ID. + ServiceResource *string `locationName:"serviceResource" type:"string"` + + // The ID of the subnet that the resource with the assigned IP address is in. + SubnetId *string `locationName:"subnetId" type:"string"` + + // Tags associated with the IP address. + Tags *IpamPublicAddressTags `locationName:"tags" type:"structure"` + + // The ID of the VPC that the resource with the assigned IP address is in. + VpcId *string `locationName:"vpcId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamDiscoveredPublicAddress) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamDiscoveredPublicAddress) GoString() string { + return s.String() +} + +// SetAddress sets the Address field's value. +func (s *IpamDiscoveredPublicAddress) SetAddress(v string) *IpamDiscoveredPublicAddress { + s.Address = &v + return s +} + +// SetAddressAllocationId sets the AddressAllocationId field's value. +func (s *IpamDiscoveredPublicAddress) SetAddressAllocationId(v string) *IpamDiscoveredPublicAddress { + s.AddressAllocationId = &v + return s +} + +// SetAddressOwnerId sets the AddressOwnerId field's value. +func (s *IpamDiscoveredPublicAddress) SetAddressOwnerId(v string) *IpamDiscoveredPublicAddress { + s.AddressOwnerId = &v + return s +} + +// SetAddressRegion sets the AddressRegion field's value. +func (s *IpamDiscoveredPublicAddress) SetAddressRegion(v string) *IpamDiscoveredPublicAddress { + s.AddressRegion = &v + return s +} + +// SetAddressType sets the AddressType field's value. +func (s *IpamDiscoveredPublicAddress) SetAddressType(v string) *IpamDiscoveredPublicAddress { + s.AddressType = &v + return s +} + +// SetAssociationStatus sets the AssociationStatus field's value. +func (s *IpamDiscoveredPublicAddress) SetAssociationStatus(v string) *IpamDiscoveredPublicAddress { + s.AssociationStatus = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *IpamDiscoveredPublicAddress) SetInstanceId(v string) *IpamDiscoveredPublicAddress { + s.InstanceId = &v + return s +} + +// SetIpamResourceDiscoveryId sets the IpamResourceDiscoveryId field's value. +func (s *IpamDiscoveredPublicAddress) SetIpamResourceDiscoveryId(v string) *IpamDiscoveredPublicAddress { + s.IpamResourceDiscoveryId = &v + return s +} + +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *IpamDiscoveredPublicAddress) SetNetworkBorderGroup(v string) *IpamDiscoveredPublicAddress { + s.NetworkBorderGroup = &v + return s +} + +// SetNetworkInterfaceDescription sets the NetworkInterfaceDescription field's value. +func (s *IpamDiscoveredPublicAddress) SetNetworkInterfaceDescription(v string) *IpamDiscoveredPublicAddress { + s.NetworkInterfaceDescription = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *IpamDiscoveredPublicAddress) SetNetworkInterfaceId(v string) *IpamDiscoveredPublicAddress { + s.NetworkInterfaceId = &v + return s +} + +// SetPublicIpv4PoolId sets the PublicIpv4PoolId field's value. +func (s *IpamDiscoveredPublicAddress) SetPublicIpv4PoolId(v string) *IpamDiscoveredPublicAddress { + s.PublicIpv4PoolId = &v + return s +} + +// SetSampleTime sets the SampleTime field's value. +func (s *IpamDiscoveredPublicAddress) SetSampleTime(v time.Time) *IpamDiscoveredPublicAddress { + s.SampleTime = &v + return s +} + +// SetSecurityGroups sets the SecurityGroups field's value. +func (s *IpamDiscoveredPublicAddress) SetSecurityGroups(v []*IpamPublicAddressSecurityGroup) *IpamDiscoveredPublicAddress { + s.SecurityGroups = v + return s +} + +// SetService sets the Service field's value. +func (s *IpamDiscoveredPublicAddress) SetService(v string) *IpamDiscoveredPublicAddress { + s.Service = &v + return s +} + +// SetServiceResource sets the ServiceResource field's value. +func (s *IpamDiscoveredPublicAddress) SetServiceResource(v string) *IpamDiscoveredPublicAddress { + s.ServiceResource = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *IpamDiscoveredPublicAddress) SetSubnetId(v string) *IpamDiscoveredPublicAddress { + s.SubnetId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *IpamDiscoveredPublicAddress) SetTags(v *IpamPublicAddressTags) *IpamDiscoveredPublicAddress { + s.Tags = v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *IpamDiscoveredPublicAddress) SetVpcId(v string) *IpamDiscoveredPublicAddress { + s.VpcId = &v + return s +} + // An IPAM discovered resource CIDR. A discovered resource is a resource CIDR // monitored under a resource discovery. The following resources can be discovered: // VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses. The discovered @@ -134116,10 +139447,13 @@ type IpamPool struct { // pool within an existing source pool. SourceIpamPoolId *string `locationName:"sourceIpamPoolId" type:"string"` + // The resource used to provision CIDRs to a resource planning pool. + SourceResource *IpamPoolSourceResource `locationName:"sourceResource" type:"structure"` + // The state of the IPAM pool. State *string `locationName:"state" type:"string" enum:"IpamPoolState"` - // A message related to the failed creation of an IPAM pool. + // The state message. StateMessage *string `locationName:"stateMessage" type:"string"` // The key/value combination of a tag assigned to the resource. Use the tag @@ -134267,6 +139601,12 @@ func (s *IpamPool) SetSourceIpamPoolId(v string) *IpamPool { return s } +// SetSourceResource sets the SourceResource field's value. +func (s *IpamPool) SetSourceResource(v *IpamPoolSourceResource) *IpamPool { + s.SourceResource = v + return s +} + // SetState sets the State field's value. func (s *IpamPool) SetState(v string) *IpamPool { s.State = &v @@ -134490,6 +139830,238 @@ func (s *IpamPoolCidrFailureReason) SetMessage(v string) *IpamPoolCidrFailureRea return s } +// The resource used to provision CIDRs to a resource planning pool. +type IpamPoolSourceResource struct { + _ struct{} `type:"structure"` + + // The source resource ID. + ResourceId *string `locationName:"resourceId" type:"string"` + + // The source resource owner. + ResourceOwner *string `locationName:"resourceOwner" type:"string"` + + // The source resource Region. + ResourceRegion *string `locationName:"resourceRegion" type:"string"` + + // The source resource type. + ResourceType *string `locationName:"resourceType" type:"string" enum:"IpamPoolSourceResourceType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPoolSourceResource) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPoolSourceResource) GoString() string { + return s.String() +} + +// SetResourceId sets the ResourceId field's value. +func (s *IpamPoolSourceResource) SetResourceId(v string) *IpamPoolSourceResource { + s.ResourceId = &v + return s +} + +// SetResourceOwner sets the ResourceOwner field's value. +func (s *IpamPoolSourceResource) SetResourceOwner(v string) *IpamPoolSourceResource { + s.ResourceOwner = &v + return s +} + +// SetResourceRegion sets the ResourceRegion field's value. +func (s *IpamPoolSourceResource) SetResourceRegion(v string) *IpamPoolSourceResource { + s.ResourceRegion = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *IpamPoolSourceResource) SetResourceType(v string) *IpamPoolSourceResource { + s.ResourceType = &v + return s +} + +// The resource used to provision CIDRs to a resource planning pool. +type IpamPoolSourceResourceRequest struct { + _ struct{} `type:"structure"` + + // The source resource ID. + ResourceId *string `type:"string"` + + // The source resource owner. + ResourceOwner *string `type:"string"` + + // The source resource Region. + ResourceRegion *string `type:"string"` + + // The source resource type. + ResourceType *string `type:"string" enum:"IpamPoolSourceResourceType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPoolSourceResourceRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPoolSourceResourceRequest) GoString() string { + return s.String() +} + +// SetResourceId sets the ResourceId field's value. +func (s *IpamPoolSourceResourceRequest) SetResourceId(v string) *IpamPoolSourceResourceRequest { + s.ResourceId = &v + return s +} + +// SetResourceOwner sets the ResourceOwner field's value. +func (s *IpamPoolSourceResourceRequest) SetResourceOwner(v string) *IpamPoolSourceResourceRequest { + s.ResourceOwner = &v + return s +} + +// SetResourceRegion sets the ResourceRegion field's value. +func (s *IpamPoolSourceResourceRequest) SetResourceRegion(v string) *IpamPoolSourceResourceRequest { + s.ResourceRegion = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *IpamPoolSourceResourceRequest) SetResourceType(v string) *IpamPoolSourceResourceRequest { + s.ResourceType = &v + return s +} + +// The security group that the resource with the public IP address is in. +type IpamPublicAddressSecurityGroup struct { + _ struct{} `type:"structure"` + + // The security group's ID. + GroupId *string `locationName:"groupId" type:"string"` + + // The security group's name. + GroupName *string `locationName:"groupName" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressSecurityGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressSecurityGroup) GoString() string { + return s.String() +} + +// SetGroupId sets the GroupId field's value. +func (s *IpamPublicAddressSecurityGroup) SetGroupId(v string) *IpamPublicAddressSecurityGroup { + s.GroupId = &v + return s +} + +// SetGroupName sets the GroupName field's value. +func (s *IpamPublicAddressSecurityGroup) SetGroupName(v string) *IpamPublicAddressSecurityGroup { + s.GroupName = &v + return s +} + +// A tag for a public IP address discovered by IPAM. +type IpamPublicAddressTag struct { + _ struct{} `type:"structure"` + + // The tag's key. + Key *string `locationName:"key" type:"string"` + + // The tag's value. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressTag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressTag) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *IpamPublicAddressTag) SetKey(v string) *IpamPublicAddressTag { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *IpamPublicAddressTag) SetValue(v string) *IpamPublicAddressTag { + s.Value = &v + return s +} + +// Tags for a public IP address discovered by IPAM. +type IpamPublicAddressTags struct { + _ struct{} `type:"structure"` + + // Tags for an Elastic IP address. + EipTags []*IpamPublicAddressTag `locationName:"eipTagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressTags) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IpamPublicAddressTags) GoString() string { + return s.String() +} + +// SetEipTags sets the EipTags field's value. +func (s *IpamPublicAddressTags) SetEipTags(v []*IpamPublicAddressTag) *IpamPublicAddressTags { + s.EipTags = v + return s +} + // The CIDR for an IPAM resource. type IpamResourceCidr struct { _ struct{} `type:"structure"` @@ -135470,7 +141042,7 @@ func (s *Ipv6PrefixSpecificationResponse) SetIpv6Prefix(v string) *Ipv6PrefixSpe return s } -// [EC2-VPC only] Describes an IPv6 range. +// Describes an IPv6 range. type Ipv6Range struct { _ struct{} `type:"structure"` @@ -136354,7 +141926,8 @@ func (s *LaunchTemplateConfig) SetOverrides(v []*LaunchTemplateOverrides) *Launc type LaunchTemplateCpuOptions struct { _ struct{} `type:"structure"` - // Indicates whether the instance is enabled for AMD SEV-SNP. + // Indicates whether the instance is enabled for AMD SEV-SNP. For more information, + // see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"` // The number of CPU cores for the instance. @@ -136406,7 +141979,8 @@ type LaunchTemplateCpuOptionsRequest struct { _ struct{} `type:"structure"` // Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is - // supported with M6a, R6a, and C6a instance types only. + // supported with M6a, R6a, and C6a instance types only. For more information, + // see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"` // The number of CPU cores for the instance. @@ -136567,18 +142141,17 @@ type LaunchTemplateEbsBlockDeviceRequest struct { // // The following are the supported values for each volume type: // - // * gp3: 3,000-16,000 IOPS + // * gp3: 3,000 - 16,000 IOPS // - // * io1: 100-64,000 IOPS + // * io1: 100 - 64,000 IOPS // - // * io2: 100-64,000 IOPS + // * io2: 100 - 256,000 IOPS // - // For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built - // on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families guarantee performance up to 32,000 IOPS. + // For io2 volumes, you can achieve up to 256,000 IOPS on instances built on + // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // On other instances, you can achieve performance up to 32,000 IOPS. // - // This parameter is supported for io1, io2, and gp3 volumes only. This parameter - // is not supported for gp2, st1, sc1, or standard volumes. + // This parameter is supported for io1, io2, and gp3 volumes only. Iops *int64 `type:"integer"` // The ARN of the symmetric Key Management Service (KMS) CMK used for encryption. @@ -136596,13 +142169,15 @@ type LaunchTemplateEbsBlockDeviceRequest struct { // a volume size. The following are the supported volumes sizes for each volume // type: // - // * gp2 and gp3: 1-16,384 + // * gp2 and gp3: 1 - 16,384 GiB // - // * io1 and io2: 4-16,384 + // * io1: 4 - 16,384 GiB // - // * st1 and sc1: 125-16,384 + // * io2: 4 - 65,536 GiB // - // * standard: 1-1,024 + // * st1 and sc1: 125 - 16,384 GiB + // + // * standard: 1 - 1024 GiB VolumeSize *int64 `type:"integer"` // The volume type. For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) @@ -136782,6 +142357,96 @@ func (s *LaunchTemplateElasticInferenceAcceleratorResponse) SetType(v string) *L return s } +// ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology +// to increase the maximum bandwidth used per stream and minimize tail latency +// of network traffic between EC2 instances. With ENA Express, you can communicate +// between two EC2 instances in the same subnet within the same account, or +// in different accounts. Both sending and receiving instances must have ENA +// Express enabled. +// +// To improve the reliability of network packet delivery, ENA Express reorders +// network packets on the receiving end by default. However, some UDP-based +// applications are designed to handle network packets that are out of order +// to reduce the overhead for packet delivery at the network layer. When ENA +// Express is enabled, you can specify whether UDP network traffic uses it. +type LaunchTemplateEnaSrdSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether ENA Express is enabled for the network interface. + EnaSrdEnabled *bool `locationName:"enaSrdEnabled" type:"boolean"` + + // Configures ENA Express for UDP network traffic. + EnaSrdUdpSpecification *LaunchTemplateEnaSrdUdpSpecification `locationName:"enaSrdUdpSpecification" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateEnaSrdSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateEnaSrdSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *LaunchTemplateEnaSrdSpecification) SetEnaSrdEnabled(v bool) *LaunchTemplateEnaSrdSpecification { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *LaunchTemplateEnaSrdSpecification) SetEnaSrdUdpSpecification(v *LaunchTemplateEnaSrdUdpSpecification) *LaunchTemplateEnaSrdSpecification { + s.EnaSrdUdpSpecification = v + return s +} + +// ENA Express is compatible with both TCP and UDP transport protocols. When +// it's enabled, TCP traffic automatically uses it. However, some UDP-based +// applications are designed to handle network packets that are out of order, +// without a need for retransmission, such as live video broadcasting or other +// near-real-time applications. For UDP traffic, you can specify whether to +// use ENA Express, based on your application environment needs. +type LaunchTemplateEnaSrdUdpSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic to and from the instance uses ENA Express. + // To specify this setting, you must first enable ENA Express. + EnaSrdUdpEnabled *bool `locationName:"enaSrdUdpEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateEnaSrdUdpSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateEnaSrdUdpSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *LaunchTemplateEnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *LaunchTemplateEnaSrdUdpSpecification { + s.EnaSrdUdpEnabled = &v + return s +} + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. type LaunchTemplateEnclaveOptions struct { _ struct{} `type:"structure"` @@ -137174,20 +142839,18 @@ type LaunchTemplateInstanceMetadataOptions struct { // Possible values: Integers from 1 to 64 HttpPutResponseHopLimit *int64 `locationName:"httpPutResponseHopLimit" type:"integer"` - // Indicates whether IMDSv2 is optional or required. - // - // optional - When IMDSv2 is optional, you can choose to retrieve instance metadata - // with or without a session token in your request. If you retrieve the IAM - // role credentials without a token, the IMDSv1 role credentials are returned. - // If you retrieve the IAM role credentials using a valid session token, the - // IMDSv2 role credentials are returned. + // Indicates whether IMDSv2 is required. // - // required - When IMDSv2 is required, you must send a session token with any - // instance metadata retrieval requests. In this state, retrieving the IAM role - // credentials always returns IMDSv2 credentials; IMDSv1 credentials are not - // available. + // * optional - IMDSv2 is optional. You can choose whether to send a session + // token in your instance metadata retrieval requests. If you retrieve IAM + // role credentials without a session token, you receive the IMDSv1 role + // credentials. If you retrieve IAM role credentials using a valid session + // token, you receive the IMDSv2 role credentials. // - // Default: optional + // * required - IMDSv2 is required. You must send a session token in your + // instance metadata retrieval requests. With this option, retrieving the + // IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials + // are not available. HttpTokens *string `locationName:"httpTokens" type:"string" enum:"LaunchTemplateHttpTokensState"` // Set to enabled to allow access to instance tags from the instance metadata. @@ -137287,22 +142950,21 @@ type LaunchTemplateInstanceMetadataOptionsRequest struct { // Possible values: Integers from 1 to 64 HttpPutResponseHopLimit *int64 `type:"integer"` - // IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional - // (in other words, set the use of IMDSv2 to optional) or required (in other - // words, set the use of IMDSv2 to required). + // Indicates whether IMDSv2 is required. // - // * optional - When IMDSv2 is optional, you can choose to retrieve instance - // metadata with or without a session token in your request. If you retrieve - // the IAM role credentials without a token, the IMDSv1 role credentials - // are returned. If you retrieve the IAM role credentials using a valid session - // token, the IMDSv2 role credentials are returned. + // * optional - IMDSv2 is optional. You can choose whether to send a session + // token in your instance metadata retrieval requests. If you retrieve IAM + // role credentials without a session token, you receive the IMDSv1 role + // credentials. If you retrieve IAM role credentials using a valid session + // token, you receive the IMDSv2 role credentials. // - // * required - When IMDSv2 is required, you must send a session token with - // any instance metadata retrieval requests. In this state, retrieving the + // * required - IMDSv2 is required. You must send a session token in your + // instance metadata retrieval requests. With this option, retrieving the // IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials // are not available. // - // Default: optional + // Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) for + // your instance is v2.0, the default is required. HttpTokens *string `type:"string" enum:"LaunchTemplateHttpTokensState"` // Set to enabled to allow access to instance tags from the instance metadata. @@ -137377,8 +143039,19 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // Indicates whether to associate a public IPv4 address with eth0 for a new // network interface. + // + // Starting on February 1, 2024, Amazon Web Services will charge for all public + // IPv4 addresses, including public IPv4 addresses associated with running instances + // and Elastic IP addresses. For more information, see the Public IPv4 Address + // tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/). AssociatePublicIpAddress *bool `locationName:"associatePublicIpAddress" type:"boolean"` + // A security group connection tracking specification that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingSpecification *ConnectionTrackingSpecification `locationName:"connectionTrackingSpecification" type:"structure"` + // Indicates whether the network interface is deleted when the instance is terminated. DeleteOnTermination *bool `locationName:"deleteOnTermination" type:"boolean"` @@ -137388,6 +143061,10 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // The device index for the network interface attachment. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` + // Contains the ENA Express settings for instances launched from your launch + // template. + EnaSrdSpecification *LaunchTemplateEnaSrdSpecification `locationName:"enaSrdSpecification" type:"structure"` + // The IDs of one or more security groups. Groups []*string `locationName:"groupSet" locationNameList:"groupId" type:"list"` @@ -137420,6 +143097,13 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + // The primary IPv6 address of the network interface. When you enable an IPv6 + // GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary + // IPv6 address until the instance is terminated or the network interface is + // detached. For more information about primary IPv6 addresses, see RunInstances + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). + PrimaryIpv6 *bool `locationName:"primaryIpv6" type:"boolean"` + // The primary private IPv4 address of the network interface. PrivateIpAddress *string `locationName:"privateIpAddress" type:"string"` @@ -137463,6 +143147,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetAssociatePublic return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecification) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.ConnectionTrackingSpecification = v + return s +} + // SetDeleteOnTermination sets the DeleteOnTermination field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetDeleteOnTermination(v bool) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.DeleteOnTermination = &v @@ -137481,6 +143171,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetDeviceIndex(v i return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetEnaSrdSpecification(v *LaunchTemplateEnaSrdSpecification) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.EnaSrdSpecification = v + return s +} + // SetGroups sets the Groups field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetGroups(v []*string) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.Groups = v @@ -137541,6 +143237,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetNetworkInterfac return s } +// SetPrimaryIpv6 sets the PrimaryIpv6 field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetPrimaryIpv6(v bool) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.PrimaryIpv6 = &v + return s +} + // SetPrivateIpAddress sets the PrivateIpAddress field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetPrivateIpAddress(v string) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.PrivateIpAddress = &v @@ -137578,8 +143280,19 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { AssociateCarrierIpAddress *bool `type:"boolean"` // Associates a public IPv4 address with eth0 for a new network interface. + // + // Starting on February 1, 2024, Amazon Web Services will charge for all public + // IPv4 addresses, including public IPv4 addresses associated with running instances + // and Elastic IP addresses. For more information, see the Public IPv4 Address + // tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/). AssociatePublicIpAddress *bool `type:"boolean"` + // A security group connection tracking specification that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingSpecification *ConnectionTrackingSpecificationRequest `type:"structure"` + // Indicates whether the network interface is deleted when the instance is terminated. DeleteOnTermination *bool `type:"boolean"` @@ -137589,6 +143302,9 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // The device index for the network interface attachment. DeviceIndex *int64 `type:"integer"` + // Configure ENA Express settings for your launch template. + EnaSrdSpecification *EnaSrdSpecificationRequest `type:"structure"` + // The IDs of one or more security groups. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` @@ -137634,6 +143350,13 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // The ID of the network interface. NetworkInterfaceId *string `type:"string"` + // The primary IPv6 address of the network interface. When you enable an IPv6 + // GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary + // IPv6 address until the instance is terminated or the network interface is + // detached. For more information about primary IPv6 addresses, see RunInstances + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html). + PrimaryIpv6 *bool `type:"boolean"` + // The primary private IPv4 address of the network interface. PrivateIpAddress *string `type:"string"` @@ -137677,6 +143400,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetAssociat return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecificationRequest) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.ConnectionTrackingSpecification = v + return s +} + // SetDeleteOnTermination sets the DeleteOnTermination field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetDeleteOnTermination(v bool) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.DeleteOnTermination = &v @@ -137695,6 +143424,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetDeviceIn return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetEnaSrdSpecification(v *EnaSrdSpecificationRequest) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.EnaSrdSpecification = v + return s +} + // SetGroups sets the Groups field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetGroups(v []*string) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.Groups = v @@ -137755,6 +143490,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetNetworkI return s } +// SetPrimaryIpv6 sets the PrimaryIpv6 field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetPrimaryIpv6(v bool) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.PrimaryIpv6 = &v + return s +} + // SetPrivateIpAddress sets the PrivateIpAddress field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetPrivateIpAddress(v string) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.PrivateIpAddress = &v @@ -138552,9 +144293,12 @@ type LaunchTemplateTagSpecificationRequest struct { // The type of resource to tag. // - // The Valid Values are all the resource types that can be tagged. However, - // when creating a launch template, you can specify tags for the following resource - // types only: instance | volume | elastic-gpu | network-interface | spot-instances-request + // Valid Values lists all resource types for Amazon EC2 that can be tagged. + // When you create a launch template, you can specify tags for the following + // resource types only: instance | volume | elastic-gpu | network-interface + // | spot-instances-request. If the instance does not include the resource type + // that you specify, the instance launch fails. For example, not all instance + // types include an Elastic GPU. // // To tag a resource after it has been created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). ResourceType *string `type:"string" enum:"ResourceType"` @@ -139905,6 +145649,389 @@ func (s *LocalGatewayVirtualInterfaceGroup) SetTags(v []*Tag) *LocalGatewayVirtu return s } +type LockSnapshotInput struct { + _ struct{} `type:"structure"` + + // The cooling-off period during which you can unlock the snapshot or modify + // the lock settings after locking the snapshot in compliance mode, in hours. + // After the cooling-off period expires, you can't unlock or delete the snapshot, + // decrease the lock duration, or change the lock mode. You can increase the + // lock duration after the cooling-off period expires. + // + // The cooling-off period is optional when locking a snapshot in compliance + // mode. If you are locking the snapshot in governance mode, omit this parameter. + // + // To lock the snapshot in compliance mode immediately without a cooling-off + // period, omit this parameter. + // + // If you are extending the lock duration for a snapshot that is locked in compliance + // mode after the cooling-off period has expired, omit this parameter. If you + // specify a cooling-period in a such a request, the request fails. + // + // Allowed values: Min 1, max 72. + CoolOffPeriod *int64 `min:"1" type:"integer"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The date and time at which the snapshot lock is to automatically expire, + // in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + // + // You must specify either this parameter or LockDuration, but not both. + ExpirationDate *time.Time `type:"timestamp"` + + // The period of time for which to lock the snapshot, in days. The snapshot + // lock will automatically expire after this period lapses. + // + // You must specify either this parameter or ExpirationDate, but not both. + // + // Allowed values: Min: 1, max 36500 + LockDuration *int64 `min:"1" type:"integer"` + + // The mode in which to lock the snapshot. Specify one of the following: + // + // * governance - Locks the snapshot in governance mode. Snapshots locked + // in governance mode can't be deleted until one of the following conditions + // are met: The lock duration expires. The snapshot is unlocked by a user + // with the appropriate permissions. Users with the appropriate IAM permissions + // can unlock the snapshot, increase or decrease the lock duration, and change + // the lock mode to compliance at any time. If you lock a snapshot in governance + // mode, omit CoolOffPeriod. + // + // * compliance - Locks the snapshot in compliance mode. Snapshots locked + // in compliance mode can't be unlocked by any user. They can be deleted + // only after the lock duration expires. Users can't decrease the lock duration + // or change the lock mode to governance. However, users with appropriate + // IAM permissions can increase the lock duration at any time. If you lock + // a snapshot in compliance mode, you can optionally specify CoolOffPeriod. + // + // LockMode is a required field + LockMode *string `type:"string" required:"true" enum:"LockMode"` + + // The ID of the snapshot to lock. + // + // SnapshotId is a required field + SnapshotId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockSnapshotInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockSnapshotInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *LockSnapshotInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "LockSnapshotInput"} + if s.CoolOffPeriod != nil && *s.CoolOffPeriod < 1 { + invalidParams.Add(request.NewErrParamMinValue("CoolOffPeriod", 1)) + } + if s.LockDuration != nil && *s.LockDuration < 1 { + invalidParams.Add(request.NewErrParamMinValue("LockDuration", 1)) + } + if s.LockMode == nil { + invalidParams.Add(request.NewErrParamRequired("LockMode")) + } + if s.SnapshotId == nil { + invalidParams.Add(request.NewErrParamRequired("SnapshotId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCoolOffPeriod sets the CoolOffPeriod field's value. +func (s *LockSnapshotInput) SetCoolOffPeriod(v int64) *LockSnapshotInput { + s.CoolOffPeriod = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *LockSnapshotInput) SetDryRun(v bool) *LockSnapshotInput { + s.DryRun = &v + return s +} + +// SetExpirationDate sets the ExpirationDate field's value. +func (s *LockSnapshotInput) SetExpirationDate(v time.Time) *LockSnapshotInput { + s.ExpirationDate = &v + return s +} + +// SetLockDuration sets the LockDuration field's value. +func (s *LockSnapshotInput) SetLockDuration(v int64) *LockSnapshotInput { + s.LockDuration = &v + return s +} + +// SetLockMode sets the LockMode field's value. +func (s *LockSnapshotInput) SetLockMode(v string) *LockSnapshotInput { + s.LockMode = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *LockSnapshotInput) SetSnapshotId(v string) *LockSnapshotInput { + s.SnapshotId = &v + return s +} + +type LockSnapshotOutput struct { + _ struct{} `type:"structure"` + + // The compliance mode cooling-off period, in hours. + CoolOffPeriod *int64 `locationName:"coolOffPeriod" type:"integer"` + + // The date and time at which the compliance mode cooling-off period expires, + // in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + CoolOffPeriodExpiresOn *time.Time `locationName:"coolOffPeriodExpiresOn" type:"timestamp"` + + // The date and time at which the snapshot was locked, in the UTC time zone + // (YYYY-MM-DDThh:mm:ss.sssZ). + LockCreatedOn *time.Time `locationName:"lockCreatedOn" type:"timestamp"` + + // The period of time for which the snapshot is locked, in days. + LockDuration *int64 `locationName:"lockDuration" type:"integer"` + + // The date and time at which the lock duration started, in the UTC time zone + // (YYYY-MM-DDThh:mm:ss.sssZ). + LockDurationStartTime *time.Time `locationName:"lockDurationStartTime" type:"timestamp"` + + // The date and time at which the lock will expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + LockExpiresOn *time.Time `locationName:"lockExpiresOn" type:"timestamp"` + + // The state of the snapshot lock. Valid states include: + // + // * compliance-cooloff - The snapshot has been locked in compliance mode + // but it is still within the cooling-off period. The snapshot can't be deleted, + // but it can be unlocked and the lock settings can be modified by users + // with appropriate permissions. + // + // * governance - The snapshot is locked in governance mode. The snapshot + // can't be deleted, but it can be unlocked and the lock settings can be + // modified by users with appropriate permissions. + // + // * compliance - The snapshot is locked in compliance mode and the cooling-off + // period has expired. The snapshot can't be unlocked or deleted. The lock + // duration can only be increased by users with appropriate permissions. + // + // * expired - The snapshot was locked in compliance or governance mode but + // the lock duration has expired. The snapshot is not locked and can be deleted. + LockState *string `locationName:"lockState" type:"string" enum:"LockState"` + + // The ID of the snapshot + SnapshotId *string `locationName:"snapshotId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockSnapshotOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockSnapshotOutput) GoString() string { + return s.String() +} + +// SetCoolOffPeriod sets the CoolOffPeriod field's value. +func (s *LockSnapshotOutput) SetCoolOffPeriod(v int64) *LockSnapshotOutput { + s.CoolOffPeriod = &v + return s +} + +// SetCoolOffPeriodExpiresOn sets the CoolOffPeriodExpiresOn field's value. +func (s *LockSnapshotOutput) SetCoolOffPeriodExpiresOn(v time.Time) *LockSnapshotOutput { + s.CoolOffPeriodExpiresOn = &v + return s +} + +// SetLockCreatedOn sets the LockCreatedOn field's value. +func (s *LockSnapshotOutput) SetLockCreatedOn(v time.Time) *LockSnapshotOutput { + s.LockCreatedOn = &v + return s +} + +// SetLockDuration sets the LockDuration field's value. +func (s *LockSnapshotOutput) SetLockDuration(v int64) *LockSnapshotOutput { + s.LockDuration = &v + return s +} + +// SetLockDurationStartTime sets the LockDurationStartTime field's value. +func (s *LockSnapshotOutput) SetLockDurationStartTime(v time.Time) *LockSnapshotOutput { + s.LockDurationStartTime = &v + return s +} + +// SetLockExpiresOn sets the LockExpiresOn field's value. +func (s *LockSnapshotOutput) SetLockExpiresOn(v time.Time) *LockSnapshotOutput { + s.LockExpiresOn = &v + return s +} + +// SetLockState sets the LockState field's value. +func (s *LockSnapshotOutput) SetLockState(v string) *LockSnapshotOutput { + s.LockState = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *LockSnapshotOutput) SetSnapshotId(v string) *LockSnapshotOutput { + s.SnapshotId = &v + return s +} + +// Information about a locked snapshot. +type LockedSnapshotsInfo struct { + _ struct{} `type:"structure"` + + // The compliance mode cooling-off period, in hours. + CoolOffPeriod *int64 `locationName:"coolOffPeriod" type:"integer"` + + // The date and time at which the compliance mode cooling-off period expires, + // in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + CoolOffPeriodExpiresOn *time.Time `locationName:"coolOffPeriodExpiresOn" type:"timestamp"` + + // The date and time at which the snapshot was locked, in the UTC time zone + // (YYYY-MM-DDThh:mm:ss.sssZ). + LockCreatedOn *time.Time `locationName:"lockCreatedOn" type:"timestamp"` + + // The period of time for which the snapshot is locked, in days. + LockDuration *int64 `locationName:"lockDuration" type:"integer"` + + // The date and time at which the lock duration started, in the UTC time zone + // (YYYY-MM-DDThh:mm:ss.sssZ). + // + // If you lock a snapshot that is in the pending state, the lock duration starts + // only once the snapshot enters the completed state. + LockDurationStartTime *time.Time `locationName:"lockDurationStartTime" type:"timestamp"` + + // The date and time at which the lock will expire, in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ). + LockExpiresOn *time.Time `locationName:"lockExpiresOn" type:"timestamp"` + + // The state of the snapshot lock. Valid states include: + // + // * compliance-cooloff - The snapshot has been locked in compliance mode + // but it is still within the cooling-off period. The snapshot can't be deleted, + // but it can be unlocked and the lock settings can be modified by users + // with appropriate permissions. + // + // * governance - The snapshot is locked in governance mode. The snapshot + // can't be deleted, but it can be unlocked and the lock settings can be + // modified by users with appropriate permissions. + // + // * compliance - The snapshot is locked in compliance mode and the cooling-off + // period has expired. The snapshot can't be unlocked or deleted. The lock + // duration can only be increased by users with appropriate permissions. + // + // * expired - The snapshot was locked in compliance or governance mode but + // the lock duration has expired. The snapshot is not locked and can be deleted. + LockState *string `locationName:"lockState" type:"string" enum:"LockState"` + + // The account ID of the Amazon Web Services account that owns the snapshot. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockedSnapshotsInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LockedSnapshotsInfo) GoString() string { + return s.String() +} + +// SetCoolOffPeriod sets the CoolOffPeriod field's value. +func (s *LockedSnapshotsInfo) SetCoolOffPeriod(v int64) *LockedSnapshotsInfo { + s.CoolOffPeriod = &v + return s +} + +// SetCoolOffPeriodExpiresOn sets the CoolOffPeriodExpiresOn field's value. +func (s *LockedSnapshotsInfo) SetCoolOffPeriodExpiresOn(v time.Time) *LockedSnapshotsInfo { + s.CoolOffPeriodExpiresOn = &v + return s +} + +// SetLockCreatedOn sets the LockCreatedOn field's value. +func (s *LockedSnapshotsInfo) SetLockCreatedOn(v time.Time) *LockedSnapshotsInfo { + s.LockCreatedOn = &v + return s +} + +// SetLockDuration sets the LockDuration field's value. +func (s *LockedSnapshotsInfo) SetLockDuration(v int64) *LockedSnapshotsInfo { + s.LockDuration = &v + return s +} + +// SetLockDurationStartTime sets the LockDurationStartTime field's value. +func (s *LockedSnapshotsInfo) SetLockDurationStartTime(v time.Time) *LockedSnapshotsInfo { + s.LockDurationStartTime = &v + return s +} + +// SetLockExpiresOn sets the LockExpiresOn field's value. +func (s *LockedSnapshotsInfo) SetLockExpiresOn(v time.Time) *LockedSnapshotsInfo { + s.LockExpiresOn = &v + return s +} + +// SetLockState sets the LockState field's value. +func (s *LockedSnapshotsInfo) SetLockState(v string) *LockedSnapshotsInfo { + s.LockState = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *LockedSnapshotsInfo) SetOwnerId(v string) *LockedSnapshotsInfo { + s.OwnerId = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *LockedSnapshotsInfo) SetSnapshotId(v string) *LockedSnapshotsInfo { + s.SnapshotId = &v + return s +} + // Details for Site-to-Site VPN tunnel endpoint maintenance events. type MaintenanceDetails struct { _ struct{} `type:"structure"` @@ -142143,7 +148270,8 @@ type ModifyInstanceAttributeInput struct { // Modifies the DeleteOnTermination attribute for volumes that are currently // attached. The volume must be owned by the caller. If no value is specified // for DeleteOnTermination, the default is true and the volume is deleted when - // the instance is terminated. + // the instance is terminated. You can't modify the DeleteOnTermination attribute + // for volumes that are attached to Fargate tasks. // // To add instance store volumes to an Amazon EBS-backed instance, you must // add them when you launch the instance. For more information, see Update the @@ -142993,7 +149121,7 @@ type ModifyInstanceMetadataOptionsInput struct { HttpEndpoint *string `type:"string" enum:"InstanceMetadataEndpointState"` // Enables or disables the IPv6 endpoint for the instance metadata service. - // This setting applies only if you have enabled the HTTP metadata endpoint. + // Applies only if you enabled the HTTP metadata endpoint. HttpProtocolIpv6 *string `type:"string" enum:"InstanceMetadataProtocolState"` // The desired HTTP PUT response hop limit for instance metadata requests. The @@ -143003,22 +149131,21 @@ type ModifyInstanceMetadataOptionsInput struct { // Possible values: Integers from 1 to 64 HttpPutResponseHopLimit *int64 `type:"integer"` - // IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional - // (in other words, set the use of IMDSv2 to optional) or required (in other - // words, set the use of IMDSv2 to required). + // Indicates whether IMDSv2 is required. // - // * optional - When IMDSv2 is optional, you can choose to retrieve instance - // metadata with or without a session token in your request. If you retrieve - // the IAM role credentials without a token, the IMDSv1 role credentials - // are returned. If you retrieve the IAM role credentials using a valid session - // token, the IMDSv2 role credentials are returned. + // * optional - IMDSv2 is optional. You can choose whether to send a session + // token in your instance metadata retrieval requests. If you retrieve IAM + // role credentials without a session token, you receive the IMDSv1 role + // credentials. If you retrieve IAM role credentials using a valid session + // token, you receive the IMDSv2 role credentials. // - // * required - When IMDSv2 is required, you must send a session token with - // any instance metadata retrieval requests. In this state, retrieving the + // * required - IMDSv2 is required. You must send a session token in your + // instance metadata retrieval requests. With this option, retrieving the // IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials // are not available. // - // Default: optional + // Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) for + // your instance is v2.0, the default is required. HttpTokens *string `type:"string" enum:"HttpTokensState"` // The ID of the instance. @@ -143329,6 +149456,11 @@ type ModifyIpamInput struct { // The operating Regions to remove. RemoveOperatingRegions []*RemoveIpamOperatingRegion `locationName:"RemoveOperatingRegion" type:"list"` + + // IPAM is offered in a Free Tier and an Advanced Tier. For more information + // about the features available in each tier and the costs associated with the + // tiers, see Amazon VPC pricing > IPAM tab (http://aws.amazon.com/vpc/pricing/). + Tier *string `type:"string" enum:"IpamTier"` } // String returns the string representation. @@ -143392,6 +149524,12 @@ func (s *ModifyIpamInput) SetRemoveOperatingRegions(v []*RemoveIpamOperatingRegi return s } +// SetTier sets the Tier field's value. +func (s *ModifyIpamInput) SetTier(v string) *ModifyIpamInput { + s.Tier = &v + return s +} + type ModifyIpamOutput struct { _ struct{} `type:"structure"` @@ -144396,6 +150534,9 @@ type ModifyNetworkInterfaceAttributeInput struct { // attribute, you must specify the ID of the interface attachment. Attachment *NetworkInterfaceAttachmentChanges `locationName:"attachment" type:"structure"` + // A connection tracking specification. + ConnectionTrackingSpecification *ConnectionTrackingSpecificationRequest `type:"structure"` + // A description for the network interface. Description *AttributeValue `locationName:"description" type:"structure"` @@ -144409,6 +150550,21 @@ type ModifyNetworkInterfaceAttributeInput struct { // attached to the instance. EnaSrdSpecification *EnaSrdSpecification `type:"structure"` + // If you’re modifying a network interface in a dual-stack or IPv6-only subnet, + // you have the option to assign a primary IPv6 IP address. A primary IPv6 address + // is an IPv6 GUA address associated with an ENI that you have enabled to use + // a primary IPv6 address. Use this option if the instance that this ENI will + // be attached to relies on its IPv6 address not changing. Amazon Web Services + // will automatically assign an IPv6 address associated with the ENI attached + // to your instance to be the primary IPv6 address. Once you enable an IPv6 + // GUA address to be a primary IPv6, you cannot disable it. When you enable + // an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made + // the primary IPv6 address until the instance is terminated or the network + // interface is detached. If you have multiple IPv6 addresses associated with + // an ENI attached to your instance and you enable a primary IPv6 address, the + // first IPv6 GUA address associated with the ENI becomes the primary IPv6 address. + EnablePrimaryIpv6 *bool `type:"boolean"` + // Changes the security groups for the network interface. The new set of groups // you specify replaces the current set. You must specify at least one group, // even if it's just the default security group in the VPC. You must specify @@ -144466,6 +150622,12 @@ func (s *ModifyNetworkInterfaceAttributeInput) SetAttachment(v *NetworkInterface return s } +// SetConnectionTrackingSpecification sets the ConnectionTrackingSpecification field's value. +func (s *ModifyNetworkInterfaceAttributeInput) SetConnectionTrackingSpecification(v *ConnectionTrackingSpecificationRequest) *ModifyNetworkInterfaceAttributeInput { + s.ConnectionTrackingSpecification = v + return s +} + // SetDescription sets the Description field's value. func (s *ModifyNetworkInterfaceAttributeInput) SetDescription(v *AttributeValue) *ModifyNetworkInterfaceAttributeInput { s.Description = v @@ -144484,6 +150646,12 @@ func (s *ModifyNetworkInterfaceAttributeInput) SetEnaSrdSpecification(v *EnaSrdS return s } +// SetEnablePrimaryIpv6 sets the EnablePrimaryIpv6 field's value. +func (s *ModifyNetworkInterfaceAttributeInput) SetEnablePrimaryIpv6(v bool) *ModifyNetworkInterfaceAttributeInput { + s.EnablePrimaryIpv6 = &v + return s +} + // SetGroups sets the Groups field's value. func (s *ModifyNetworkInterfaceAttributeInput) SetGroups(v []*string) *ModifyNetworkInterfaceAttributeInput { s.Groups = v @@ -145728,6 +151896,10 @@ type ModifyTrafficMirrorSessionInput struct { // For example, if you set this value to 100, then the first 100 bytes that // meet the filter criteria are copied to the target. Do not specify this parameter // when you want to mirror the entire packet. + // + // For sessions with Network Load Balancer (NLB) traffic mirror targets, the + // default PacketLength will be set to 8500. Valid values are 1-8500. Setting + // a PacketLength greater than 8500 will result in an error response. PacketLength *int64 `type:"integer"` // The properties that you want to remove from the Traffic Mirror session. @@ -145991,6 +152163,20 @@ type ModifyTransitGatewayOptions struct { // Removes CIDR blocks for the transit gateway. RemoveTransitGatewayCidrBlocks []*string `locationNameList:"item" type:"list"` + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // For important information about this feature, see Create a transit gateway + // (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `type:"string" enum:"SecurityGroupReferencingSupportValue"` + // Enable or disable Equal Cost Multipath Protocol support. VpnEcmpSupport *string `type:"string" enum:"VpnEcmpSupportValue"` } @@ -146067,6 +152253,12 @@ func (s *ModifyTransitGatewayOptions) SetRemoveTransitGatewayCidrBlocks(v []*str return s } +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *ModifyTransitGatewayOptions) SetSecurityGroupReferencingSupport(v string) *ModifyTransitGatewayOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // SetVpnEcmpSupport sets the VpnEcmpSupport field's value. func (s *ModifyTransitGatewayOptions) SetVpnEcmpSupport(v string) *ModifyTransitGatewayOptions { s.VpnEcmpSupport = &v @@ -146356,6 +152548,20 @@ type ModifyTransitGatewayVpcAttachmentRequestOptions struct { // Enable or disable IPv6 support. The default is enable. Ipv6Support *string `type:"string" enum:"Ipv6SupportValue"` + + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // For important information about this feature, see Create a transit gateway + // attachment to a VPC (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `type:"string" enum:"SecurityGroupReferencingSupportValue"` } // String returns the string representation. @@ -146394,6 +152600,12 @@ func (s *ModifyTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *ModifyTransitGatewayVpcAttachmentRequestOptions) SetSecurityGroupReferencingSupport(v string) *ModifyTransitGatewayVpcAttachmentRequestOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // Describes the options when modifying a Verified Access endpoint with the // network-interface type. type ModifyVerifiedAccessEndpointEniOptions struct { @@ -146631,7 +152843,7 @@ func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*stri type ModifyVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The Verified Access endpoint details. + // Details about the Verified Access endpoint. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -146677,9 +152889,10 @@ type ModifyVerifiedAccessEndpointPolicyInput struct { PolicyDocument *string `type:"string"` // The status of the Verified Access policy. - // - // PolicyEnabled is a required field - PolicyEnabled *bool `type:"boolean" required:"true"` + PolicyEnabled *bool `type:"boolean"` + + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` // The ID of the Verified Access endpoint. // @@ -146708,9 +152921,6 @@ func (s ModifyVerifiedAccessEndpointPolicyInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ModifyVerifiedAccessEndpointPolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointPolicyInput"} - if s.PolicyEnabled == nil { - invalidParams.Add(request.NewErrParamRequired("PolicyEnabled")) - } if s.VerifiedAccessEndpointId == nil { invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) } @@ -146745,6 +152955,12 @@ func (s *ModifyVerifiedAccessEndpointPolicyInput) SetPolicyEnabled(v bool) *Modi return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *ModifyVerifiedAccessEndpointPolicyInput { + s.SseSpecification = v + return s +} + // SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. func (s *ModifyVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v string) *ModifyVerifiedAccessEndpointPolicyInput { s.VerifiedAccessEndpointId = &v @@ -146759,6 +152975,9 @@ type ModifyVerifiedAccessEndpointPolicyOutput struct { // The status of the Verified Access policy. PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` + + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` } // String returns the string representation. @@ -146791,6 +153010,12 @@ func (s *ModifyVerifiedAccessEndpointPolicyOutput) SetPolicyEnabled(v bool) *Mod return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessEndpointPolicyOutput) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *ModifyVerifiedAccessEndpointPolicyOutput { + s.SseSpecification = v + return s +} + type ModifyVerifiedAccessGroupInput struct { _ struct{} `type:"structure"` @@ -146881,7 +153106,7 @@ func (s *ModifyVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) * type ModifyVerifiedAccessGroupOutput struct { _ struct{} `type:"structure"` - // Details of Verified Access group. + // Details about the Verified Access group. VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` } @@ -146927,9 +153152,10 @@ type ModifyVerifiedAccessGroupPolicyInput struct { PolicyDocument *string `type:"string"` // The status of the Verified Access policy. - // - // PolicyEnabled is a required field - PolicyEnabled *bool `type:"boolean" required:"true"` + PolicyEnabled *bool `type:"boolean"` + + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` // The ID of the Verified Access group. // @@ -146958,9 +153184,6 @@ func (s ModifyVerifiedAccessGroupPolicyInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ModifyVerifiedAccessGroupPolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessGroupPolicyInput"} - if s.PolicyEnabled == nil { - invalidParams.Add(request.NewErrParamRequired("PolicyEnabled")) - } if s.VerifiedAccessGroupId == nil { invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) } @@ -146995,6 +153218,12 @@ func (s *ModifyVerifiedAccessGroupPolicyInput) SetPolicyEnabled(v bool) *ModifyV return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *ModifyVerifiedAccessGroupPolicyInput { + s.SseSpecification = v + return s +} + // SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. func (s *ModifyVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string) *ModifyVerifiedAccessGroupPolicyInput { s.VerifiedAccessGroupId = &v @@ -147009,6 +153238,9 @@ type ModifyVerifiedAccessGroupPolicyOutput struct { // The status of the Verified Access policy. PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` + + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` } // String returns the string representation. @@ -147041,6 +153273,12 @@ func (s *ModifyVerifiedAccessGroupPolicyOutput) SetPolicyEnabled(v bool) *Modify return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessGroupPolicyOutput) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *ModifyVerifiedAccessGroupPolicyOutput { + s.SseSpecification = v + return s +} + type ModifyVerifiedAccessInstanceInput struct { _ struct{} `type:"structure"` @@ -147241,7 +153479,7 @@ func (s *ModifyVerifiedAccessInstanceLoggingConfigurationOutput) SetLoggingConfi type ModifyVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access instance. + // Details about the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -147269,6 +153507,40 @@ func (s *ModifyVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *Verifi return s } +// Modifies the configuration of the specified device-based Amazon Web Services +// Verified Access trust provider. +type ModifyVerifiedAccessTrustProviderDeviceOptions struct { + _ struct{} `type:"structure"` + + // The URL Amazon Web Services Verified Access will use to verify the authenticity + // of the device tokens. + PublicSigningKeyUrl *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderDeviceOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderDeviceOptions) GoString() string { + return s.String() +} + +// SetPublicSigningKeyUrl sets the PublicSigningKeyUrl field's value. +func (s *ModifyVerifiedAccessTrustProviderDeviceOptions) SetPublicSigningKeyUrl(v string) *ModifyVerifiedAccessTrustProviderDeviceOptions { + s.PublicSigningKeyUrl = &v + return s +} + type ModifyVerifiedAccessTrustProviderInput struct { _ struct{} `type:"structure"` @@ -147280,6 +153552,10 @@ type ModifyVerifiedAccessTrustProviderInput struct { // A description for the Verified Access trust provider. Description *string `type:"string"` + // The options for a device-based trust provider. This parameter is required + // when the provider type is device. + DeviceOptions *ModifyVerifiedAccessTrustProviderDeviceOptions `type:"structure"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -147289,6 +153565,9 @@ type ModifyVerifiedAccessTrustProviderInput struct { // The options for an OpenID Connect-compatible user-identity trust provider. OidcOptions *ModifyVerifiedAccessTrustProviderOidcOptions `type:"structure"` + // The options for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationRequest `type:"structure"` + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field @@ -147338,6 +153617,12 @@ func (s *ModifyVerifiedAccessTrustProviderInput) SetDescription(v string) *Modif return s } +// SetDeviceOptions sets the DeviceOptions field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetDeviceOptions(v *ModifyVerifiedAccessTrustProviderDeviceOptions) *ModifyVerifiedAccessTrustProviderInput { + s.DeviceOptions = v + return s +} + // SetDryRun sets the DryRun field's value. func (s *ModifyVerifiedAccessTrustProviderInput) SetDryRun(v bool) *ModifyVerifiedAccessTrustProviderInput { s.DryRun = &v @@ -147350,6 +153635,12 @@ func (s *ModifyVerifiedAccessTrustProviderInput) SetOidcOptions(v *ModifyVerifie return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetSseSpecification(v *VerifiedAccessSseSpecificationRequest) *ModifyVerifiedAccessTrustProviderInput { + s.SseSpecification = v + return s +} + // SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. func (s *ModifyVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *ModifyVerifiedAccessTrustProviderInput { s.VerifiedAccessTrustProviderId = &v @@ -147451,7 +153742,7 @@ func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetUserInfoEndpoint(v str type ModifyVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Verified Access trust provider. + // Details about the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -147582,11 +153873,15 @@ type ModifyVolumeInput struct { // // The following are the supported values for each volume type: // - // * gp3: 3,000-16,000 IOPS + // * gp3: 3,000 - 16,000 IOPS + // + // * io1: 100 - 64,000 IOPS // - // * io1: 100-64,000 IOPS + // * io2: 100 - 256,000 IOPS // - // * io2: 100-64,000 IOPS + // For io2 volumes, you can achieve up to 256,000 IOPS on instances built on + // the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // On other instances, you can achieve performance up to 32,000 IOPS. // // Default: The existing value is retained if you keep the same volume type. // If you change the volume type to io1, io2, or gp3, the default is 3,000. @@ -147604,13 +153899,15 @@ type ModifyVolumeInput struct { // // The following are the supported volumes sizes for each volume type: // - // * gp2 and gp3: 1-16,384 + // * gp2 and gp3: 1 - 16,384 GiB // - // * io1 and io2: 4-16,384 + // * io1: 4 - 16,384 GiB // - // * st1 and sc1: 125-16,384 + // * io2: 4 - 65,536 GiB // - // * standard: 1-1,024 + // * st1 and sc1: 125 - 16,384 GiB + // + // * standard: 1 - 1024 GiB // // Default: The existing size is retained. Size *int64 `type:"integer"` @@ -147963,7 +154260,7 @@ type ModifyVpcEndpointInput struct { AddRouteTableIds []*string `locationName:"AddRouteTableId" locationNameList:"item" type:"list"` // (Interface endpoint) The IDs of the security groups to associate with the - // network interface. + // endpoint network interfaces. AddSecurityGroupIds []*string `locationName:"AddSecurityGroupId" locationNameList:"item" type:"list"` // (Interface and Gateway Load Balancer endpoints) The IDs of the subnets in @@ -147995,7 +154292,7 @@ type ModifyVpcEndpointInput struct { RemoveRouteTableIds []*string `locationName:"RemoveRouteTableId" locationNameList:"item" type:"list"` // (Interface endpoint) The IDs of the security groups to disassociate from - // the network interface. + // the endpoint network interfaces. RemoveSecurityGroupIds []*string `locationName:"RemoveSecurityGroupId" locationNameList:"item" type:"list"` // (Interface endpoint) The IDs of the subnets from which to remove the endpoint. @@ -148005,6 +154302,9 @@ type ModifyVpcEndpointInput struct { // policy. The default policy allows full access to the service. ResetPolicy *bool `type:"boolean"` + // The subnet configurations for the endpoint. + SubnetConfigurations []*SubnetConfiguration `locationName:"SubnetConfiguration" locationNameList:"item" type:"list"` + // The ID of the endpoint. // // VpcEndpointId is a required field @@ -148114,6 +154414,12 @@ func (s *ModifyVpcEndpointInput) SetResetPolicy(v bool) *ModifyVpcEndpointInput return s } +// SetSubnetConfigurations sets the SubnetConfigurations field's value. +func (s *ModifyVpcEndpointInput) SetSubnetConfigurations(v []*SubnetConfiguration) *ModifyVpcEndpointInput { + s.SubnetConfigurations = v + return s +} + // SetVpcEndpointId sets the VpcEndpointId field's value. func (s *ModifyVpcEndpointInput) SetVpcEndpointId(v string) *ModifyVpcEndpointInput { s.VpcEndpointId = &v @@ -149133,7 +155439,8 @@ type ModifyVpnTunnelOptionsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // Choose whether or not to trigger immediate tunnel replacement. + // Choose whether or not to trigger immediate tunnel replacement. This is only + // applicable when turning on or off EnableTunnelLifecycleControl. // // Valid values: True | False SkipTunnelReplacement *bool `type:"boolean"` @@ -149268,11 +155575,13 @@ type ModifyVpnTunnelOptionsSpecification struct { // Default: clear DPDTimeoutAction *string `type:"string"` - // The number of seconds after which a DPD timeout occurs. + // The number of seconds after which a DPD timeout occurs. A DPD timeout of + // 40 seconds means that the VPN endpoint will consider the peer dead 30 seconds + // after the first failed keep-alive. // // Constraints: A value greater than or equal to 30. // - // Default: 30 + // Default: 40 DPDTimeoutSeconds *int64 `type:"integer"` // Turn on or off tunnel endpoint lifecycle control feature. @@ -150207,7 +156516,7 @@ type NetworkAcl struct { // Any associations between the network ACL and one or more subnets Associations []*NetworkAclAssociation `locationName:"associationSet" locationNameList:"item" type:"list"` - // One or more entries (rules) in the network ACL. + // The entries (rules) in the network ACL. Entries []*NetworkAclEntry `locationName:"entrySet" locationNameList:"item" type:"list"` // Indicates whether this is the default network ACL for the VPC. @@ -150539,6 +156848,9 @@ func (s *NetworkBandwidthGbpsRequest) SetMin(v float64) *NetworkBandwidthGbpsReq type NetworkCardInfo struct { _ struct{} `type:"structure"` + // The baseline network performance of the network card, in Gbps. + BaselineBandwidthInGbps *float64 `locationName:"baselineBandwidthInGbps" type:"double"` + // The maximum number of network interfaces for the network card. MaximumNetworkInterfaces *int64 `locationName:"maximumNetworkInterfaces" type:"integer"` @@ -150547,6 +156859,9 @@ type NetworkCardInfo struct { // The network performance of the network card. NetworkPerformance *string `locationName:"networkPerformance" type:"string"` + + // The peak (burst) network performance of the network card, in Gbps. + PeakBandwidthInGbps *float64 `locationName:"peakBandwidthInGbps" type:"double"` } // String returns the string representation. @@ -150567,6 +156882,12 @@ func (s NetworkCardInfo) GoString() string { return s.String() } +// SetBaselineBandwidthInGbps sets the BaselineBandwidthInGbps field's value. +func (s *NetworkCardInfo) SetBaselineBandwidthInGbps(v float64) *NetworkCardInfo { + s.BaselineBandwidthInGbps = &v + return s +} + // SetMaximumNetworkInterfaces sets the MaximumNetworkInterfaces field's value. func (s *NetworkCardInfo) SetMaximumNetworkInterfaces(v int64) *NetworkCardInfo { s.MaximumNetworkInterfaces = &v @@ -150585,6 +156906,12 @@ func (s *NetworkCardInfo) SetNetworkPerformance(v string) *NetworkCardInfo { return s } +// SetPeakBandwidthInGbps sets the PeakBandwidthInGbps field's value. +func (s *NetworkCardInfo) SetPeakBandwidthInGbps(v float64) *NetworkCardInfo { + s.PeakBandwidthInGbps = &v + return s +} + // Describes the networking features of the instance type. type NetworkInfo struct { _ struct{} `type:"structure"` @@ -151301,6 +157628,12 @@ type NetworkInterface struct { // The Availability Zone. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + // A security group connection tracking configuration that enables you to set + // the timeout for connection tracking on an Elastic network interface. For + // more information, see Connection tracking timeouts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) + // in the Amazon Elastic Compute Cloud User Guide. + ConnectionTrackingConfiguration *ConnectionTrackingConfiguration `locationName:"connectionTrackingConfiguration" type:"structure"` + // Indicates whether a network interface with an IPv6 address is unreachable // from the public internet. If the value is true, inbound traffic from the // internet is dropped and you cannot assign an elastic IP address to the network @@ -151412,6 +157745,12 @@ func (s *NetworkInterface) SetAvailabilityZone(v string) *NetworkInterface { return s } +// SetConnectionTrackingConfiguration sets the ConnectionTrackingConfiguration field's value. +func (s *NetworkInterface) SetConnectionTrackingConfiguration(v *ConnectionTrackingConfiguration) *NetworkInterface { + s.ConnectionTrackingConfiguration = v + return s +} + // SetDenyAllIgwTraffic sets the DenyAllIgwTraffic field's value. func (s *NetworkInterface) SetDenyAllIgwTraffic(v bool) *NetworkInterface { s.DenyAllIgwTraffic = &v @@ -151879,6 +158218,13 @@ type NetworkInterfaceIpv6Address struct { // The IPv6 address. Ipv6Address *string `locationName:"ipv6Address" type:"string"` + + // Determines if an IPv6 address associated with a network interface is the + // primary IPv6 address. When you enable an IPv6 GUA address to be a primary + // IPv6, the first IPv6 GUA will be made the primary IPv6 address until the + // instance is terminated or the network interface is detached. For more information, + // see ModifyNetworkInterfaceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyNetworkInterfaceAttribute.html). + IsPrimaryIpv6 *bool `locationName:"isPrimaryIpv6" type:"boolean"` } // String returns the string representation. @@ -151905,6 +158251,12 @@ func (s *NetworkInterfaceIpv6Address) SetIpv6Address(v string) *NetworkInterface return s } +// SetIsPrimaryIpv6 sets the IsPrimaryIpv6 field's value. +func (s *NetworkInterfaceIpv6Address) SetIsPrimaryIpv6(v bool) *NetworkInterfaceIpv6Address { + s.IsPrimaryIpv6 = &v + return s +} + // Describes a permission for a network interface. type NetworkInterfacePermission struct { _ struct{} `type:"structure"` @@ -152122,6 +158474,38 @@ func (s *NewDhcpConfiguration) SetValues(v []*string) *NewDhcpConfiguration { return s } +// Describes the supported NitroTPM versions for the instance type. +type NitroTpmInfo struct { + _ struct{} `type:"structure"` + + // Indicates the supported NitroTPM versions. + SupportedVersions []*string `locationName:"supportedVersions" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NitroTpmInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NitroTpmInfo) GoString() string { + return s.String() +} + +// SetSupportedVersions sets the SupportedVersions field's value. +func (s *NitroTpmInfo) SetSupportedVersions(v []*string) *NitroTpmInfo { + s.SupportedVersions = v + return s +} + // Describes the options for an OpenID Connect-compatible user-identity trust // provider. type OidcOptions struct { @@ -152237,6 +158621,14 @@ type OnDemandOptions struct { // The maximum amount per hour for On-Demand Instances that you're willing to // pay. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The maxTotalPrice does not account for surplus + // credits, and, if you use surplus credits, your final cost might be higher + // than what you specified for maxTotalPrice. For more information, see Surplus + // credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. MaxTotalPrice *string `locationName:"maxTotalPrice" type:"string"` // The minimum target capacity for On-Demand Instances in the fleet. If the @@ -152339,6 +158731,14 @@ type OnDemandOptionsRequest struct { // The maximum amount per hour for On-Demand Instances that you're willing to // pay. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The MaxTotalPrice does not account for surplus + // credits, and, if you use surplus credits, your final cost might be higher + // than what you specified for MaxTotalPrice. For more information, see Surplus + // credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. MaxTotalPrice *string `type:"string"` // The minimum target capacity for On-Demand Instances in the fleet. If the @@ -153095,10 +159495,6 @@ func (s *PeeringAttachmentStatus) SetMessage(v string) *PeeringAttachmentStatus return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Describes the VPC peering connection options. type PeeringConnectionOptions struct { _ struct{} `type:"structure"` @@ -153107,12 +159503,10 @@ type PeeringConnectionOptions struct { // to private IP addresses when queried from instances in the peer VPC. AllowDnsResolutionFromRemoteVpc *bool `locationName:"allowDnsResolutionFromRemoteVpc" type:"boolean"` - // If true, enables outbound communication from an EC2-Classic instance that's - // linked to a local VPC using ClassicLink to instances in a peer VPC. + // Deprecated. AllowEgressFromLocalClassicLinkToRemoteVpc *bool `locationName:"allowEgressFromLocalClassicLinkToRemoteVpc" type:"boolean"` - // If true, enables outbound communication from instances in a local VPC to - // an EC2-Classic instance that's linked to a peer VPC using ClassicLink. + // Deprecated. AllowEgressFromLocalVpcToRemoteClassicLink *bool `locationName:"allowEgressFromLocalVpcToRemoteClassicLink" type:"boolean"` } @@ -153152,10 +159546,6 @@ func (s *PeeringConnectionOptions) SetAllowEgressFromLocalVpcToRemoteClassicLink return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // The VPC peering connection options. type PeeringConnectionOptionsRequest struct { _ struct{} `type:"structure"` @@ -153164,12 +159554,10 @@ type PeeringConnectionOptionsRequest struct { // addresses when queried from instances in the peer VPC. AllowDnsResolutionFromRemoteVpc *bool `type:"boolean"` - // If true, enables outbound communication from an EC2-Classic instance that's - // linked to a local VPC using ClassicLink to instances in a peer VPC. + // Deprecated. AllowEgressFromLocalClassicLinkToRemoteVpc *bool `type:"boolean"` - // If true, enables outbound communication from instances in a local VPC to - // an EC2-Classic instance that's linked to a peer VPC using ClassicLink. + // Deprecated. AllowEgressFromLocalVpcToRemoteClassicLink *bool `type:"boolean"` } @@ -154704,6 +161092,9 @@ func (s *PrivateIpAddressSpecification) SetPrivateIpAddress(v string) *PrivateIp type ProcessorInfo struct { _ struct{} `type:"structure"` + // The manufacturer of the processor. + Manufacturer *string `locationName:"manufacturer" type:"string"` + // The architectures supported by the instance type. SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"` @@ -154734,6 +161125,12 @@ func (s ProcessorInfo) GoString() string { return s.String() } +// SetManufacturer sets the Manufacturer field's value. +func (s *ProcessorInfo) SetManufacturer(v string) *ProcessorInfo { + s.Manufacturer = &v + return s +} + // SetSupportedArchitectures sets the SupportedArchitectures field's value. func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo { s.SupportedArchitectures = v @@ -154852,6 +161249,25 @@ type ProvisionByoipCidrInput struct { // Reserved. MultiRegion *bool `type:"boolean"` + // If you have Local Zones (https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html) + // enabled, you can choose a network border group for Local Zones when you provision + // and advertise a BYOIPv4 CIDR. Choose the network border group carefully as + // the EIP and the Amazon Web Services resource it is associated with must reside + // in the same network border group. + // + // You can provision BYOIP address ranges to and advertise them in the following + // Local Zone network border groups: + // + // * us-east-1-dfw-2 + // + // * us-west-2-lax-1 + // + // * us-west-2-phx-2 + // + // You cannot provision or advertise BYOIPv6 address ranges in Local Zones at + // this time. + NetworkBorderGroup *string `type:"string"` + // The tags to apply to the address pool. PoolTagSpecifications []*TagSpecification `locationName:"PoolTagSpecification" locationNameList:"item" type:"list"` @@ -154928,6 +161344,12 @@ func (s *ProvisionByoipCidrInput) SetMultiRegion(v bool) *ProvisionByoipCidrInpu return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *ProvisionByoipCidrInput) SetNetworkBorderGroup(v string) *ProvisionByoipCidrInput { + s.NetworkBorderGroup = &v + return s +} + // SetPoolTagSpecifications sets the PoolTagSpecifications field's value. func (s *ProvisionByoipCidrInput) SetPoolTagSpecifications(v []*TagSpecification) *ProvisionByoipCidrInput { s.PoolTagSpecifications = v @@ -154971,6 +161393,128 @@ func (s *ProvisionByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *ProvisionByoipCid return s } +type ProvisionIpamByoasnInput struct { + _ struct{} `type:"structure"` + + // A public 2-byte or 4-byte ASN. + // + // Asn is a required field + Asn *string `type:"string" required:"true"` + + // An ASN authorization context. + // + // AsnAuthorizationContext is a required field + AsnAuthorizationContext *AsnAuthorizationContext `type:"structure" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // An IPAM ID. + // + // IpamId is a required field + IpamId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvisionIpamByoasnInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvisionIpamByoasnInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ProvisionIpamByoasnInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ProvisionIpamByoasnInput"} + if s.Asn == nil { + invalidParams.Add(request.NewErrParamRequired("Asn")) + } + if s.AsnAuthorizationContext == nil { + invalidParams.Add(request.NewErrParamRequired("AsnAuthorizationContext")) + } + if s.IpamId == nil { + invalidParams.Add(request.NewErrParamRequired("IpamId")) + } + if s.AsnAuthorizationContext != nil { + if err := s.AsnAuthorizationContext.Validate(); err != nil { + invalidParams.AddNested("AsnAuthorizationContext", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsn sets the Asn field's value. +func (s *ProvisionIpamByoasnInput) SetAsn(v string) *ProvisionIpamByoasnInput { + s.Asn = &v + return s +} + +// SetAsnAuthorizationContext sets the AsnAuthorizationContext field's value. +func (s *ProvisionIpamByoasnInput) SetAsnAuthorizationContext(v *AsnAuthorizationContext) *ProvisionIpamByoasnInput { + s.AsnAuthorizationContext = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ProvisionIpamByoasnInput) SetDryRun(v bool) *ProvisionIpamByoasnInput { + s.DryRun = &v + return s +} + +// SetIpamId sets the IpamId field's value. +func (s *ProvisionIpamByoasnInput) SetIpamId(v string) *ProvisionIpamByoasnInput { + s.IpamId = &v + return s +} + +type ProvisionIpamByoasnOutput struct { + _ struct{} `type:"structure"` + + // An ASN and BYOIP CIDR association. + Byoasn *Byoasn `locationName:"byoasn" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvisionIpamByoasnOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvisionIpamByoasnOutput) GoString() string { + return s.String() +} + +// SetByoasn sets the Byoasn field's value. +func (s *ProvisionIpamByoasnOutput) SetByoasn(v *Byoasn) *ProvisionIpamByoasnOutput { + s.Byoasn = v + return s +} + type ProvisionIpamPoolCidrInput struct { _ struct{} `type:"structure"` @@ -155605,6 +162149,118 @@ func (s *Purchase) SetUpfrontPrice(v string) *Purchase { return s } +type PurchaseCapacityBlockInput struct { + _ struct{} `type:"structure"` + + // The ID of the Capacity Block offering. + // + // CapacityBlockOfferingId is a required field + CapacityBlockOfferingId *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The type of operating system for which to reserve capacity. + // + // InstancePlatform is a required field + InstancePlatform *string `type:"string" required:"true" enum:"CapacityReservationInstancePlatform"` + + // The tags to apply to the Capacity Block during launch. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurchaseCapacityBlockInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurchaseCapacityBlockInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PurchaseCapacityBlockInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PurchaseCapacityBlockInput"} + if s.CapacityBlockOfferingId == nil { + invalidParams.Add(request.NewErrParamRequired("CapacityBlockOfferingId")) + } + if s.InstancePlatform == nil { + invalidParams.Add(request.NewErrParamRequired("InstancePlatform")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCapacityBlockOfferingId sets the CapacityBlockOfferingId field's value. +func (s *PurchaseCapacityBlockInput) SetCapacityBlockOfferingId(v string) *PurchaseCapacityBlockInput { + s.CapacityBlockOfferingId = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *PurchaseCapacityBlockInput) SetDryRun(v bool) *PurchaseCapacityBlockInput { + s.DryRun = &v + return s +} + +// SetInstancePlatform sets the InstancePlatform field's value. +func (s *PurchaseCapacityBlockInput) SetInstancePlatform(v string) *PurchaseCapacityBlockInput { + s.InstancePlatform = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *PurchaseCapacityBlockInput) SetTagSpecifications(v []*TagSpecification) *PurchaseCapacityBlockInput { + s.TagSpecifications = v + return s +} + +type PurchaseCapacityBlockOutput struct { + _ struct{} `type:"structure"` + + // The Capacity Reservation. + CapacityReservation *CapacityReservation `locationName:"capacityReservation" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurchaseCapacityBlockOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurchaseCapacityBlockOutput) GoString() string { + return s.String() +} + +// SetCapacityReservation sets the CapacityReservation field's value. +func (s *PurchaseCapacityBlockOutput) SetCapacityReservation(v *CapacityReservation) *PurchaseCapacityBlockOutput { + s.CapacityReservation = v + return s +} + type PurchaseHostReservationInput struct { _ struct{} `type:"structure"` @@ -156218,7 +162874,7 @@ type ReferencedSecurityGroup struct { // The ID of the VPC. VpcId *string `locationName:"vpcId" type:"string"` - // The ID of the VPC peering connection. + // The ID of the VPC peering connection (if applicable). VpcPeeringConnectionId *string `locationName:"vpcPeeringConnectionId" type:"string"` } @@ -157449,9 +164105,6 @@ type ReleaseAddressInput struct { // // If you provide an incorrect network border group, you receive an InvalidAddress.NotFound // error. - // - // You cannot use a network border group with EC2 Classic. If you attempt this - // operation on EC2 classic, you receive an InvalidParameterCombination error. NetworkBorderGroup *string `type:"string"` // Deprecated. @@ -159159,7 +165812,19 @@ type RequestLaunchTemplateData struct { // An elastic GPU to associate with the instance. ElasticGpuSpecifications []*ElasticGpuSpecification `locationName:"ElasticGpuSpecification" locationNameList:"ElasticGpuSpecification" type:"list"` - // The elastic inference accelerator for the instance. + // An elastic inference accelerator to associate with the instance. Elastic + // inference accelerators are a resource you can attach to your Amazon EC2 instances + // to accelerate your Deep Learning (DL) inference workloads. + // + // You cannot specify accelerators from different generations in the same request. + // + // Starting April 15, 2023, Amazon Web Services will not onboard new customers + // to Amazon Elastic Inference (EI), and will help current customers migrate + // their workloads to options that offer better price and performance. After + // April 15, 2023, new customers will not be able to launch instances with Amazon + // EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, + // customers who have used Amazon EI at least once during the past 30-day period + // are considered current customers and will be able to continue using the service. ElasticInferenceAccelerators []*LaunchTemplateElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. @@ -159215,7 +165880,37 @@ type RequestLaunchTemplateData struct { // The attributes for the instance types. When you specify instance attributes, // Amazon EC2 will identify instance types with these attributes. // + // You must specify VCpuCount and MemoryMiB. All other attributes are optional. + // Any unspecified optional attribute is set to its default. + // + // When you specify multiple attributes, you get instance types that satisfy + // all of the specified attributes. If you specify multiple values for an attribute, + // you get instance types that satisfy any of the specified values. + // + // To limit the list of instance types from which Amazon EC2 can identify matching + // instance types, you can use one of the following parameters, but not both + // in the same request: + // + // * AllowedInstanceTypes - The instance types to include in the list. All + // other instance types are ignored, even if they match your specified attributes. + // + // * ExcludedInstanceTypes - The instance types to exclude from the list, + // even if they match your specified attributes. + // // If you specify InstanceRequirements, you can't specify InstanceType. + // + // Attribute-based instance type selection is only supported when using Auto + // Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan + // to use the launch template in the launch instance wizard (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html), + // or with the RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) + // API or AWS::EC2::Instance (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) + // Amazon Web Services CloudFormation resource, you can't specify InstanceRequirements. + // + // For more information, see Attribute-based instance type selection for EC2 + // Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html), + // Attribute-based instance type selection for Spot Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html), + // and Spot placement score (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) + // in the Amazon EC2 User Guide. InstanceRequirements *InstanceRequirementsRequest `type:"structure"` // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) @@ -159272,33 +165967,14 @@ type RequestLaunchTemplateData struct { // One or more security group IDs. You can create a security group using CreateSecurityGroup // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html). - // You cannot specify both a security group ID and security name in the same - // request. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` // One or more security group names. For a nondefault VPC, you must use security - // group IDs instead. You cannot specify both a security group ID and security - // name in the same request. + // group IDs instead. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"SecurityGroup" type:"list"` // The tags to apply to the resources that are created during instance launch. - // - // You can specify tags for the following resources only: - // - // * Instances - // - // * Volumes - // - // * Elastic graphics - // - // * Spot Instance requests - // - // * Network interfaces - // - // To tag a resource after it has been created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). - // - // To tag the launch template itself, you must use the TagSpecification (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) - // parameter. + // These tags are not applied to the launch template. TagSpecifications []*LaunchTemplateTagSpecificationRequest `locationName:"TagSpecification" locationNameList:"LaunchTemplateTagSpecificationRequest" type:"list"` // The user data to make available to the instance. You must provide base64-encoded @@ -161945,7 +168621,19 @@ type ResponseLaunchTemplateData struct { // The elastic GPU specification. ElasticGpuSpecifications []*ElasticGpuSpecificationResponse `locationName:"elasticGpuSpecificationSet" locationNameList:"item" type:"list"` - // The elastic inference accelerator for the instance. + // An elastic inference accelerator to associate with the instance. Elastic + // inference accelerators are a resource you can attach to your Amazon EC2 instances + // to accelerate your Deep Learning (DL) inference workloads. + // + // You cannot specify accelerators from different generations in the same request. + // + // Starting April 15, 2023, Amazon Web Services will not onboard new customers + // to Amazon Elastic Inference (EI), and will help current customers migrate + // their workloads to options that offer better price and performance. After + // April 15, 2023, new customers will not be able to launch instances with Amazon + // EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, + // customers who have used Amazon EI at least once during the past 30-day period + // are considered current customers and will be able to continue using the service. ElasticInferenceAccelerators []*LaunchTemplateElasticInferenceAcceleratorResponse `locationName:"elasticInferenceAcceleratorSet" locationNameList:"item" type:"list"` // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. @@ -162634,6 +169322,9 @@ type RestoreSnapshotFromRecycleBinOutput struct { // The ID of the snapshot. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` + // The time stamp when the snapshot was initiated. StartTime *time.Time `locationName:"startTime" type:"timestamp"` @@ -162701,6 +169392,12 @@ func (s *RestoreSnapshotFromRecycleBinOutput) SetSnapshotId(v string) *RestoreSn return s } +// SetSseType sets the SseType field's value. +func (s *RestoreSnapshotFromRecycleBinOutput) SetSseType(v string) *RestoreSnapshotFromRecycleBinOutput { + s.SseType = &v + return s +} + // SetStartTime sets the StartTime field's value. func (s *RestoreSnapshotFromRecycleBinOutput) SetStartTime(v time.Time) *RestoreSnapshotFromRecycleBinOutput { s.StartTime = &v @@ -163183,15 +169880,12 @@ type RevokeSecurityGroupIngressInput struct { // types. FromPort *int64 `type:"integer"` - // The ID of the security group. You must specify either the security group - // ID or the security group name in the request. For security groups in a nondefault - // VPC, you must specify the security group ID. + // The ID of the security group. GroupId *string `type:"string"` - // [EC2-Classic, default VPC] The name of the security group. You must specify - // either the security group ID or the security group name in the request. For - // security groups in a nondefault VPC, you must specify the security group - // ID. + // [Default VPC] The name of the security group. You must specify either the + // security group ID or the security group name in the request. For security + // groups in a nondefault VPC, you must specify the security group ID. GroupName *string `type:"string"` // The sets of IP permissions. You can't specify a source security group and @@ -163205,20 +169899,14 @@ type RevokeSecurityGroupIngressInput struct { // The IDs of the security group rules. SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` - // [EC2-Classic, default VPC] The name of the source security group. You can't - // specify this parameter in combination with the following parameters: the - // CIDR IP address range, the start of the port range, the IP protocol, and - // the end of the port range. For EC2-VPC, the source security group must be - // in the same VPC. To revoke a specific rule for an IP protocol and port range, - // use a set of IP permissions instead. + // [Default VPC] The name of the source security group. You can't specify this + // parameter in combination with the following parameters: the CIDR IP address + // range, the start of the port range, the IP protocol, and the end of the port + // range. The source security group must be in the same VPC. To revoke a specific + // rule for an IP protocol and port range, use a set of IP permissions instead. SourceSecurityGroupName *string `type:"string"` - // [EC2-Classic] The Amazon Web Services account ID of the source security group, - // if the source security group is in a different account. You can't specify - // this parameter in combination with the following parameters: the CIDR IP - // address range, the IP protocol, the start of the port range, and the end - // of the port range. To revoke a specific rule for an IP protocol and port - // range, use a set of IP permissions instead. + // Not supported. SourceSecurityGroupOwnerId *string `type:"string"` // If the protocol is TCP or UDP, this is the end of the port range. If the @@ -163947,6 +170635,21 @@ type RunInstancesInput struct { // are considered current customers and will be able to continue using the service. ElasticInferenceAccelerators []*ElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` + // If you’re launching an instance into a dual-stack or IPv6-only subnet, + // you can enable assigning a primary IPv6 address. A primary IPv6 address is + // an IPv6 GUA address associated with an ENI that you have enabled to use a + // primary IPv6 address. Use this option if an instance relies on its IPv6 address + // not changing. When you launch the instance, Amazon Web Services will automatically + // assign an IPv6 address associated with the ENI attached to your instance + // to be the primary IPv6 address. Once you enable an IPv6 GUA address to be + // a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address + // to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address + // until the instance is terminated or the network interface is detached. If + // you have multiple IPv6 addresses associated with an ENI attached to your + // instance and you enable a primary IPv6 address, the first IPv6 GUA address + // associated with the ENI becomes the primary IPv6 address. + EnablePrimaryIpv6 *bool `type:"boolean"` + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. // For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) // in the Amazon Web Services Nitro Enclaves User Guide. @@ -163985,14 +170688,6 @@ type RunInstancesInput struct { // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) // in the Amazon EC2 User Guide. - // - // When you change your EBS-backed instance type, instance restart or replacement - // behavior depends on the instance type compatibility between the old and new - // types. An instance that's backed by an instance store volume is always replaced. - // For more information, see Change the instance type (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html) - // in the Amazon EC2 User Guide. - // - // Default: m1.small InstanceType *string `type:"string" enum:"InstanceType"` // The number of IPv6 addresses to associate with the primary network interface. @@ -164079,7 +170774,8 @@ type RunInstancesInput struct { Placement *Placement `type:"structure"` // The options for the instance hostname. The default values are inherited from - // the subnet. + // the subnet. Applies only if creating a network interface, not attaching an + // existing one. PrivateDnsNameOptions *PrivateDnsNameOptionsRequest `type:"structure"` // The primary IPv4 address. You must specify a value from the IPv4 address @@ -164291,6 +170987,12 @@ func (s *RunInstancesInput) SetElasticInferenceAccelerators(v []*ElasticInferenc return s } +// SetEnablePrimaryIpv6 sets the EnablePrimaryIpv6 field's value. +func (s *RunInstancesInput) SetEnablePrimaryIpv6(v bool) *RunInstancesInput { + s.EnablePrimaryIpv6 = &v + return s +} + // SetEnclaveOptions sets the EnclaveOptions field's value. func (s *RunInstancesInput) SetEnclaveOptions(v *EnclaveOptionsRequest) *RunInstancesInput { s.EnclaveOptions = v @@ -164717,7 +171419,11 @@ type S3Storage struct { UploadPolicy []byte `locationName:"uploadPolicy" type:"blob"` // The signature of the JSON document. - UploadPolicySignature *string `locationName:"uploadPolicySignature" type:"string"` + // + // UploadPolicySignature is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by S3Storage's + // String and GoString methods. + UploadPolicySignature *string `locationName:"uploadPolicySignature" type:"string" sensitive:"true"` } // String returns the string representation. @@ -165294,16 +172000,8 @@ type ScheduledInstancesEbs struct { // only to instances that support them. Encrypted *bool `type:"boolean"` - // The number of I/O operations per second (IOPS) to provision for an io1 or - // io2 volume, with a maximum ratio of 50 IOPS/GiB for io1, and 500 IOPS/GiB - // for io2. Range is 100 to 64,000 IOPS for volumes in most Regions. Maximum - // IOPS of 64,000 is guaranteed only on instances built on the Nitro System - // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families guarantee performance up to 32,000 IOPS. For more - // information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) - // in the Amazon EC2 User Guide. - // - // This parameter is valid only for Provisioned IOPS SSD (io1 and io2) volumes. + // The number of I/O operations per second (IOPS) to provision for a gp3, io1, + // or io2 volume. Iops *int64 `type:"integer"` // The ID of the snapshot. @@ -165315,9 +172013,7 @@ type ScheduledInstancesEbs struct { // a volume size, the default is the snapshot size. VolumeSize *int64 `type:"integer"` - // The volume type. gp2 for General Purpose SSD, io1 or io2 for Provisioned - // IOPS SSD, Throughput Optimized HDD for st1, Cold HDD for sc1, or standard - // for Magnetic. + // The volume type. // // Default: gp2 VolumeType *string `type:"string"` @@ -165665,6 +172361,11 @@ type ScheduledInstancesNetworkInterface struct { // for eth0, and can only be assigned to a new network interface, not an existing // one. You cannot specify more than one network interface in the request. If // launching into a default subnet, the default value is true. + // + // Starting on February 1, 2024, Amazon Web Services will charge for all public + // IPv4 addresses, including public IPv4 addresses associated with running instances + // and Elastic IP addresses. For more information, see the Public IPv4 Address + // tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/). AssociatePublicIpAddress *bool `type:"boolean"` // Indicates whether to delete the interface when the instance is terminated. @@ -166339,7 +173040,7 @@ type SecurityGroup struct { // The inbound rules associated with the security group. IpPermissions []*IpPermission `locationName:"ipPermissions" locationNameList:"item" type:"list"` - // [VPC only] The outbound rules associated with the security group. + // The outbound rules associated with the security group. IpPermissionsEgress []*IpPermission `locationName:"ipPermissionsEgress" locationNameList:"item" type:"list"` // The Amazon Web Services account ID of the owner of the security group. @@ -166348,7 +173049,7 @@ type SecurityGroup struct { // Any tags assigned to the security group. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` - // [VPC only] The ID of the VPC for the security group. + // The ID of the VPC for the security group. VpcId *string `locationName:"vpcId" type:"string"` } @@ -166418,6 +173119,83 @@ func (s *SecurityGroup) SetVpcId(v string) *SecurityGroup { return s } +// A security group that can be used by interfaces in the VPC. +type SecurityGroupForVpc struct { + _ struct{} `type:"structure"` + + // The security group's description. + Description *string `locationName:"description" type:"string"` + + // The security group ID. + GroupId *string `locationName:"groupId" type:"string"` + + // The security group name. + GroupName *string `locationName:"groupName" type:"string"` + + // The security group owner ID. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The VPC ID in which the security group was created. + PrimaryVpcId *string `locationName:"primaryVpcId" type:"string"` + + // The security group tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityGroupForVpc) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityGroupForVpc) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupForVpc) SetDescription(v string) *SecurityGroupForVpc { + s.Description = &v + return s +} + +// SetGroupId sets the GroupId field's value. +func (s *SecurityGroupForVpc) SetGroupId(v string) *SecurityGroupForVpc { + s.GroupId = &v + return s +} + +// SetGroupName sets the GroupName field's value. +func (s *SecurityGroupForVpc) SetGroupName(v string) *SecurityGroupForVpc { + s.GroupName = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *SecurityGroupForVpc) SetOwnerId(v string) *SecurityGroupForVpc { + s.OwnerId = &v + return s +} + +// SetPrimaryVpcId sets the PrimaryVpcId field's value. +func (s *SecurityGroupForVpc) SetPrimaryVpcId(v string) *SecurityGroupForVpc { + s.PrimaryVpcId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *SecurityGroupForVpc) SetTags(v []*Tag) *SecurityGroupForVpc { + s.Tags = v + return s +} + // Describes a security group. type SecurityGroupIdentifier struct { _ struct{} `type:"structure"` @@ -166469,7 +173247,16 @@ type SecurityGroupReference struct { // The ID of the VPC with the referencing security group. ReferencingVpcId *string `locationName:"referencingVpcId" type:"string"` - // The ID of the VPC peering connection. + // The ID of the transit gateway (if applicable). For more information about + // security group referencing for transit gateways, see Create a transit gateway + // attachment to a VPC (https://docs.aws.amazon.com/tgw/tgw-vpc-attachments.html#create-vpc-attachment) + // in the Amazon Web Services Transit Gateway Guide. + TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` + + // The ID of the VPC peering connection (if applicable). For more information + // about security group referencing for peering connections, see Update your + // security groups to reference peer security groups (https://docs.aws.amazon.com/peering/vpc-peering-security-groups.html) + // in the VPC Peering Guide. VpcPeeringConnectionId *string `locationName:"vpcPeeringConnectionId" type:"string"` } @@ -166503,6 +173290,12 @@ func (s *SecurityGroupReference) SetReferencingVpcId(v string) *SecurityGroupRef return s } +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *SecurityGroupReference) SetTransitGatewayId(v string) *SecurityGroupReference { + s.TransitGatewayId = &v + return s +} + // SetVpcPeeringConnectionId sets the VpcPeeringConnectionId field's value. func (s *SecurityGroupReference) SetVpcPeeringConnectionId(v string) *SecurityGroupReference { s.VpcPeeringConnectionId = &v @@ -167466,6 +174259,9 @@ type Snapshot struct { // is created. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` + // The time stamp when the snapshot was initiated. StartTime *time.Time `locationName:"startTime" type:"timestamp"` @@ -167575,6 +174371,12 @@ func (s *Snapshot) SetSnapshotId(v string) *Snapshot { return s } +// SetSseType sets the SseType field's value. +func (s *Snapshot) SetSseType(v string) *Snapshot { + s.SseType = &v + return s +} + // SetStartTime sets the StartTime field's value. func (s *Snapshot) SetStartTime(v time.Time) *Snapshot { s.StartTime = &v @@ -167825,6 +174627,9 @@ type SnapshotInfo struct { // Snapshot id that can be used to describe this snapshot. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` + // Time this snapshot was started. This is the same for all snapshots initiated // by the same request. StartTime *time.Time `locationName:"startTime" type:"timestamp"` @@ -167896,6 +174701,12 @@ func (s *SnapshotInfo) SetSnapshotId(v string) *SnapshotInfo { return s } +// SetSseType sets the SseType field's value. +func (s *SnapshotInfo) SetSseType(v string) *SnapshotInfo { + s.SseType = &v + return s +} + // SetStartTime sets the StartTime field's value. func (s *SnapshotInfo) SetStartTime(v time.Time) *SnapshotInfo { s.StartTime = &v @@ -168877,6 +175688,14 @@ type SpotFleetRequestConfigData struct { // it reaches the maximum amount you're willing to pay. When the maximum amount // you're willing to pay is reached, the fleet stops launching instances even // if it hasn’t met the target capacity. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The onDemandMaxTotalPrice does not account + // for surplus credits, and, if you use surplus credits, your final cost might + // be higher than what you specified for onDemandMaxTotalPrice. For more information, + // see Surplus credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. OnDemandMaxTotalPrice *string `locationName:"onDemandMaxTotalPrice" type:"string"` // The number of On-Demand units to request. You can choose to set the target @@ -168894,13 +175713,21 @@ type SpotFleetRequestConfigData struct { SpotMaintenanceStrategies *SpotMaintenanceStrategies `locationName:"spotMaintenanceStrategies" type:"structure"` // The maximum amount per hour for Spot Instances that you're willing to pay. - // You can use the spotdMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, + // You can use the spotMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, // or both parameters to ensure that your fleet cost does not exceed your budget. // If you set a maximum price per hour for the On-Demand Instances and Spot // Instances in your request, Spot Fleet will launch instances until it reaches // the maximum amount you're willing to pay. When the maximum amount you're // willing to pay is reached, the fleet stops launching instances even if it // hasn’t met the target capacity. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The spotMaxTotalPrice does not account for + // surplus credits, and, if you use surplus credits, your final cost might be + // higher than what you specified for spotMaxTotalPrice. For more information, + // see Surplus credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. SpotMaxTotalPrice *string `locationName:"spotMaxTotalPrice" type:"string"` // The maximum price per unit hour that you are willing to pay for a Spot Instance. @@ -168919,7 +175746,7 @@ type SpotFleetRequestConfigData struct { // (valid only if you use LaunchTemplateConfigs) or in the SpotFleetTagSpecification // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotFleetTagSpecification.html) // (valid only if you use LaunchSpecifications). For information about tagging - // after launch, see Tagging Your Resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + // after launch, see Tag your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` // The number of units to request for the Spot Fleet. You can choose to set @@ -168931,10 +175758,10 @@ type SpotFleetRequestConfigData struct { // TargetCapacity is a required field TargetCapacity *int64 `locationName:"targetCapacity" type:"integer" required:"true"` - // The unit for the target capacity. TargetCapacityUnitType can only be specified - // when InstanceRequirements is specified. + // The unit for the target capacity. You can specify this parameter only when + // using attribute-based instance type selection. // - // Default: units (translates to number of instances) + // Default: units (the number of instances) TargetCapacityUnitType *string `locationName:"targetCapacityUnitType" type:"string" enum:"TargetCapacityUnitType"` // Indicates whether running Spot Instances are terminated when the Spot Fleet @@ -169565,7 +176392,18 @@ type SpotMarketOptions struct { // Deprecated. BlockDurationMinutes *int64 `type:"integer"` - // The behavior when a Spot Instance is interrupted. The default is terminate. + // The behavior when a Spot Instance is interrupted. + // + // If Configured (for HibernationOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html)) + // is set to true, the InstanceInterruptionBehavior parameter is automatically + // set to hibernate. If you set it to stop or terminate, you'll get an error. + // + // If Configured (for HibernationOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html)) + // is set to false or null, the InstanceInterruptionBehavior parameter is automatically + // set to terminate. You can also set it to stop or hibernate. + // + // For more information, see Interruption behavior (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interruption-behavior.html) + // in the Amazon EC2 User Guide. InstanceInterruptionBehavior *string `type:"string" enum:"InstanceInterruptionBehavior"` // The maximum hourly price that you're willing to pay for a Spot Instance. @@ -169724,6 +176562,14 @@ type SpotOptions struct { // // If you specify a maximum price, your Spot Instances will be interrupted more // frequently than if you do not specify this parameter. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The maxTotalPrice does not account for surplus + // credits, and, if you use surplus credits, your final cost might be higher + // than what you specified for maxTotalPrice. For more information, see Surplus + // credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. MaxTotalPrice *string `locationName:"maxTotalPrice" type:"string"` // The minimum target capacity for Spot Instances in the fleet. If the minimum @@ -169896,6 +176742,14 @@ type SpotOptionsRequest struct { // // If you specify a maximum price, your Spot Instances will be interrupted more // frequently than if you do not specify this parameter. + // + // If your fleet includes T instances that are configured as unlimited, and + // if their average CPU usage exceeds the baseline utilization, you will incur + // a charge for surplus credits. The MaxTotalPrice does not account for surplus + // credits, and, if you use surplus credits, your final cost might be higher + // than what you specified for MaxTotalPrice. For more information, see Surplus + // credits can incur charges (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode-concepts.html#unlimited-mode-surplus-credits) + // in the EC2 User Guide. MaxTotalPrice *string `type:"string"` // The minimum target capacity for Spot Instances in the fleet. If the minimum @@ -170782,8 +177636,8 @@ type StateReason struct { // the Spot price exceeded available capacity or because of an increase in // the Spot price. // - // * Client.InstanceInitiatedShutdown: The instance was shut down using the - // shutdown -h command from the instance. + // * Client.InstanceInitiatedShutdown: The instance was shut down from the + // operating system of the instance. // // * Client.InstanceTerminated: The instance was terminated or rebooted during // AMI creation. @@ -171500,6 +178354,68 @@ func (s *SubnetCidrReservation) SetTags(v []*Tag) *SubnetCidrReservation { return s } +// Describes the configuration of a subnet for a VPC endpoint. +type SubnetConfiguration struct { + _ struct{} `type:"structure"` + + // The IPv4 address to assign to the endpoint network interface in the subnet. + // You must provide an IPv4 address if the VPC endpoint supports IPv4. + // + // If you specify an IPv4 address when modifying a VPC endpoint, we replace + // the existing endpoint network interface with a new endpoint network interface + // with this IP address. This process temporarily disconnects the subnet and + // the VPC endpoint. + Ipv4 *string `type:"string"` + + // The IPv6 address to assign to the endpoint network interface in the subnet. + // You must provide an IPv6 address if the VPC endpoint supports IPv6. + // + // If you specify an IPv6 address when modifying a VPC endpoint, we replace + // the existing endpoint network interface with a new endpoint network interface + // with this IP address. This process temporarily disconnects the subnet and + // the VPC endpoint. + Ipv6 *string `type:"string"` + + // The ID of the subnet. + SubnetId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubnetConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubnetConfiguration) GoString() string { + return s.String() +} + +// SetIpv4 sets the Ipv4 field's value. +func (s *SubnetConfiguration) SetIpv4(v string) *SubnetConfiguration { + s.Ipv4 = &v + return s +} + +// SetIpv6 sets the Ipv6 field's value. +func (s *SubnetConfiguration) SetIpv6(v string) *SubnetConfiguration { + s.Ipv6 = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *SubnetConfiguration) SetSubnetId(v string) *SubnetConfiguration { + s.SubnetId = &v + return s +} + // Describes an association between a subnet and an IPv6 CIDR block. type SubnetIpv6CidrBlockAssociation struct { _ struct{} `type:"structure"` @@ -171857,7 +178773,7 @@ func (s *TagSpecification) SetTags(v []*Tag) *TagSpecification { type TargetCapacitySpecification struct { _ struct{} `type:"structure"` - // The default TotalTargetCapacity, which is either Spot or On-Demand. + // The default target capacity type. DefaultTargetCapacityType *string `locationName:"defaultTargetCapacityType" type:"string" enum:"DefaultTargetCapacityType"` // The number of On-Demand units to request. If you specify a target capacity @@ -171868,13 +178784,10 @@ type TargetCapacitySpecification struct { // for On-Demand units, you cannot specify a target capacity for Spot units. SpotTargetCapacity *int64 `locationName:"spotTargetCapacity" type:"integer"` - // The unit for the target capacity. TargetCapacityUnitType can only be specified - // when InstanceRequirements is specified. - // - // Default: units (translates to number of instances) + // The unit for the target capacity. TargetCapacityUnitType *string `locationName:"targetCapacityUnitType" type:"string" enum:"TargetCapacityUnitType"` - // The number of units to request, filled using DefaultTargetCapacityType. + // The number of units to request, filled the default target capacity type. TotalTargetCapacity *int64 `locationName:"totalTargetCapacity" type:"integer"` } @@ -171938,13 +178851,13 @@ func (s *TargetCapacitySpecification) SetTotalTargetCapacity(v int64) *TargetCap // On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch // instances until it reaches the maximum amount that you're willing to pay. // When the maximum amount you're willing to pay is reached, the fleet stops -// launching instances even if it hasn’t met the target capacity. The MaxTotalPrice +// launching instances even if it hasn't met the target capacity. The MaxTotalPrice // parameters are located in OnDemandOptionsRequest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_OnDemandOptionsRequest) // and SpotOptionsRequest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotOptionsRequest). type TargetCapacitySpecificationRequest struct { _ struct{} `type:"structure"` - // The default TotalTargetCapacity, which is either Spot or On-Demand. + // The default target capacity type. DefaultTargetCapacityType *string `type:"string" enum:"DefaultTargetCapacityType"` // The number of On-Demand units to request. @@ -171953,13 +178866,14 @@ type TargetCapacitySpecificationRequest struct { // The number of Spot units to request. SpotTargetCapacity *int64 `type:"integer"` - // The unit for the target capacity. TargetCapacityUnitType can only be specified - // when InstanceRequirements is specified. + // The unit for the target capacity. You can specify this parameter only when + // using attributed-based instance type selection. // - // Default: units (translates to number of instances) + // Default: units (the number of instances) TargetCapacityUnitType *string `type:"string" enum:"TargetCapacityUnitType"` - // The number of units to request, filled using DefaultTargetCapacityType. + // The number of units to request, filled using the default target capacity + // type. // // TotalTargetCapacity is a required field TotalTargetCapacity *int64 `type:"integer" required:"true"` @@ -174619,6 +181533,20 @@ type TransitGatewayOptions struct { // The ID of the default propagation route table. PropagationDefaultRouteTableId *string `locationName:"propagationDefaultRouteTableId" type:"string"` + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // For important information about this feature, see Create a transit gateway + // (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `locationName:"securityGroupReferencingSupport" type:"string" enum:"SecurityGroupReferencingSupportValue"` + // The transit gateway CIDR blocks. TransitGatewayCidrBlocks []*string `locationName:"transitGatewayCidrBlocks" locationNameList:"item" type:"list"` @@ -174692,6 +181620,12 @@ func (s *TransitGatewayOptions) SetPropagationDefaultRouteTableId(v string) *Tra return s } +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *TransitGatewayOptions) SetSecurityGroupReferencingSupport(v string) *TransitGatewayOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // SetTransitGatewayCidrBlocks sets the TransitGatewayCidrBlocks field's value. func (s *TransitGatewayOptions) SetTransitGatewayCidrBlocks(v []*string) *TransitGatewayOptions { s.TransitGatewayCidrBlocks = v @@ -175379,6 +182313,20 @@ type TransitGatewayRequestOptions struct { // Indicates whether multicast is enabled on the transit gateway MulticastSupport *string `type:"string" enum:"MulticastSupportValue"` + // Enables you to reference a security group across VPCs attached to a transit + // gateway (TGW). Use this option to simplify security group management and + // control of instance-to-instance traffic across VPCs that are connected by + // transit gateway. You can also use this option to migrate from VPC peering + // (which was the only option that supported security group referencing) to + // transit gateways (which now also support security group referencing). This + // option is disabled by default and there are no additional costs to use this + // feature. + // + // For important information about this feature, see Create a transit gateway + // (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `type:"string" enum:"SecurityGroupReferencingSupportValue"` + // One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size // /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for // IPv6. @@ -175442,6 +182390,12 @@ func (s *TransitGatewayRequestOptions) SetMulticastSupport(v string) *TransitGat return s } +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *TransitGatewayRequestOptions) SetSecurityGroupReferencingSupport(v string) *TransitGatewayRequestOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // SetTransitGatewayCidrBlocks sets the TransitGatewayCidrBlocks field's value. func (s *TransitGatewayRequestOptions) SetTransitGatewayCidrBlocks(v []*string) *TransitGatewayRequestOptions { s.TransitGatewayCidrBlocks = v @@ -176125,6 +183079,11 @@ type TransitGatewayVpcAttachmentOptions struct { // Indicates whether IPv6 support is disabled. Ipv6Support *string `locationName:"ipv6Support" type:"string" enum:"Ipv6SupportValue"` + + // For important information about this feature, see Create a transit gateway + // attachment to a VPC (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment) + // in the Amazon Web Services Transit Gateway Guide. + SecurityGroupReferencingSupport *string `locationName:"securityGroupReferencingSupport" type:"string" enum:"SecurityGroupReferencingSupportValue"` } // String returns the string representation. @@ -176163,9 +183122,12 @@ func (s *TransitGatewayVpcAttachmentOptions) SetIpv6Support(v string) *TransitGa return s } -// Currently available in limited preview only. If you are interested in using -// this feature, contact your account manager. -// +// SetSecurityGroupReferencingSupport sets the SecurityGroupReferencingSupport field's value. +func (s *TransitGatewayVpcAttachmentOptions) SetSecurityGroupReferencingSupport(v string) *TransitGatewayVpcAttachmentOptions { + s.SecurityGroupReferencingSupport = &v + return s +} + // Information about an association between a branch network interface with // a trunk network interface. type TrunkInterfaceAssociation struct { @@ -176690,7 +183652,7 @@ type UnassignPrivateNatGatewayAddressInput struct { // seconds. MaxDrainDurationSeconds *int64 `min:"1" type:"integer"` - // The NAT gateway ID. + // The ID of the NAT gateway. // // NatGatewayId is a required field NatGatewayId *string `type:"string" required:"true"` @@ -176768,7 +183730,7 @@ type UnassignPrivateNatGatewayAddressOutput struct { // Information about the NAT gateway IP addresses. NatGatewayAddresses []*NatGatewayAddress `locationName:"natGatewayAddressSet" locationNameList:"item" type:"list"` - // The NAT gateway ID. + // The ID of the NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` } @@ -176802,6 +183764,95 @@ func (s *UnassignPrivateNatGatewayAddressOutput) SetNatGatewayId(v string) *Unas return s } +type UnlockSnapshotInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the snapshot to unlock. + // + // SnapshotId is a required field + SnapshotId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnlockSnapshotInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnlockSnapshotInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UnlockSnapshotInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UnlockSnapshotInput"} + if s.SnapshotId == nil { + invalidParams.Add(request.NewErrParamRequired("SnapshotId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *UnlockSnapshotInput) SetDryRun(v bool) *UnlockSnapshotInput { + s.DryRun = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *UnlockSnapshotInput) SetSnapshotId(v string) *UnlockSnapshotInput { + s.SnapshotId = &v + return s +} + +type UnlockSnapshotOutput struct { + _ struct{} `type:"structure"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnlockSnapshotOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnlockSnapshotOutput) GoString() string { + return s.String() +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *UnlockSnapshotOutput) SetSnapshotId(v string) *UnlockSnapshotOutput { + s.SnapshotId = &v + return s +} + type UnmonitorInstancesInput struct { _ struct{} `type:"structure"` @@ -177074,7 +184125,7 @@ type UpdateSecurityGroupRuleDescriptionsEgressInput struct { GroupId *string `type:"string"` // [Default VPC] The name of the security group. You must specify either the - // security group ID or the security group name in the request. + // security group ID or the security group name. GroupName *string `type:"string"` // The IP permissions for the security group rule. You must specify either the @@ -177179,18 +184230,17 @@ type UpdateSecurityGroupRuleDescriptionsIngressInput struct { // VPC, you must specify the security group ID. GroupId *string `type:"string"` - // [EC2-Classic, default VPC] The name of the security group. You must specify - // either the security group ID or the security group name in the request. For - // security groups in a nondefault VPC, you must specify the security group - // ID. + // [Default VPC] The name of the security group. You must specify either the + // security group ID or the security group name. For security groups in a nondefault + // VPC, you must specify the security group ID. GroupName *string `type:"string"` // The IP permissions for the security group rule. You must specify either IP // permissions or a description. IpPermissions []*IpPermission `locationNameList:"item" type:"list"` - // [VPC only] The description for the ingress security group rules. You must - // specify either a description or IP permissions. + // The description for the ingress security group rules. You must specify either + // a description or IP permissions. SecurityGroupRuleDescriptions []*SecurityGroupRuleDescription `locationName:"SecurityGroupRuleDescription" locationNameList:"item" type:"list"` } @@ -177390,10 +184440,6 @@ func (s *UserData) SetData(v string) *UserData { } // Describes a security group and Amazon Web Services account ID pair. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. type UserIdGroupPair struct { _ struct{} `type:"structure"` @@ -177407,8 +184453,7 @@ type UserIdGroupPair struct { // The ID of the security group. GroupId *string `locationName:"groupId" type:"string"` - // The name of the security group. In a request, use this parameter for a security - // group in EC2-Classic or a default VPC only. For a security group in a nondefault + // [Default VPC] The name of the security group. For a security group in a nondefault // VPC, use the security group ID. // // For a referenced security group in another VPC, this value is not returned @@ -177423,9 +184468,6 @@ type UserIdGroupPair struct { // For a referenced security group in another VPC, the account ID of the referenced // security group is returned in the response. If the referenced security group // is deleted, this value is not returned. - // - // [EC2-Classic] Required when adding or removing rules that reference a security - // group in another Amazon Web Services account. UserId *string `locationName:"userId" type:"string"` // The ID of the VPC for the referenced security group, if applicable. @@ -177793,6 +184835,9 @@ type VerifiedAccessEndpoint struct { // The IDs of the security groups for the endpoint. SecurityGroupIds []*string `locationName:"securityGroupIdSet" locationNameList:"item" type:"list"` + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` + // The endpoint status. Status *VerifiedAccessEndpointStatus `locationName:"status" type:"structure"` @@ -177905,6 +184950,12 @@ func (s *VerifiedAccessEndpoint) SetSecurityGroupIds(v []*string) *VerifiedAcces return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *VerifiedAccessEndpoint) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *VerifiedAccessEndpoint { + s.SseSpecification = v + return s +} + // SetStatus sets the Status field's value. func (s *VerifiedAccessEndpoint) SetStatus(v *VerifiedAccessEndpointStatus) *VerifiedAccessEndpoint { s.Status = v @@ -178105,6 +185156,9 @@ type VerifiedAccessGroup struct { // The Amazon Web Services account number that owns the group. Owner *string `locationName:"owner" type:"string"` + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` + // The tags. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` @@ -178166,6 +185220,12 @@ func (s *VerifiedAccessGroup) SetOwner(v string) *VerifiedAccessGroup { return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *VerifiedAccessGroup) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *VerifiedAccessGroup { + s.SseSpecification = v + return s +} + // SetTags sets the Tags field's value. func (s *VerifiedAccessGroup) SetTags(v []*Tag) *VerifiedAccessGroup { s.Tags = v @@ -178200,6 +185260,10 @@ type VerifiedAccessInstance struct { // A description for the Amazon Web Services Verified Access instance. Description *string `locationName:"description" type:"string"` + // Indicates whether support for Federal Information Processing Standards (FIPS) + // is enabled on the instance. + FipsEnabled *bool `locationName:"fipsEnabled" type:"boolean"` + // The last updated time. LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` @@ -178243,6 +185307,12 @@ func (s *VerifiedAccessInstance) SetDescription(v string) *VerifiedAccessInstanc return s } +// SetFipsEnabled sets the FipsEnabled field's value. +func (s *VerifiedAccessInstance) SetFipsEnabled(v bool) *VerifiedAccessInstance { + s.FipsEnabled = &v + return s +} + // SetLastUpdatedTime sets the LastUpdatedTime field's value. func (s *VerifiedAccessInstance) SetLastUpdatedTime(v string) *VerifiedAccessInstance { s.LastUpdatedTime = &v @@ -178568,13 +185638,13 @@ type VerifiedAccessLogOptions struct { // Sends Verified Access logs to CloudWatch Logs. CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestinationOptions `type:"structure"` - // Include trust data sent by trust providers into the logs. + // Indicates whether to include trust data sent by trust providers in the logs. IncludeTrustContext *bool `type:"boolean"` // Sends Verified Access logs to Kinesis. KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestinationOptions `type:"structure"` - // The logging version to use. + // The logging version. // // Valid values: ocsf-0.1 | ocsf-1.0.0-rc.2 LogVersion *string `type:"string"` @@ -178805,13 +185875,13 @@ type VerifiedAccessLogs struct { // CloudWatch Logs logging destination. CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestination `locationName:"cloudWatchLogs" type:"structure"` - // Describes current setting for including trust data into the logs. + // Indicates whether trust data is included in the logs. IncludeTrustContext *bool `locationName:"includeTrustContext" type:"boolean"` // Kinesis logging destination. KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestination `locationName:"kinesisDataFirehose" type:"structure"` - // Describes current setting for the logging version. + // The log version. LogVersion *string `locationName:"logVersion" type:"string"` // Amazon S3 logging options. @@ -178866,6 +185936,94 @@ func (s *VerifiedAccessLogs) SetS3(v *VerifiedAccessLogS3Destination) *VerifiedA return s } +// Verified Access provides server side encryption by default to data at rest +// using Amazon Web Services-owned KMS keys. You also have the option of using +// customer managed KMS keys, which can be specified using the options below. +type VerifiedAccessSseSpecificationRequest struct { + _ struct{} `type:"structure"` + + // Enable or disable the use of customer managed KMS keys for server side encryption. + // + // Valid values: True | False + CustomerManagedKeyEnabled *bool `type:"boolean"` + + // The ARN of the KMS key. + KmsKeyArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessSseSpecificationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessSseSpecificationRequest) GoString() string { + return s.String() +} + +// SetCustomerManagedKeyEnabled sets the CustomerManagedKeyEnabled field's value. +func (s *VerifiedAccessSseSpecificationRequest) SetCustomerManagedKeyEnabled(v bool) *VerifiedAccessSseSpecificationRequest { + s.CustomerManagedKeyEnabled = &v + return s +} + +// SetKmsKeyArn sets the KmsKeyArn field's value. +func (s *VerifiedAccessSseSpecificationRequest) SetKmsKeyArn(v string) *VerifiedAccessSseSpecificationRequest { + s.KmsKeyArn = &v + return s +} + +// The options in use for server side encryption. +type VerifiedAccessSseSpecificationResponse struct { + _ struct{} `type:"structure"` + + // Indicates whether customer managed KMS keys are in use for server side encryption. + // + // Valid values: True | False + CustomerManagedKeyEnabled *bool `locationName:"customerManagedKeyEnabled" type:"boolean"` + + // The ARN of the KMS key. + KmsKeyArn *string `locationName:"kmsKeyArn" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessSseSpecificationResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessSseSpecificationResponse) GoString() string { + return s.String() +} + +// SetCustomerManagedKeyEnabled sets the CustomerManagedKeyEnabled field's value. +func (s *VerifiedAccessSseSpecificationResponse) SetCustomerManagedKeyEnabled(v bool) *VerifiedAccessSseSpecificationResponse { + s.CustomerManagedKeyEnabled = &v + return s +} + +// SetKmsKeyArn sets the KmsKeyArn field's value. +func (s *VerifiedAccessSseSpecificationResponse) SetKmsKeyArn(v string) *VerifiedAccessSseSpecificationResponse { + s.KmsKeyArn = &v + return s +} + // Describes a Verified Access trust provider. type VerifiedAccessTrustProvider struct { _ struct{} `type:"structure"` @@ -178891,6 +186049,9 @@ type VerifiedAccessTrustProvider struct { // The identifier to be used when working with policy rules. PolicyReferenceName *string `locationName:"policyReferenceName" type:"string"` + // The options in use for server side encryption. + SseSpecification *VerifiedAccessSseSpecificationResponse `locationName:"sseSpecification" type:"structure"` + // The tags. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` @@ -178964,6 +186125,12 @@ func (s *VerifiedAccessTrustProvider) SetPolicyReferenceName(v string) *Verified return s } +// SetSseSpecification sets the SseSpecification field's value. +func (s *VerifiedAccessTrustProvider) SetSseSpecification(v *VerifiedAccessSseSpecificationResponse) *VerifiedAccessTrustProvider { + s.SseSpecification = v + return s +} + // SetTags sets the Tags field's value. func (s *VerifiedAccessTrustProvider) SetTags(v []*Tag) *VerifiedAccessTrustProvider { s.Tags = v @@ -179066,7 +186233,8 @@ type VgwTelemetry struct { // The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate. CertificateArn *string `locationName:"certificateArn" type:"string"` - // The date and time of the last change in status. + // The date and time of the last change in status. This field is updated when + // changes in IKE (Phase 1), IPSec (Phase 2), or BGP status are detected. LastStatusChange *time.Time `locationName:"lastStatusChange" type:"timestamp"` // The Internet-routable IP address of the virtual private gateway's outside @@ -179175,6 +186343,9 @@ type Volume struct { // The snapshot from which the volume was created, if applicable. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Reserved for future use. + SseType *string `locationName:"sseType" type:"string" enum:"SSEType"` + // The volume state. State *string `locationName:"status" type:"string" enum:"VolumeState"` @@ -179275,6 +186446,12 @@ func (s *Volume) SetSnapshotId(v string) *Volume { return s } +// SetSseType sets the SseType field's value. +func (s *Volume) SetSseType(v string) *Volume { + s.SseType = &v + return s +} + // SetState sets the State field's value. func (s *Volume) SetState(v string) *Volume { s.State = &v @@ -179309,6 +186486,9 @@ func (s *Volume) SetVolumeType(v string) *Volume { type VolumeAttachment struct { _ struct{} `type:"structure"` + // The ARN of the Amazon ECS or Fargate task to which the volume is attached. + AssociatedResource *string `locationName:"associatedResource" type:"string"` + // The time stamp when the attachment initiated. AttachTime *time.Time `locationName:"attachTime" type:"timestamp"` @@ -179316,11 +186496,22 @@ type VolumeAttachment struct { DeleteOnTermination *bool `locationName:"deleteOnTermination" type:"boolean"` // The device name. + // + // If the volume is attached to a Fargate task, this parameter returns null. Device *string `locationName:"device" type:"string"` // The ID of the instance. + // + // If the volume is attached to a Fargate task, this parameter returns null. InstanceId *string `locationName:"instanceId" type:"string"` + // The service principal of Amazon Web Services service that owns the underlying + // instance to which the volume is attached. + // + // This parameter is returned only for volumes that are attached to Fargate + // tasks. + InstanceOwningService *string `locationName:"instanceOwningService" type:"string"` + // The attachment state of the volume. State *string `locationName:"status" type:"string" enum:"VolumeAttachmentState"` @@ -179346,6 +186537,12 @@ func (s VolumeAttachment) GoString() string { return s.String() } +// SetAssociatedResource sets the AssociatedResource field's value. +func (s *VolumeAttachment) SetAssociatedResource(v string) *VolumeAttachment { + s.AssociatedResource = &v + return s +} + // SetAttachTime sets the AttachTime field's value. func (s *VolumeAttachment) SetAttachTime(v time.Time) *VolumeAttachment { s.AttachTime = &v @@ -179370,6 +186567,12 @@ func (s *VolumeAttachment) SetInstanceId(v string) *VolumeAttachment { return s } +// SetInstanceOwningService sets the InstanceOwningService field's value. +func (s *VolumeAttachment) SetInstanceOwningService(v string) *VolumeAttachment { + s.InstanceOwningService = &v + return s +} + // SetState sets the State field's value. func (s *VolumeAttachment) SetState(v string) *VolumeAttachment { s.State = &v @@ -180189,9 +187392,7 @@ func (s *VpcCidrBlockState) SetStatusMessage(v string) *VpcCidrBlockState { return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Deprecated. // // Describes whether a VPC is enabled for ClassicLink. type VpcClassicLink struct { @@ -180710,10 +187911,6 @@ func (s *VpcPeeringConnection) SetVpcPeeringConnectionId(v string) *VpcPeeringCo return s } -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Describes the VPC peering connection options. type VpcPeeringConnectionOptionsDescription struct { _ struct{} `type:"structure"` @@ -180722,12 +187919,10 @@ type VpcPeeringConnectionOptionsDescription struct { // IP addresses when queried from instances in a peer VPC. AllowDnsResolutionFromRemoteVpc *bool `locationName:"allowDnsResolutionFromRemoteVpc" type:"boolean"` - // Indicates whether a local ClassicLink connection can communicate with the - // peer VPC over the VPC peering connection. + // Deprecated. AllowEgressFromLocalClassicLinkToRemoteVpc *bool `locationName:"allowEgressFromLocalClassicLinkToRemoteVpc" type:"boolean"` - // Indicates whether a local VPC can communicate with a ClassicLink connection - // in the peer VPC over the VPC peering connection. + // Deprecated. AllowEgressFromLocalVpcToRemoteClassicLink *bool `locationName:"allowEgressFromLocalVpcToRemoteClassicLink" type:"boolean"` } @@ -181966,26 +189161,30 @@ func (s *WithdrawByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *WithdrawByoipCidrO } const ( - // AcceleratorManufacturerNvidia is a AcceleratorManufacturer enum value - AcceleratorManufacturerNvidia = "nvidia" + // AcceleratorManufacturerAmazonWebServices is a AcceleratorManufacturer enum value + AcceleratorManufacturerAmazonWebServices = "amazon-web-services" // AcceleratorManufacturerAmd is a AcceleratorManufacturer enum value AcceleratorManufacturerAmd = "amd" - // AcceleratorManufacturerAmazonWebServices is a AcceleratorManufacturer enum value - AcceleratorManufacturerAmazonWebServices = "amazon-web-services" + // AcceleratorManufacturerNvidia is a AcceleratorManufacturer enum value + AcceleratorManufacturerNvidia = "nvidia" // AcceleratorManufacturerXilinx is a AcceleratorManufacturer enum value AcceleratorManufacturerXilinx = "xilinx" + + // AcceleratorManufacturerHabana is a AcceleratorManufacturer enum value + AcceleratorManufacturerHabana = "habana" ) // AcceleratorManufacturer_Values returns all elements of the AcceleratorManufacturer enum func AcceleratorManufacturer_Values() []string { return []string{ - AcceleratorManufacturerNvidia, - AcceleratorManufacturerAmd, AcceleratorManufacturerAmazonWebServices, + AcceleratorManufacturerAmd, + AcceleratorManufacturerNvidia, AcceleratorManufacturerXilinx, + AcceleratorManufacturerHabana, } } @@ -181993,43 +189192,55 @@ const ( // AcceleratorNameA100 is a AcceleratorName enum value AcceleratorNameA100 = "a100" - // AcceleratorNameV100 is a AcceleratorName enum value - AcceleratorNameV100 = "v100" + // AcceleratorNameInferentia is a AcceleratorName enum value + AcceleratorNameInferentia = "inferentia" + + // AcceleratorNameK520 is a AcceleratorName enum value + AcceleratorNameK520 = "k520" // AcceleratorNameK80 is a AcceleratorName enum value AcceleratorNameK80 = "k80" - // AcceleratorNameT4 is a AcceleratorName enum value - AcceleratorNameT4 = "t4" - // AcceleratorNameM60 is a AcceleratorName enum value AcceleratorNameM60 = "m60" // AcceleratorNameRadeonProV520 is a AcceleratorName enum value AcceleratorNameRadeonProV520 = "radeon-pro-v520" + // AcceleratorNameT4 is a AcceleratorName enum value + AcceleratorNameT4 = "t4" + // AcceleratorNameVu9p is a AcceleratorName enum value AcceleratorNameVu9p = "vu9p" - // AcceleratorNameInferentia is a AcceleratorName enum value - AcceleratorNameInferentia = "inferentia" + // AcceleratorNameV100 is a AcceleratorName enum value + AcceleratorNameV100 = "v100" - // AcceleratorNameK520 is a AcceleratorName enum value - AcceleratorNameK520 = "k520" + // AcceleratorNameA10g is a AcceleratorName enum value + AcceleratorNameA10g = "a10g" + + // AcceleratorNameH100 is a AcceleratorName enum value + AcceleratorNameH100 = "h100" + + // AcceleratorNameT4g is a AcceleratorName enum value + AcceleratorNameT4g = "t4g" ) // AcceleratorName_Values returns all elements of the AcceleratorName enum func AcceleratorName_Values() []string { return []string{ AcceleratorNameA100, - AcceleratorNameV100, + AcceleratorNameInferentia, + AcceleratorNameK520, AcceleratorNameK80, - AcceleratorNameT4, AcceleratorNameM60, AcceleratorNameRadeonProV520, + AcceleratorNameT4, AcceleratorNameVu9p, - AcceleratorNameInferentia, - AcceleratorNameK520, + AcceleratorNameV100, + AcceleratorNameA10g, + AcceleratorNameH100, + AcceleratorNameT4g, } } @@ -182353,6 +189564,70 @@ func ArchitectureValues_Values() []string { } } +const ( + // AsnAssociationStateDisassociated is a AsnAssociationState enum value + AsnAssociationStateDisassociated = "disassociated" + + // AsnAssociationStateFailedDisassociation is a AsnAssociationState enum value + AsnAssociationStateFailedDisassociation = "failed-disassociation" + + // AsnAssociationStateFailedAssociation is a AsnAssociationState enum value + AsnAssociationStateFailedAssociation = "failed-association" + + // AsnAssociationStatePendingDisassociation is a AsnAssociationState enum value + AsnAssociationStatePendingDisassociation = "pending-disassociation" + + // AsnAssociationStatePendingAssociation is a AsnAssociationState enum value + AsnAssociationStatePendingAssociation = "pending-association" + + // AsnAssociationStateAssociated is a AsnAssociationState enum value + AsnAssociationStateAssociated = "associated" +) + +// AsnAssociationState_Values returns all elements of the AsnAssociationState enum +func AsnAssociationState_Values() []string { + return []string{ + AsnAssociationStateDisassociated, + AsnAssociationStateFailedDisassociation, + AsnAssociationStateFailedAssociation, + AsnAssociationStatePendingDisassociation, + AsnAssociationStatePendingAssociation, + AsnAssociationStateAssociated, + } +} + +const ( + // AsnStateDeprovisioned is a AsnState enum value + AsnStateDeprovisioned = "deprovisioned" + + // AsnStateFailedDeprovision is a AsnState enum value + AsnStateFailedDeprovision = "failed-deprovision" + + // AsnStateFailedProvision is a AsnState enum value + AsnStateFailedProvision = "failed-provision" + + // AsnStatePendingDeprovision is a AsnState enum value + AsnStatePendingDeprovision = "pending-deprovision" + + // AsnStatePendingProvision is a AsnState enum value + AsnStatePendingProvision = "pending-provision" + + // AsnStateProvisioned is a AsnState enum value + AsnStateProvisioned = "provisioned" +) + +// AsnState_Values returns all elements of the AsnState enum +func AsnState_Values() []string { + return []string{ + AsnStateDeprovisioned, + AsnStateFailedDeprovision, + AsnStateFailedProvision, + AsnStatePendingDeprovision, + AsnStatePendingProvision, + AsnStateProvisioned, + } +} + const ( // AssociatedNetworkTypeVpc is a AssociatedNetworkType enum value AssociatedNetworkTypeVpc = "vpc" @@ -182860,6 +190135,9 @@ const ( // CapacityReservationInstancePlatformRhelwithHaandSqlserverEnterprise is a CapacityReservationInstancePlatform enum value CapacityReservationInstancePlatformRhelwithHaandSqlserverEnterprise = "RHEL with HA and SQL Server Enterprise" + + // CapacityReservationInstancePlatformUbuntuPro is a CapacityReservationInstancePlatform enum value + CapacityReservationInstancePlatformUbuntuPro = "Ubuntu Pro" ) // CapacityReservationInstancePlatform_Values returns all elements of the CapacityReservationInstancePlatform enum @@ -182882,6 +190160,7 @@ func CapacityReservationInstancePlatform_Values() []string { CapacityReservationInstancePlatformRhelwithHa, CapacityReservationInstancePlatformRhelwithHaandSqlserverStandard, CapacityReservationInstancePlatformRhelwithHaandSqlserverEnterprise, + CapacityReservationInstancePlatformUbuntuPro, } } @@ -182916,6 +190195,15 @@ const ( // CapacityReservationStateFailed is a CapacityReservationState enum value CapacityReservationStateFailed = "failed" + + // CapacityReservationStateScheduled is a CapacityReservationState enum value + CapacityReservationStateScheduled = "scheduled" + + // CapacityReservationStatePaymentPending is a CapacityReservationState enum value + CapacityReservationStatePaymentPending = "payment-pending" + + // CapacityReservationStatePaymentFailed is a CapacityReservationState enum value + CapacityReservationStatePaymentFailed = "payment-failed" ) // CapacityReservationState_Values returns all elements of the CapacityReservationState enum @@ -182926,6 +190214,9 @@ func CapacityReservationState_Values() []string { CapacityReservationStateCancelled, CapacityReservationStatePending, CapacityReservationStateFailed, + CapacityReservationStateScheduled, + CapacityReservationStatePaymentPending, + CapacityReservationStatePaymentFailed, } } @@ -182945,6 +190236,22 @@ func CapacityReservationTenancy_Values() []string { } } +const ( + // CapacityReservationTypeDefault is a CapacityReservationType enum value + CapacityReservationTypeDefault = "default" + + // CapacityReservationTypeCapacityBlock is a CapacityReservationType enum value + CapacityReservationTypeCapacityBlock = "capacity-block" +) + +// CapacityReservationType_Values returns all elements of the CapacityReservationType enum +func CapacityReservationType_Values() []string { + return []string{ + CapacityReservationTypeDefault, + CapacityReservationTypeCapacityBlock, + } +} + const ( // CarrierGatewayStatePending is a CarrierGatewayState enum value CarrierGatewayStatePending = "pending" @@ -183295,6 +190602,9 @@ const ( // DefaultTargetCapacityTypeOnDemand is a DefaultTargetCapacityType enum value DefaultTargetCapacityTypeOnDemand = "on-demand" + + // DefaultTargetCapacityTypeCapacityBlock is a DefaultTargetCapacityType enum value + DefaultTargetCapacityTypeCapacityBlock = "capacity-block" ) // DefaultTargetCapacityType_Values returns all elements of the DefaultTargetCapacityType enum @@ -183302,6 +190612,7 @@ func DefaultTargetCapacityType_Values() []string { return []string{ DefaultTargetCapacityTypeSpot, DefaultTargetCapacityTypeOnDemand, + DefaultTargetCapacityTypeCapacityBlock, } } @@ -183371,6 +190682,9 @@ const ( // DeviceTrustProviderTypeCrowdstrike is a DeviceTrustProviderType enum value DeviceTrustProviderTypeCrowdstrike = "crowdstrike" + + // DeviceTrustProviderTypeJumpcloud is a DeviceTrustProviderType enum value + DeviceTrustProviderTypeJumpcloud = "jumpcloud" ) // DeviceTrustProviderType_Values returns all elements of the DeviceTrustProviderType enum @@ -183378,6 +190692,7 @@ func DeviceTrustProviderType_Values() []string { return []string{ DeviceTrustProviderTypeJamf, DeviceTrustProviderTypeCrowdstrike, + DeviceTrustProviderTypeJumpcloud, } } @@ -184389,6 +191704,30 @@ func ImageAttributeName_Values() []string { } } +const ( + // ImageBlockPublicAccessDisabledStateUnblocked is a ImageBlockPublicAccessDisabledState enum value + ImageBlockPublicAccessDisabledStateUnblocked = "unblocked" +) + +// ImageBlockPublicAccessDisabledState_Values returns all elements of the ImageBlockPublicAccessDisabledState enum +func ImageBlockPublicAccessDisabledState_Values() []string { + return []string{ + ImageBlockPublicAccessDisabledStateUnblocked, + } +} + +const ( + // ImageBlockPublicAccessEnabledStateBlockNewSharing is a ImageBlockPublicAccessEnabledState enum value + ImageBlockPublicAccessEnabledStateBlockNewSharing = "block-new-sharing" +) + +// ImageBlockPublicAccessEnabledState_Values returns all elements of the ImageBlockPublicAccessEnabledState enum +func ImageBlockPublicAccessEnabledState_Values() []string { + return []string{ + ImageBlockPublicAccessEnabledStateBlockNewSharing, + } +} + const ( // ImageStatePending is a ImageState enum value ImageStatePending = "pending" @@ -184410,6 +191749,9 @@ const ( // ImageStateError is a ImageState enum value ImageStateError = "error" + + // ImageStateDisabled is a ImageState enum value + ImageStateDisabled = "disabled" ) // ImageState_Values returns all elements of the ImageState enum @@ -184422,6 +191764,7 @@ func ImageState_Values() []string { ImageStateTransient, ImageStateFailed, ImageStateError, + ImageStateDisabled, } } @@ -184659,6 +192002,9 @@ const ( // InstanceLifecycleTypeScheduled is a InstanceLifecycleType enum value InstanceLifecycleTypeScheduled = "scheduled" + + // InstanceLifecycleTypeCapacityBlock is a InstanceLifecycleType enum value + InstanceLifecycleTypeCapacityBlock = "capacity-block" ) // InstanceLifecycleType_Values returns all elements of the InstanceLifecycleType enum @@ -184666,6 +192012,7 @@ func InstanceLifecycleType_Values() []string { return []string{ InstanceLifecycleTypeSpot, InstanceLifecycleTypeScheduled, + InstanceLifecycleTypeCapacityBlock, } } @@ -186759,6 +194106,393 @@ const ( // InstanceTypeI4g16xlarge is a InstanceType enum value InstanceTypeI4g16xlarge = "i4g.16xlarge" + + // InstanceTypeHpc7g4xlarge is a InstanceType enum value + InstanceTypeHpc7g4xlarge = "hpc7g.4xlarge" + + // InstanceTypeHpc7g8xlarge is a InstanceType enum value + InstanceTypeHpc7g8xlarge = "hpc7g.8xlarge" + + // InstanceTypeHpc7g16xlarge is a InstanceType enum value + InstanceTypeHpc7g16xlarge = "hpc7g.16xlarge" + + // InstanceTypeC7gnMedium is a InstanceType enum value + InstanceTypeC7gnMedium = "c7gn.medium" + + // InstanceTypeC7gnLarge is a InstanceType enum value + InstanceTypeC7gnLarge = "c7gn.large" + + // InstanceTypeC7gnXlarge is a InstanceType enum value + InstanceTypeC7gnXlarge = "c7gn.xlarge" + + // InstanceTypeC7gn2xlarge is a InstanceType enum value + InstanceTypeC7gn2xlarge = "c7gn.2xlarge" + + // InstanceTypeC7gn4xlarge is a InstanceType enum value + InstanceTypeC7gn4xlarge = "c7gn.4xlarge" + + // InstanceTypeC7gn8xlarge is a InstanceType enum value + InstanceTypeC7gn8xlarge = "c7gn.8xlarge" + + // InstanceTypeC7gn12xlarge is a InstanceType enum value + InstanceTypeC7gn12xlarge = "c7gn.12xlarge" + + // InstanceTypeC7gn16xlarge is a InstanceType enum value + InstanceTypeC7gn16xlarge = "c7gn.16xlarge" + + // InstanceTypeP548xlarge is a InstanceType enum value + InstanceTypeP548xlarge = "p5.48xlarge" + + // InstanceTypeM7iLarge is a InstanceType enum value + InstanceTypeM7iLarge = "m7i.large" + + // InstanceTypeM7iXlarge is a InstanceType enum value + InstanceTypeM7iXlarge = "m7i.xlarge" + + // InstanceTypeM7i2xlarge is a InstanceType enum value + InstanceTypeM7i2xlarge = "m7i.2xlarge" + + // InstanceTypeM7i4xlarge is a InstanceType enum value + InstanceTypeM7i4xlarge = "m7i.4xlarge" + + // InstanceTypeM7i8xlarge is a InstanceType enum value + InstanceTypeM7i8xlarge = "m7i.8xlarge" + + // InstanceTypeM7i12xlarge is a InstanceType enum value + InstanceTypeM7i12xlarge = "m7i.12xlarge" + + // InstanceTypeM7i16xlarge is a InstanceType enum value + InstanceTypeM7i16xlarge = "m7i.16xlarge" + + // InstanceTypeM7i24xlarge is a InstanceType enum value + InstanceTypeM7i24xlarge = "m7i.24xlarge" + + // InstanceTypeM7i48xlarge is a InstanceType enum value + InstanceTypeM7i48xlarge = "m7i.48xlarge" + + // InstanceTypeM7iFlexLarge is a InstanceType enum value + InstanceTypeM7iFlexLarge = "m7i-flex.large" + + // InstanceTypeM7iFlexXlarge is a InstanceType enum value + InstanceTypeM7iFlexXlarge = "m7i-flex.xlarge" + + // InstanceTypeM7iFlex2xlarge is a InstanceType enum value + InstanceTypeM7iFlex2xlarge = "m7i-flex.2xlarge" + + // InstanceTypeM7iFlex4xlarge is a InstanceType enum value + InstanceTypeM7iFlex4xlarge = "m7i-flex.4xlarge" + + // InstanceTypeM7iFlex8xlarge is a InstanceType enum value + InstanceTypeM7iFlex8xlarge = "m7i-flex.8xlarge" + + // InstanceTypeM7aMedium is a InstanceType enum value + InstanceTypeM7aMedium = "m7a.medium" + + // InstanceTypeM7aLarge is a InstanceType enum value + InstanceTypeM7aLarge = "m7a.large" + + // InstanceTypeM7aXlarge is a InstanceType enum value + InstanceTypeM7aXlarge = "m7a.xlarge" + + // InstanceTypeM7a2xlarge is a InstanceType enum value + InstanceTypeM7a2xlarge = "m7a.2xlarge" + + // InstanceTypeM7a4xlarge is a InstanceType enum value + InstanceTypeM7a4xlarge = "m7a.4xlarge" + + // InstanceTypeM7a8xlarge is a InstanceType enum value + InstanceTypeM7a8xlarge = "m7a.8xlarge" + + // InstanceTypeM7a12xlarge is a InstanceType enum value + InstanceTypeM7a12xlarge = "m7a.12xlarge" + + // InstanceTypeM7a16xlarge is a InstanceType enum value + InstanceTypeM7a16xlarge = "m7a.16xlarge" + + // InstanceTypeM7a24xlarge is a InstanceType enum value + InstanceTypeM7a24xlarge = "m7a.24xlarge" + + // InstanceTypeM7a32xlarge is a InstanceType enum value + InstanceTypeM7a32xlarge = "m7a.32xlarge" + + // InstanceTypeM7a48xlarge is a InstanceType enum value + InstanceTypeM7a48xlarge = "m7a.48xlarge" + + // InstanceTypeM7aMetal48xl is a InstanceType enum value + InstanceTypeM7aMetal48xl = "m7a.metal-48xl" + + // InstanceTypeHpc7a12xlarge is a InstanceType enum value + InstanceTypeHpc7a12xlarge = "hpc7a.12xlarge" + + // InstanceTypeHpc7a24xlarge is a InstanceType enum value + InstanceTypeHpc7a24xlarge = "hpc7a.24xlarge" + + // InstanceTypeHpc7a48xlarge is a InstanceType enum value + InstanceTypeHpc7a48xlarge = "hpc7a.48xlarge" + + // InstanceTypeHpc7a96xlarge is a InstanceType enum value + InstanceTypeHpc7a96xlarge = "hpc7a.96xlarge" + + // InstanceTypeC7gdMedium is a InstanceType enum value + InstanceTypeC7gdMedium = "c7gd.medium" + + // InstanceTypeC7gdLarge is a InstanceType enum value + InstanceTypeC7gdLarge = "c7gd.large" + + // InstanceTypeC7gdXlarge is a InstanceType enum value + InstanceTypeC7gdXlarge = "c7gd.xlarge" + + // InstanceTypeC7gd2xlarge is a InstanceType enum value + InstanceTypeC7gd2xlarge = "c7gd.2xlarge" + + // InstanceTypeC7gd4xlarge is a InstanceType enum value + InstanceTypeC7gd4xlarge = "c7gd.4xlarge" + + // InstanceTypeC7gd8xlarge is a InstanceType enum value + InstanceTypeC7gd8xlarge = "c7gd.8xlarge" + + // InstanceTypeC7gd12xlarge is a InstanceType enum value + InstanceTypeC7gd12xlarge = "c7gd.12xlarge" + + // InstanceTypeC7gd16xlarge is a InstanceType enum value + InstanceTypeC7gd16xlarge = "c7gd.16xlarge" + + // InstanceTypeM7gdMedium is a InstanceType enum value + InstanceTypeM7gdMedium = "m7gd.medium" + + // InstanceTypeM7gdLarge is a InstanceType enum value + InstanceTypeM7gdLarge = "m7gd.large" + + // InstanceTypeM7gdXlarge is a InstanceType enum value + InstanceTypeM7gdXlarge = "m7gd.xlarge" + + // InstanceTypeM7gd2xlarge is a InstanceType enum value + InstanceTypeM7gd2xlarge = "m7gd.2xlarge" + + // InstanceTypeM7gd4xlarge is a InstanceType enum value + InstanceTypeM7gd4xlarge = "m7gd.4xlarge" + + // InstanceTypeM7gd8xlarge is a InstanceType enum value + InstanceTypeM7gd8xlarge = "m7gd.8xlarge" + + // InstanceTypeM7gd12xlarge is a InstanceType enum value + InstanceTypeM7gd12xlarge = "m7gd.12xlarge" + + // InstanceTypeM7gd16xlarge is a InstanceType enum value + InstanceTypeM7gd16xlarge = "m7gd.16xlarge" + + // InstanceTypeR7gdMedium is a InstanceType enum value + InstanceTypeR7gdMedium = "r7gd.medium" + + // InstanceTypeR7gdLarge is a InstanceType enum value + InstanceTypeR7gdLarge = "r7gd.large" + + // InstanceTypeR7gdXlarge is a InstanceType enum value + InstanceTypeR7gdXlarge = "r7gd.xlarge" + + // InstanceTypeR7gd2xlarge is a InstanceType enum value + InstanceTypeR7gd2xlarge = "r7gd.2xlarge" + + // InstanceTypeR7gd4xlarge is a InstanceType enum value + InstanceTypeR7gd4xlarge = "r7gd.4xlarge" + + // InstanceTypeR7gd8xlarge is a InstanceType enum value + InstanceTypeR7gd8xlarge = "r7gd.8xlarge" + + // InstanceTypeR7gd12xlarge is a InstanceType enum value + InstanceTypeR7gd12xlarge = "r7gd.12xlarge" + + // InstanceTypeR7gd16xlarge is a InstanceType enum value + InstanceTypeR7gd16xlarge = "r7gd.16xlarge" + + // InstanceTypeR7aMedium is a InstanceType enum value + InstanceTypeR7aMedium = "r7a.medium" + + // InstanceTypeR7aLarge is a InstanceType enum value + InstanceTypeR7aLarge = "r7a.large" + + // InstanceTypeR7aXlarge is a InstanceType enum value + InstanceTypeR7aXlarge = "r7a.xlarge" + + // InstanceTypeR7a2xlarge is a InstanceType enum value + InstanceTypeR7a2xlarge = "r7a.2xlarge" + + // InstanceTypeR7a4xlarge is a InstanceType enum value + InstanceTypeR7a4xlarge = "r7a.4xlarge" + + // InstanceTypeR7a8xlarge is a InstanceType enum value + InstanceTypeR7a8xlarge = "r7a.8xlarge" + + // InstanceTypeR7a12xlarge is a InstanceType enum value + InstanceTypeR7a12xlarge = "r7a.12xlarge" + + // InstanceTypeR7a16xlarge is a InstanceType enum value + InstanceTypeR7a16xlarge = "r7a.16xlarge" + + // InstanceTypeR7a24xlarge is a InstanceType enum value + InstanceTypeR7a24xlarge = "r7a.24xlarge" + + // InstanceTypeR7a32xlarge is a InstanceType enum value + InstanceTypeR7a32xlarge = "r7a.32xlarge" + + // InstanceTypeR7a48xlarge is a InstanceType enum value + InstanceTypeR7a48xlarge = "r7a.48xlarge" + + // InstanceTypeC7iLarge is a InstanceType enum value + InstanceTypeC7iLarge = "c7i.large" + + // InstanceTypeC7iXlarge is a InstanceType enum value + InstanceTypeC7iXlarge = "c7i.xlarge" + + // InstanceTypeC7i2xlarge is a InstanceType enum value + InstanceTypeC7i2xlarge = "c7i.2xlarge" + + // InstanceTypeC7i4xlarge is a InstanceType enum value + InstanceTypeC7i4xlarge = "c7i.4xlarge" + + // InstanceTypeC7i8xlarge is a InstanceType enum value + InstanceTypeC7i8xlarge = "c7i.8xlarge" + + // InstanceTypeC7i12xlarge is a InstanceType enum value + InstanceTypeC7i12xlarge = "c7i.12xlarge" + + // InstanceTypeC7i16xlarge is a InstanceType enum value + InstanceTypeC7i16xlarge = "c7i.16xlarge" + + // InstanceTypeC7i24xlarge is a InstanceType enum value + InstanceTypeC7i24xlarge = "c7i.24xlarge" + + // InstanceTypeC7i48xlarge is a InstanceType enum value + InstanceTypeC7i48xlarge = "c7i.48xlarge" + + // InstanceTypeMac2M2proMetal is a InstanceType enum value + InstanceTypeMac2M2proMetal = "mac2-m2pro.metal" + + // InstanceTypeR7izLarge is a InstanceType enum value + InstanceTypeR7izLarge = "r7iz.large" + + // InstanceTypeR7izXlarge is a InstanceType enum value + InstanceTypeR7izXlarge = "r7iz.xlarge" + + // InstanceTypeR7iz2xlarge is a InstanceType enum value + InstanceTypeR7iz2xlarge = "r7iz.2xlarge" + + // InstanceTypeR7iz4xlarge is a InstanceType enum value + InstanceTypeR7iz4xlarge = "r7iz.4xlarge" + + // InstanceTypeR7iz8xlarge is a InstanceType enum value + InstanceTypeR7iz8xlarge = "r7iz.8xlarge" + + // InstanceTypeR7iz12xlarge is a InstanceType enum value + InstanceTypeR7iz12xlarge = "r7iz.12xlarge" + + // InstanceTypeR7iz16xlarge is a InstanceType enum value + InstanceTypeR7iz16xlarge = "r7iz.16xlarge" + + // InstanceTypeR7iz32xlarge is a InstanceType enum value + InstanceTypeR7iz32xlarge = "r7iz.32xlarge" + + // InstanceTypeC7aMedium is a InstanceType enum value + InstanceTypeC7aMedium = "c7a.medium" + + // InstanceTypeC7aLarge is a InstanceType enum value + InstanceTypeC7aLarge = "c7a.large" + + // InstanceTypeC7aXlarge is a InstanceType enum value + InstanceTypeC7aXlarge = "c7a.xlarge" + + // InstanceTypeC7a2xlarge is a InstanceType enum value + InstanceTypeC7a2xlarge = "c7a.2xlarge" + + // InstanceTypeC7a4xlarge is a InstanceType enum value + InstanceTypeC7a4xlarge = "c7a.4xlarge" + + // InstanceTypeC7a8xlarge is a InstanceType enum value + InstanceTypeC7a8xlarge = "c7a.8xlarge" + + // InstanceTypeC7a12xlarge is a InstanceType enum value + InstanceTypeC7a12xlarge = "c7a.12xlarge" + + // InstanceTypeC7a16xlarge is a InstanceType enum value + InstanceTypeC7a16xlarge = "c7a.16xlarge" + + // InstanceTypeC7a24xlarge is a InstanceType enum value + InstanceTypeC7a24xlarge = "c7a.24xlarge" + + // InstanceTypeC7a32xlarge is a InstanceType enum value + InstanceTypeC7a32xlarge = "c7a.32xlarge" + + // InstanceTypeC7a48xlarge is a InstanceType enum value + InstanceTypeC7a48xlarge = "c7a.48xlarge" + + // InstanceTypeC7aMetal48xl is a InstanceType enum value + InstanceTypeC7aMetal48xl = "c7a.metal-48xl" + + // InstanceTypeR7aMetal48xl is a InstanceType enum value + InstanceTypeR7aMetal48xl = "r7a.metal-48xl" + + // InstanceTypeR7iLarge is a InstanceType enum value + InstanceTypeR7iLarge = "r7i.large" + + // InstanceTypeR7iXlarge is a InstanceType enum value + InstanceTypeR7iXlarge = "r7i.xlarge" + + // InstanceTypeR7i2xlarge is a InstanceType enum value + InstanceTypeR7i2xlarge = "r7i.2xlarge" + + // InstanceTypeR7i4xlarge is a InstanceType enum value + InstanceTypeR7i4xlarge = "r7i.4xlarge" + + // InstanceTypeR7i8xlarge is a InstanceType enum value + InstanceTypeR7i8xlarge = "r7i.8xlarge" + + // InstanceTypeR7i12xlarge is a InstanceType enum value + InstanceTypeR7i12xlarge = "r7i.12xlarge" + + // InstanceTypeR7i16xlarge is a InstanceType enum value + InstanceTypeR7i16xlarge = "r7i.16xlarge" + + // InstanceTypeR7i24xlarge is a InstanceType enum value + InstanceTypeR7i24xlarge = "r7i.24xlarge" + + // InstanceTypeR7i48xlarge is a InstanceType enum value + InstanceTypeR7i48xlarge = "r7i.48xlarge" + + // InstanceTypeDl2q24xlarge is a InstanceType enum value + InstanceTypeDl2q24xlarge = "dl2q.24xlarge" + + // InstanceTypeMac2M2Metal is a InstanceType enum value + InstanceTypeMac2M2Metal = "mac2-m2.metal" + + // InstanceTypeI4i12xlarge is a InstanceType enum value + InstanceTypeI4i12xlarge = "i4i.12xlarge" + + // InstanceTypeI4i24xlarge is a InstanceType enum value + InstanceTypeI4i24xlarge = "i4i.24xlarge" + + // InstanceTypeC7iMetal24xl is a InstanceType enum value + InstanceTypeC7iMetal24xl = "c7i.metal-24xl" + + // InstanceTypeC7iMetal48xl is a InstanceType enum value + InstanceTypeC7iMetal48xl = "c7i.metal-48xl" + + // InstanceTypeM7iMetal24xl is a InstanceType enum value + InstanceTypeM7iMetal24xl = "m7i.metal-24xl" + + // InstanceTypeM7iMetal48xl is a InstanceType enum value + InstanceTypeM7iMetal48xl = "m7i.metal-48xl" + + // InstanceTypeR7iMetal24xl is a InstanceType enum value + InstanceTypeR7iMetal24xl = "r7i.metal-24xl" + + // InstanceTypeR7iMetal48xl is a InstanceType enum value + InstanceTypeR7iMetal48xl = "r7i.metal-48xl" + + // InstanceTypeR7izMetal16xl is a InstanceType enum value + InstanceTypeR7izMetal16xl = "r7iz.metal-16xl" + + // InstanceTypeR7izMetal32xl is a InstanceType enum value + InstanceTypeR7izMetal32xl = "r7iz.metal-32xl" ) // InstanceType_Values returns all elements of the InstanceType enum @@ -187418,6 +195152,135 @@ func InstanceType_Values() []string { InstanceTypeI4g4xlarge, InstanceTypeI4g8xlarge, InstanceTypeI4g16xlarge, + InstanceTypeHpc7g4xlarge, + InstanceTypeHpc7g8xlarge, + InstanceTypeHpc7g16xlarge, + InstanceTypeC7gnMedium, + InstanceTypeC7gnLarge, + InstanceTypeC7gnXlarge, + InstanceTypeC7gn2xlarge, + InstanceTypeC7gn4xlarge, + InstanceTypeC7gn8xlarge, + InstanceTypeC7gn12xlarge, + InstanceTypeC7gn16xlarge, + InstanceTypeP548xlarge, + InstanceTypeM7iLarge, + InstanceTypeM7iXlarge, + InstanceTypeM7i2xlarge, + InstanceTypeM7i4xlarge, + InstanceTypeM7i8xlarge, + InstanceTypeM7i12xlarge, + InstanceTypeM7i16xlarge, + InstanceTypeM7i24xlarge, + InstanceTypeM7i48xlarge, + InstanceTypeM7iFlexLarge, + InstanceTypeM7iFlexXlarge, + InstanceTypeM7iFlex2xlarge, + InstanceTypeM7iFlex4xlarge, + InstanceTypeM7iFlex8xlarge, + InstanceTypeM7aMedium, + InstanceTypeM7aLarge, + InstanceTypeM7aXlarge, + InstanceTypeM7a2xlarge, + InstanceTypeM7a4xlarge, + InstanceTypeM7a8xlarge, + InstanceTypeM7a12xlarge, + InstanceTypeM7a16xlarge, + InstanceTypeM7a24xlarge, + InstanceTypeM7a32xlarge, + InstanceTypeM7a48xlarge, + InstanceTypeM7aMetal48xl, + InstanceTypeHpc7a12xlarge, + InstanceTypeHpc7a24xlarge, + InstanceTypeHpc7a48xlarge, + InstanceTypeHpc7a96xlarge, + InstanceTypeC7gdMedium, + InstanceTypeC7gdLarge, + InstanceTypeC7gdXlarge, + InstanceTypeC7gd2xlarge, + InstanceTypeC7gd4xlarge, + InstanceTypeC7gd8xlarge, + InstanceTypeC7gd12xlarge, + InstanceTypeC7gd16xlarge, + InstanceTypeM7gdMedium, + InstanceTypeM7gdLarge, + InstanceTypeM7gdXlarge, + InstanceTypeM7gd2xlarge, + InstanceTypeM7gd4xlarge, + InstanceTypeM7gd8xlarge, + InstanceTypeM7gd12xlarge, + InstanceTypeM7gd16xlarge, + InstanceTypeR7gdMedium, + InstanceTypeR7gdLarge, + InstanceTypeR7gdXlarge, + InstanceTypeR7gd2xlarge, + InstanceTypeR7gd4xlarge, + InstanceTypeR7gd8xlarge, + InstanceTypeR7gd12xlarge, + InstanceTypeR7gd16xlarge, + InstanceTypeR7aMedium, + InstanceTypeR7aLarge, + InstanceTypeR7aXlarge, + InstanceTypeR7a2xlarge, + InstanceTypeR7a4xlarge, + InstanceTypeR7a8xlarge, + InstanceTypeR7a12xlarge, + InstanceTypeR7a16xlarge, + InstanceTypeR7a24xlarge, + InstanceTypeR7a32xlarge, + InstanceTypeR7a48xlarge, + InstanceTypeC7iLarge, + InstanceTypeC7iXlarge, + InstanceTypeC7i2xlarge, + InstanceTypeC7i4xlarge, + InstanceTypeC7i8xlarge, + InstanceTypeC7i12xlarge, + InstanceTypeC7i16xlarge, + InstanceTypeC7i24xlarge, + InstanceTypeC7i48xlarge, + InstanceTypeMac2M2proMetal, + InstanceTypeR7izLarge, + InstanceTypeR7izXlarge, + InstanceTypeR7iz2xlarge, + InstanceTypeR7iz4xlarge, + InstanceTypeR7iz8xlarge, + InstanceTypeR7iz12xlarge, + InstanceTypeR7iz16xlarge, + InstanceTypeR7iz32xlarge, + InstanceTypeC7aMedium, + InstanceTypeC7aLarge, + InstanceTypeC7aXlarge, + InstanceTypeC7a2xlarge, + InstanceTypeC7a4xlarge, + InstanceTypeC7a8xlarge, + InstanceTypeC7a12xlarge, + InstanceTypeC7a16xlarge, + InstanceTypeC7a24xlarge, + InstanceTypeC7a32xlarge, + InstanceTypeC7a48xlarge, + InstanceTypeC7aMetal48xl, + InstanceTypeR7aMetal48xl, + InstanceTypeR7iLarge, + InstanceTypeR7iXlarge, + InstanceTypeR7i2xlarge, + InstanceTypeR7i4xlarge, + InstanceTypeR7i8xlarge, + InstanceTypeR7i12xlarge, + InstanceTypeR7i16xlarge, + InstanceTypeR7i24xlarge, + InstanceTypeR7i48xlarge, + InstanceTypeDl2q24xlarge, + InstanceTypeMac2M2Metal, + InstanceTypeI4i12xlarge, + InstanceTypeI4i24xlarge, + InstanceTypeC7iMetal24xl, + InstanceTypeC7iMetal48xl, + InstanceTypeM7iMetal24xl, + InstanceTypeM7iMetal48xl, + InstanceTypeR7iMetal24xl, + InstanceTypeR7iMetal48xl, + InstanceTypeR7izMetal16xl, + InstanceTypeR7izMetal32xl, } } @@ -187629,6 +195492,9 @@ const ( // IpamPoolAllocationResourceTypeCustom is a IpamPoolAllocationResourceType enum value IpamPoolAllocationResourceTypeCustom = "custom" + + // IpamPoolAllocationResourceTypeSubnet is a IpamPoolAllocationResourceType enum value + IpamPoolAllocationResourceTypeSubnet = "subnet" ) // IpamPoolAllocationResourceType_Values returns all elements of the IpamPoolAllocationResourceType enum @@ -187638,6 +195504,7 @@ func IpamPoolAllocationResourceType_Values() []string { IpamPoolAllocationResourceTypeVpc, IpamPoolAllocationResourceTypeEc2PublicIpv4Pool, IpamPoolAllocationResourceTypeCustom, + IpamPoolAllocationResourceTypeSubnet, } } @@ -187725,6 +195592,18 @@ func IpamPoolPublicIpSource_Values() []string { } } +const ( + // IpamPoolSourceResourceTypeVpc is a IpamPoolSourceResourceType enum value + IpamPoolSourceResourceTypeVpc = "vpc" +) + +// IpamPoolSourceResourceType_Values returns all elements of the IpamPoolSourceResourceType enum +func IpamPoolSourceResourceType_Values() []string { + return []string{ + IpamPoolSourceResourceTypeVpc, + } +} + const ( // IpamPoolStateCreateInProgress is a IpamPoolState enum value IpamPoolStateCreateInProgress = "create-in-progress" @@ -187781,6 +195660,94 @@ func IpamPoolState_Values() []string { } } +const ( + // IpamPublicAddressAssociationStatusAssociated is a IpamPublicAddressAssociationStatus enum value + IpamPublicAddressAssociationStatusAssociated = "associated" + + // IpamPublicAddressAssociationStatusDisassociated is a IpamPublicAddressAssociationStatus enum value + IpamPublicAddressAssociationStatusDisassociated = "disassociated" +) + +// IpamPublicAddressAssociationStatus_Values returns all elements of the IpamPublicAddressAssociationStatus enum +func IpamPublicAddressAssociationStatus_Values() []string { + return []string{ + IpamPublicAddressAssociationStatusAssociated, + IpamPublicAddressAssociationStatusDisassociated, + } +} + +const ( + // IpamPublicAddressAwsServiceNatGateway is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceNatGateway = "nat-gateway" + + // IpamPublicAddressAwsServiceDatabaseMigrationService is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceDatabaseMigrationService = "database-migration-service" + + // IpamPublicAddressAwsServiceRedshift is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceRedshift = "redshift" + + // IpamPublicAddressAwsServiceElasticContainerService is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceElasticContainerService = "elastic-container-service" + + // IpamPublicAddressAwsServiceRelationalDatabaseService is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceRelationalDatabaseService = "relational-database-service" + + // IpamPublicAddressAwsServiceSiteToSiteVpn is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceSiteToSiteVpn = "site-to-site-vpn" + + // IpamPublicAddressAwsServiceLoadBalancer is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceLoadBalancer = "load-balancer" + + // IpamPublicAddressAwsServiceGlobalAccelerator is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceGlobalAccelerator = "global-accelerator" + + // IpamPublicAddressAwsServiceOther is a IpamPublicAddressAwsService enum value + IpamPublicAddressAwsServiceOther = "other" +) + +// IpamPublicAddressAwsService_Values returns all elements of the IpamPublicAddressAwsService enum +func IpamPublicAddressAwsService_Values() []string { + return []string{ + IpamPublicAddressAwsServiceNatGateway, + IpamPublicAddressAwsServiceDatabaseMigrationService, + IpamPublicAddressAwsServiceRedshift, + IpamPublicAddressAwsServiceElasticContainerService, + IpamPublicAddressAwsServiceRelationalDatabaseService, + IpamPublicAddressAwsServiceSiteToSiteVpn, + IpamPublicAddressAwsServiceLoadBalancer, + IpamPublicAddressAwsServiceGlobalAccelerator, + IpamPublicAddressAwsServiceOther, + } +} + +const ( + // IpamPublicAddressTypeServiceManagedIp is a IpamPublicAddressType enum value + IpamPublicAddressTypeServiceManagedIp = "service-managed-ip" + + // IpamPublicAddressTypeServiceManagedByoip is a IpamPublicAddressType enum value + IpamPublicAddressTypeServiceManagedByoip = "service-managed-byoip" + + // IpamPublicAddressTypeAmazonOwnedEip is a IpamPublicAddressType enum value + IpamPublicAddressTypeAmazonOwnedEip = "amazon-owned-eip" + + // IpamPublicAddressTypeByoip is a IpamPublicAddressType enum value + IpamPublicAddressTypeByoip = "byoip" + + // IpamPublicAddressTypeEc2PublicIp is a IpamPublicAddressType enum value + IpamPublicAddressTypeEc2PublicIp = "ec2-public-ip" +) + +// IpamPublicAddressType_Values returns all elements of the IpamPublicAddressType enum +func IpamPublicAddressType_Values() []string { + return []string{ + IpamPublicAddressTypeServiceManagedIp, + IpamPublicAddressTypeServiceManagedByoip, + IpamPublicAddressTypeAmazonOwnedEip, + IpamPublicAddressTypeByoip, + IpamPublicAddressTypeEc2PublicIp, + } +} + const ( // IpamResourceDiscoveryAssociationStateAssociateInProgress is a IpamResourceDiscoveryAssociationState enum value IpamResourceDiscoveryAssociationStateAssociateInProgress = "associate-in-progress" @@ -187896,6 +195863,9 @@ const ( // IpamResourceTypeIpv6Pool is a IpamResourceType enum value IpamResourceTypeIpv6Pool = "ipv6-pool" + + // IpamResourceTypeEni is a IpamResourceType enum value + IpamResourceTypeEni = "eni" ) // IpamResourceType_Values returns all elements of the IpamResourceType enum @@ -187906,6 +195876,7 @@ func IpamResourceType_Values() []string { IpamResourceTypeEip, IpamResourceTypePublicIpv4Pool, IpamResourceTypeIpv6Pool, + IpamResourceTypeEni, } } @@ -188037,6 +196008,22 @@ func IpamState_Values() []string { } } +const ( + // IpamTierFree is a IpamTier enum value + IpamTierFree = "free" + + // IpamTierAdvanced is a IpamTier enum value + IpamTierAdvanced = "advanced" +) + +// IpamTier_Values returns all elements of the IpamTier enum +func IpamTier_Values() []string { + return []string{ + IpamTierFree, + IpamTierAdvanced, + } +} + const ( // Ipv6SupportValueEnable is a Ipv6SupportValue enum value Ipv6SupportValueEnable = "enable" @@ -188366,6 +196353,9 @@ const ( // LocationTypeAvailabilityZoneId is a LocationType enum value LocationTypeAvailabilityZoneId = "availability-zone-id" + + // LocationTypeOutpost is a LocationType enum value + LocationTypeOutpost = "outpost" ) // LocationType_Values returns all elements of the LocationType enum @@ -188374,6 +196364,47 @@ func LocationType_Values() []string { LocationTypeRegion, LocationTypeAvailabilityZone, LocationTypeAvailabilityZoneId, + LocationTypeOutpost, + } +} + +const ( + // LockModeCompliance is a LockMode enum value + LockModeCompliance = "compliance" + + // LockModeGovernance is a LockMode enum value + LockModeGovernance = "governance" +) + +// LockMode_Values returns all elements of the LockMode enum +func LockMode_Values() []string { + return []string{ + LockModeCompliance, + LockModeGovernance, + } +} + +const ( + // LockStateCompliance is a LockState enum value + LockStateCompliance = "compliance" + + // LockStateGovernance is a LockState enum value + LockStateGovernance = "governance" + + // LockStateComplianceCooloff is a LockState enum value + LockStateComplianceCooloff = "compliance-cooloff" + + // LockStateExpired is a LockState enum value + LockStateExpired = "expired" +) + +// LockState_Values returns all elements of the LockState enum +func LockState_Values() []string { + return []string{ + LockStateCompliance, + LockStateGovernance, + LockStateComplianceCooloff, + LockStateExpired, } } @@ -188400,12 +196431,16 @@ func LogDestinationType_Values() []string { const ( // MarketTypeSpot is a MarketType enum value MarketTypeSpot = "spot" + + // MarketTypeCapacityBlock is a MarketType enum value + MarketTypeCapacityBlock = "capacity-block" ) // MarketType_Values returns all elements of the MarketType enum func MarketType_Values() []string { return []string{ MarketTypeSpot, + MarketTypeCapacityBlock, } } @@ -188757,6 +196792,22 @@ func NitroEnclavesSupport_Values() []string { } } +const ( + // NitroTpmSupportUnsupported is a NitroTpmSupport enum value + NitroTpmSupportUnsupported = "unsupported" + + // NitroTpmSupportSupported is a NitroTpmSupport enum value + NitroTpmSupportSupported = "supported" +) + +// NitroTpmSupport_Values returns all elements of the NitroTpmSupport enum +func NitroTpmSupport_Values() []string { + return []string{ + NitroTpmSupportUnsupported, + NitroTpmSupportSupported, + } +} + const ( // OfferingClassTypeStandard is a OfferingClassType enum value OfferingClassTypeStandard = "standard" @@ -189817,6 +197868,26 @@ func RuleAction_Values() []string { } } +const ( + // SSETypeSseEbs is a SSEType enum value + SSETypeSseEbs = "sse-ebs" + + // SSETypeSseKms is a SSEType enum value + SSETypeSseKms = "sse-kms" + + // SSETypeNone is a SSEType enum value + SSETypeNone = "none" +) + +// SSEType_Values returns all elements of the SSEType enum +func SSEType_Values() []string { + return []string{ + SSETypeSseEbs, + SSETypeSseKms, + SSETypeNone, + } +} + const ( // ScopeAvailabilityZone is a Scope enum value ScopeAvailabilityZone = "Availability Zone" @@ -189833,6 +197904,22 @@ func Scope_Values() []string { } } +const ( + // SecurityGroupReferencingSupportValueEnable is a SecurityGroupReferencingSupportValue enum value + SecurityGroupReferencingSupportValueEnable = "enable" + + // SecurityGroupReferencingSupportValueDisable is a SecurityGroupReferencingSupportValue enum value + SecurityGroupReferencingSupportValueDisable = "disable" +) + +// SecurityGroupReferencingSupportValue_Values returns all elements of the SecurityGroupReferencingSupportValue enum +func SecurityGroupReferencingSupportValue_Values() []string { + return []string{ + SecurityGroupReferencingSupportValueEnable, + SecurityGroupReferencingSupportValueDisable, + } +} + const ( // SelfServicePortalEnabled is a SelfServicePortal enum value SelfServicePortalEnabled = "enabled" @@ -189945,6 +198032,26 @@ func SnapshotAttributeName_Values() []string { } } +const ( + // SnapshotBlockPublicAccessStateBlockAllSharing is a SnapshotBlockPublicAccessState enum value + SnapshotBlockPublicAccessStateBlockAllSharing = "block-all-sharing" + + // SnapshotBlockPublicAccessStateBlockNewSharing is a SnapshotBlockPublicAccessState enum value + SnapshotBlockPublicAccessStateBlockNewSharing = "block-new-sharing" + + // SnapshotBlockPublicAccessStateUnblocked is a SnapshotBlockPublicAccessState enum value + SnapshotBlockPublicAccessStateUnblocked = "unblocked" +) + +// SnapshotBlockPublicAccessState_Values returns all elements of the SnapshotBlockPublicAccessState enum +func SnapshotBlockPublicAccessState_Values() []string { + return []string{ + SnapshotBlockPublicAccessStateBlockAllSharing, + SnapshotBlockPublicAccessStateBlockNewSharing, + SnapshotBlockPublicAccessStateUnblocked, + } +} + const ( // SnapshotStatePending is a SnapshotState enum value SnapshotStatePending = "pending" @@ -190036,6 +198143,9 @@ const ( // SpotInstanceStateFailed is a SpotInstanceState enum value SpotInstanceStateFailed = "failed" + + // SpotInstanceStateDisabled is a SpotInstanceState enum value + SpotInstanceStateDisabled = "disabled" ) // SpotInstanceState_Values returns all elements of the SpotInstanceState enum @@ -190046,6 +198156,7 @@ func SpotInstanceState_Values() []string { SpotInstanceStateClosed, SpotInstanceStateCancelled, SpotInstanceStateFailed, + SpotInstanceStateDisabled, } } @@ -191095,6 +199206,9 @@ const ( // UsageClassTypeOnDemand is a UsageClassType enum value UsageClassTypeOnDemand = "on-demand" + + // UsageClassTypeCapacityBlock is a UsageClassType enum value + UsageClassTypeCapacityBlock = "capacity-block" ) // UsageClassType_Values returns all elements of the UsageClassType enum @@ -191102,6 +199216,7 @@ func UsageClassType_Values() []string { return []string{ UsageClassTypeSpot, UsageClassTypeOnDemand, + UsageClassTypeCapacityBlock, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go index 33214a6be6a10..fac6d14abc06e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go @@ -144,6 +144,10 @@ type EC2API interface { AssociateInstanceEventWindowWithContext(aws.Context, *ec2.AssociateInstanceEventWindowInput, ...request.Option) (*ec2.AssociateInstanceEventWindowOutput, error) AssociateInstanceEventWindowRequest(*ec2.AssociateInstanceEventWindowInput) (*request.Request, *ec2.AssociateInstanceEventWindowOutput) + AssociateIpamByoasn(*ec2.AssociateIpamByoasnInput) (*ec2.AssociateIpamByoasnOutput, error) + AssociateIpamByoasnWithContext(aws.Context, *ec2.AssociateIpamByoasnInput, ...request.Option) (*ec2.AssociateIpamByoasnOutput, error) + AssociateIpamByoasnRequest(*ec2.AssociateIpamByoasnInput) (*request.Request, *ec2.AssociateIpamByoasnOutput) + AssociateIpamResourceDiscovery(*ec2.AssociateIpamResourceDiscoveryInput) (*ec2.AssociateIpamResourceDiscoveryOutput, error) AssociateIpamResourceDiscoveryWithContext(aws.Context, *ec2.AssociateIpamResourceDiscoveryInput, ...request.Option) (*ec2.AssociateIpamResourceDiscoveryOutput, error) AssociateIpamResourceDiscoveryRequest(*ec2.AssociateIpamResourceDiscoveryInput) (*request.Request, *ec2.AssociateIpamResourceDiscoveryOutput) @@ -904,6 +908,10 @@ type EC2API interface { DeprovisionByoipCidrWithContext(aws.Context, *ec2.DeprovisionByoipCidrInput, ...request.Option) (*ec2.DeprovisionByoipCidrOutput, error) DeprovisionByoipCidrRequest(*ec2.DeprovisionByoipCidrInput) (*request.Request, *ec2.DeprovisionByoipCidrOutput) + DeprovisionIpamByoasn(*ec2.DeprovisionIpamByoasnInput) (*ec2.DeprovisionIpamByoasnOutput, error) + DeprovisionIpamByoasnWithContext(aws.Context, *ec2.DeprovisionIpamByoasnInput, ...request.Option) (*ec2.DeprovisionIpamByoasnOutput, error) + DeprovisionIpamByoasnRequest(*ec2.DeprovisionIpamByoasnInput) (*request.Request, *ec2.DeprovisionIpamByoasnOutput) + DeprovisionIpamPoolCidr(*ec2.DeprovisionIpamPoolCidrInput) (*ec2.DeprovisionIpamPoolCidrOutput, error) DeprovisionIpamPoolCidrWithContext(aws.Context, *ec2.DeprovisionIpamPoolCidrInput, ...request.Option) (*ec2.DeprovisionIpamPoolCidrOutput, error) DeprovisionIpamPoolCidrRequest(*ec2.DeprovisionIpamPoolCidrInput) (*request.Request, *ec2.DeprovisionIpamPoolCidrOutput) @@ -976,6 +984,13 @@ type EC2API interface { DescribeByoipCidrsPages(*ec2.DescribeByoipCidrsInput, func(*ec2.DescribeByoipCidrsOutput, bool) bool) error DescribeByoipCidrsPagesWithContext(aws.Context, *ec2.DescribeByoipCidrsInput, func(*ec2.DescribeByoipCidrsOutput, bool) bool, ...request.Option) error + DescribeCapacityBlockOfferings(*ec2.DescribeCapacityBlockOfferingsInput) (*ec2.DescribeCapacityBlockOfferingsOutput, error) + DescribeCapacityBlockOfferingsWithContext(aws.Context, *ec2.DescribeCapacityBlockOfferingsInput, ...request.Option) (*ec2.DescribeCapacityBlockOfferingsOutput, error) + DescribeCapacityBlockOfferingsRequest(*ec2.DescribeCapacityBlockOfferingsInput) (*request.Request, *ec2.DescribeCapacityBlockOfferingsOutput) + + DescribeCapacityBlockOfferingsPages(*ec2.DescribeCapacityBlockOfferingsInput, func(*ec2.DescribeCapacityBlockOfferingsOutput, bool) bool) error + DescribeCapacityBlockOfferingsPagesWithContext(aws.Context, *ec2.DescribeCapacityBlockOfferingsInput, func(*ec2.DescribeCapacityBlockOfferingsOutput, bool) bool, ...request.Option) error + DescribeCapacityReservationFleets(*ec2.DescribeCapacityReservationFleetsInput) (*ec2.DescribeCapacityReservationFleetsOutput, error) DescribeCapacityReservationFleetsWithContext(aws.Context, *ec2.DescribeCapacityReservationFleetsInput, ...request.Option) (*ec2.DescribeCapacityReservationFleetsOutput, error) DescribeCapacityReservationFleetsRequest(*ec2.DescribeCapacityReservationFleetsInput) (*request.Request, *ec2.DescribeCapacityReservationFleetsOutput) @@ -1227,6 +1242,13 @@ type EC2API interface { DescribeInstanceStatusPages(*ec2.DescribeInstanceStatusInput, func(*ec2.DescribeInstanceStatusOutput, bool) bool) error DescribeInstanceStatusPagesWithContext(aws.Context, *ec2.DescribeInstanceStatusInput, func(*ec2.DescribeInstanceStatusOutput, bool) bool, ...request.Option) error + DescribeInstanceTopology(*ec2.DescribeInstanceTopologyInput) (*ec2.DescribeInstanceTopologyOutput, error) + DescribeInstanceTopologyWithContext(aws.Context, *ec2.DescribeInstanceTopologyInput, ...request.Option) (*ec2.DescribeInstanceTopologyOutput, error) + DescribeInstanceTopologyRequest(*ec2.DescribeInstanceTopologyInput) (*request.Request, *ec2.DescribeInstanceTopologyOutput) + + DescribeInstanceTopologyPages(*ec2.DescribeInstanceTopologyInput, func(*ec2.DescribeInstanceTopologyOutput, bool) bool) error + DescribeInstanceTopologyPagesWithContext(aws.Context, *ec2.DescribeInstanceTopologyInput, func(*ec2.DescribeInstanceTopologyOutput, bool) bool, ...request.Option) error + DescribeInstanceTypeOfferings(*ec2.DescribeInstanceTypeOfferingsInput) (*ec2.DescribeInstanceTypeOfferingsOutput, error) DescribeInstanceTypeOfferingsWithContext(aws.Context, *ec2.DescribeInstanceTypeOfferingsInput, ...request.Option) (*ec2.DescribeInstanceTypeOfferingsOutput, error) DescribeInstanceTypeOfferingsRequest(*ec2.DescribeInstanceTypeOfferingsInput) (*request.Request, *ec2.DescribeInstanceTypeOfferingsOutput) @@ -1255,6 +1277,10 @@ type EC2API interface { DescribeInternetGatewaysPages(*ec2.DescribeInternetGatewaysInput, func(*ec2.DescribeInternetGatewaysOutput, bool) bool) error DescribeInternetGatewaysPagesWithContext(aws.Context, *ec2.DescribeInternetGatewaysInput, func(*ec2.DescribeInternetGatewaysOutput, bool) bool, ...request.Option) error + DescribeIpamByoasn(*ec2.DescribeIpamByoasnInput) (*ec2.DescribeIpamByoasnOutput, error) + DescribeIpamByoasnWithContext(aws.Context, *ec2.DescribeIpamByoasnInput, ...request.Option) (*ec2.DescribeIpamByoasnOutput, error) + DescribeIpamByoasnRequest(*ec2.DescribeIpamByoasnInput) (*request.Request, *ec2.DescribeIpamByoasnOutput) + DescribeIpamPools(*ec2.DescribeIpamPoolsInput) (*ec2.DescribeIpamPoolsOutput, error) DescribeIpamPoolsWithContext(aws.Context, *ec2.DescribeIpamPoolsInput, ...request.Option) (*ec2.DescribeIpamPoolsOutput, error) DescribeIpamPoolsRequest(*ec2.DescribeIpamPoolsInput) (*request.Request, *ec2.DescribeIpamPoolsOutput) @@ -1357,6 +1383,10 @@ type EC2API interface { DescribeLocalGatewaysPages(*ec2.DescribeLocalGatewaysInput, func(*ec2.DescribeLocalGatewaysOutput, bool) bool) error DescribeLocalGatewaysPagesWithContext(aws.Context, *ec2.DescribeLocalGatewaysInput, func(*ec2.DescribeLocalGatewaysOutput, bool) bool, ...request.Option) error + DescribeLockedSnapshots(*ec2.DescribeLockedSnapshotsInput) (*ec2.DescribeLockedSnapshotsOutput, error) + DescribeLockedSnapshotsWithContext(aws.Context, *ec2.DescribeLockedSnapshotsInput, ...request.Option) (*ec2.DescribeLockedSnapshotsOutput, error) + DescribeLockedSnapshotsRequest(*ec2.DescribeLockedSnapshotsInput) (*request.Request, *ec2.DescribeLockedSnapshotsOutput) + DescribeManagedPrefixLists(*ec2.DescribeManagedPrefixListsInput) (*ec2.DescribeManagedPrefixListsOutput, error) DescribeManagedPrefixListsWithContext(aws.Context, *ec2.DescribeManagedPrefixListsInput, ...request.Option) (*ec2.DescribeManagedPrefixListsOutput, error) DescribeManagedPrefixListsRequest(*ec2.DescribeManagedPrefixListsInput) (*request.Request, *ec2.DescribeManagedPrefixListsOutput) @@ -1885,6 +1915,14 @@ type EC2API interface { DisableFastSnapshotRestoresWithContext(aws.Context, *ec2.DisableFastSnapshotRestoresInput, ...request.Option) (*ec2.DisableFastSnapshotRestoresOutput, error) DisableFastSnapshotRestoresRequest(*ec2.DisableFastSnapshotRestoresInput) (*request.Request, *ec2.DisableFastSnapshotRestoresOutput) + DisableImage(*ec2.DisableImageInput) (*ec2.DisableImageOutput, error) + DisableImageWithContext(aws.Context, *ec2.DisableImageInput, ...request.Option) (*ec2.DisableImageOutput, error) + DisableImageRequest(*ec2.DisableImageInput) (*request.Request, *ec2.DisableImageOutput) + + DisableImageBlockPublicAccess(*ec2.DisableImageBlockPublicAccessInput) (*ec2.DisableImageBlockPublicAccessOutput, error) + DisableImageBlockPublicAccessWithContext(aws.Context, *ec2.DisableImageBlockPublicAccessInput, ...request.Option) (*ec2.DisableImageBlockPublicAccessOutput, error) + DisableImageBlockPublicAccessRequest(*ec2.DisableImageBlockPublicAccessInput) (*request.Request, *ec2.DisableImageBlockPublicAccessOutput) + DisableImageDeprecation(*ec2.DisableImageDeprecationInput) (*ec2.DisableImageDeprecationOutput, error) DisableImageDeprecationWithContext(aws.Context, *ec2.DisableImageDeprecationInput, ...request.Option) (*ec2.DisableImageDeprecationOutput, error) DisableImageDeprecationRequest(*ec2.DisableImageDeprecationInput) (*request.Request, *ec2.DisableImageDeprecationOutput) @@ -1897,6 +1935,10 @@ type EC2API interface { DisableSerialConsoleAccessWithContext(aws.Context, *ec2.DisableSerialConsoleAccessInput, ...request.Option) (*ec2.DisableSerialConsoleAccessOutput, error) DisableSerialConsoleAccessRequest(*ec2.DisableSerialConsoleAccessInput) (*request.Request, *ec2.DisableSerialConsoleAccessOutput) + DisableSnapshotBlockPublicAccess(*ec2.DisableSnapshotBlockPublicAccessInput) (*ec2.DisableSnapshotBlockPublicAccessOutput, error) + DisableSnapshotBlockPublicAccessWithContext(aws.Context, *ec2.DisableSnapshotBlockPublicAccessInput, ...request.Option) (*ec2.DisableSnapshotBlockPublicAccessOutput, error) + DisableSnapshotBlockPublicAccessRequest(*ec2.DisableSnapshotBlockPublicAccessInput) (*request.Request, *ec2.DisableSnapshotBlockPublicAccessOutput) + DisableTransitGatewayRouteTablePropagation(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error) DisableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.DisableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error) DisableTransitGatewayRouteTablePropagationRequest(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.DisableTransitGatewayRouteTablePropagationOutput) @@ -1933,6 +1975,10 @@ type EC2API interface { DisassociateInstanceEventWindowWithContext(aws.Context, *ec2.DisassociateInstanceEventWindowInput, ...request.Option) (*ec2.DisassociateInstanceEventWindowOutput, error) DisassociateInstanceEventWindowRequest(*ec2.DisassociateInstanceEventWindowInput) (*request.Request, *ec2.DisassociateInstanceEventWindowOutput) + DisassociateIpamByoasn(*ec2.DisassociateIpamByoasnInput) (*ec2.DisassociateIpamByoasnOutput, error) + DisassociateIpamByoasnWithContext(aws.Context, *ec2.DisassociateIpamByoasnInput, ...request.Option) (*ec2.DisassociateIpamByoasnOutput, error) + DisassociateIpamByoasnRequest(*ec2.DisassociateIpamByoasnInput) (*request.Request, *ec2.DisassociateIpamByoasnOutput) + DisassociateIpamResourceDiscovery(*ec2.DisassociateIpamResourceDiscoveryInput) (*ec2.DisassociateIpamResourceDiscoveryOutput, error) DisassociateIpamResourceDiscoveryWithContext(aws.Context, *ec2.DisassociateIpamResourceDiscoveryInput, ...request.Option) (*ec2.DisassociateIpamResourceDiscoveryOutput, error) DisassociateIpamResourceDiscoveryRequest(*ec2.DisassociateIpamResourceDiscoveryInput) (*request.Request, *ec2.DisassociateIpamResourceDiscoveryOutput) @@ -1989,6 +2035,14 @@ type EC2API interface { EnableFastSnapshotRestoresWithContext(aws.Context, *ec2.EnableFastSnapshotRestoresInput, ...request.Option) (*ec2.EnableFastSnapshotRestoresOutput, error) EnableFastSnapshotRestoresRequest(*ec2.EnableFastSnapshotRestoresInput) (*request.Request, *ec2.EnableFastSnapshotRestoresOutput) + EnableImage(*ec2.EnableImageInput) (*ec2.EnableImageOutput, error) + EnableImageWithContext(aws.Context, *ec2.EnableImageInput, ...request.Option) (*ec2.EnableImageOutput, error) + EnableImageRequest(*ec2.EnableImageInput) (*request.Request, *ec2.EnableImageOutput) + + EnableImageBlockPublicAccess(*ec2.EnableImageBlockPublicAccessInput) (*ec2.EnableImageBlockPublicAccessOutput, error) + EnableImageBlockPublicAccessWithContext(aws.Context, *ec2.EnableImageBlockPublicAccessInput, ...request.Option) (*ec2.EnableImageBlockPublicAccessOutput, error) + EnableImageBlockPublicAccessRequest(*ec2.EnableImageBlockPublicAccessInput) (*request.Request, *ec2.EnableImageBlockPublicAccessOutput) + EnableImageDeprecation(*ec2.EnableImageDeprecationInput) (*ec2.EnableImageDeprecationOutput, error) EnableImageDeprecationWithContext(aws.Context, *ec2.EnableImageDeprecationInput, ...request.Option) (*ec2.EnableImageDeprecationOutput, error) EnableImageDeprecationRequest(*ec2.EnableImageDeprecationInput) (*request.Request, *ec2.EnableImageDeprecationOutput) @@ -2005,6 +2059,10 @@ type EC2API interface { EnableSerialConsoleAccessWithContext(aws.Context, *ec2.EnableSerialConsoleAccessInput, ...request.Option) (*ec2.EnableSerialConsoleAccessOutput, error) EnableSerialConsoleAccessRequest(*ec2.EnableSerialConsoleAccessInput) (*request.Request, *ec2.EnableSerialConsoleAccessOutput) + EnableSnapshotBlockPublicAccess(*ec2.EnableSnapshotBlockPublicAccessInput) (*ec2.EnableSnapshotBlockPublicAccessOutput, error) + EnableSnapshotBlockPublicAccessWithContext(aws.Context, *ec2.EnableSnapshotBlockPublicAccessInput, ...request.Option) (*ec2.EnableSnapshotBlockPublicAccessOutput, error) + EnableSnapshotBlockPublicAccessRequest(*ec2.EnableSnapshotBlockPublicAccessInput) (*request.Request, *ec2.EnableSnapshotBlockPublicAccessOutput) + EnableTransitGatewayRouteTablePropagation(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error) EnableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.EnableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error) EnableTransitGatewayRouteTablePropagationRequest(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.EnableTransitGatewayRouteTablePropagationOutput) @@ -2102,6 +2160,10 @@ type EC2API interface { GetHostReservationPurchasePreviewWithContext(aws.Context, *ec2.GetHostReservationPurchasePreviewInput, ...request.Option) (*ec2.GetHostReservationPurchasePreviewOutput, error) GetHostReservationPurchasePreviewRequest(*ec2.GetHostReservationPurchasePreviewInput) (*request.Request, *ec2.GetHostReservationPurchasePreviewOutput) + GetImageBlockPublicAccessState(*ec2.GetImageBlockPublicAccessStateInput) (*ec2.GetImageBlockPublicAccessStateOutput, error) + GetImageBlockPublicAccessStateWithContext(aws.Context, *ec2.GetImageBlockPublicAccessStateInput, ...request.Option) (*ec2.GetImageBlockPublicAccessStateOutput, error) + GetImageBlockPublicAccessStateRequest(*ec2.GetImageBlockPublicAccessStateInput) (*request.Request, *ec2.GetImageBlockPublicAccessStateOutput) + GetInstanceTypesFromInstanceRequirements(*ec2.GetInstanceTypesFromInstanceRequirementsInput) (*ec2.GetInstanceTypesFromInstanceRequirementsOutput, error) GetInstanceTypesFromInstanceRequirementsWithContext(aws.Context, *ec2.GetInstanceTypesFromInstanceRequirementsInput, ...request.Option) (*ec2.GetInstanceTypesFromInstanceRequirementsOutput, error) GetInstanceTypesFromInstanceRequirementsRequest(*ec2.GetInstanceTypesFromInstanceRequirementsInput) (*request.Request, *ec2.GetInstanceTypesFromInstanceRequirementsOutput) @@ -2127,6 +2189,10 @@ type EC2API interface { GetIpamDiscoveredAccountsPages(*ec2.GetIpamDiscoveredAccountsInput, func(*ec2.GetIpamDiscoveredAccountsOutput, bool) bool) error GetIpamDiscoveredAccountsPagesWithContext(aws.Context, *ec2.GetIpamDiscoveredAccountsInput, func(*ec2.GetIpamDiscoveredAccountsOutput, bool) bool, ...request.Option) error + GetIpamDiscoveredPublicAddresses(*ec2.GetIpamDiscoveredPublicAddressesInput) (*ec2.GetIpamDiscoveredPublicAddressesOutput, error) + GetIpamDiscoveredPublicAddressesWithContext(aws.Context, *ec2.GetIpamDiscoveredPublicAddressesInput, ...request.Option) (*ec2.GetIpamDiscoveredPublicAddressesOutput, error) + GetIpamDiscoveredPublicAddressesRequest(*ec2.GetIpamDiscoveredPublicAddressesInput) (*request.Request, *ec2.GetIpamDiscoveredPublicAddressesOutput) + GetIpamDiscoveredResourceCidrs(*ec2.GetIpamDiscoveredResourceCidrsInput) (*ec2.GetIpamDiscoveredResourceCidrsOutput, error) GetIpamDiscoveredResourceCidrsWithContext(aws.Context, *ec2.GetIpamDiscoveredResourceCidrsInput, ...request.Option) (*ec2.GetIpamDiscoveredResourceCidrsOutput, error) GetIpamDiscoveredResourceCidrsRequest(*ec2.GetIpamDiscoveredResourceCidrsInput) (*request.Request, *ec2.GetIpamDiscoveredResourceCidrsOutput) @@ -2192,10 +2258,21 @@ type EC2API interface { GetReservedInstancesExchangeQuoteWithContext(aws.Context, *ec2.GetReservedInstancesExchangeQuoteInput, ...request.Option) (*ec2.GetReservedInstancesExchangeQuoteOutput, error) GetReservedInstancesExchangeQuoteRequest(*ec2.GetReservedInstancesExchangeQuoteInput) (*request.Request, *ec2.GetReservedInstancesExchangeQuoteOutput) + GetSecurityGroupsForVpc(*ec2.GetSecurityGroupsForVpcInput) (*ec2.GetSecurityGroupsForVpcOutput, error) + GetSecurityGroupsForVpcWithContext(aws.Context, *ec2.GetSecurityGroupsForVpcInput, ...request.Option) (*ec2.GetSecurityGroupsForVpcOutput, error) + GetSecurityGroupsForVpcRequest(*ec2.GetSecurityGroupsForVpcInput) (*request.Request, *ec2.GetSecurityGroupsForVpcOutput) + + GetSecurityGroupsForVpcPages(*ec2.GetSecurityGroupsForVpcInput, func(*ec2.GetSecurityGroupsForVpcOutput, bool) bool) error + GetSecurityGroupsForVpcPagesWithContext(aws.Context, *ec2.GetSecurityGroupsForVpcInput, func(*ec2.GetSecurityGroupsForVpcOutput, bool) bool, ...request.Option) error + GetSerialConsoleAccessStatus(*ec2.GetSerialConsoleAccessStatusInput) (*ec2.GetSerialConsoleAccessStatusOutput, error) GetSerialConsoleAccessStatusWithContext(aws.Context, *ec2.GetSerialConsoleAccessStatusInput, ...request.Option) (*ec2.GetSerialConsoleAccessStatusOutput, error) GetSerialConsoleAccessStatusRequest(*ec2.GetSerialConsoleAccessStatusInput) (*request.Request, *ec2.GetSerialConsoleAccessStatusOutput) + GetSnapshotBlockPublicAccessState(*ec2.GetSnapshotBlockPublicAccessStateInput) (*ec2.GetSnapshotBlockPublicAccessStateOutput, error) + GetSnapshotBlockPublicAccessStateWithContext(aws.Context, *ec2.GetSnapshotBlockPublicAccessStateInput, ...request.Option) (*ec2.GetSnapshotBlockPublicAccessStateOutput, error) + GetSnapshotBlockPublicAccessStateRequest(*ec2.GetSnapshotBlockPublicAccessStateInput) (*request.Request, *ec2.GetSnapshotBlockPublicAccessStateOutput) + GetSpotPlacementScores(*ec2.GetSpotPlacementScoresInput) (*ec2.GetSpotPlacementScoresOutput, error) GetSpotPlacementScoresWithContext(aws.Context, *ec2.GetSpotPlacementScoresInput, ...request.Option) (*ec2.GetSpotPlacementScoresOutput, error) GetSpotPlacementScoresRequest(*ec2.GetSpotPlacementScoresInput) (*request.Request, *ec2.GetSpotPlacementScoresOutput) @@ -2314,6 +2391,10 @@ type EC2API interface { ListSnapshotsInRecycleBinPages(*ec2.ListSnapshotsInRecycleBinInput, func(*ec2.ListSnapshotsInRecycleBinOutput, bool) bool) error ListSnapshotsInRecycleBinPagesWithContext(aws.Context, *ec2.ListSnapshotsInRecycleBinInput, func(*ec2.ListSnapshotsInRecycleBinOutput, bool) bool, ...request.Option) error + LockSnapshot(*ec2.LockSnapshotInput) (*ec2.LockSnapshotOutput, error) + LockSnapshotWithContext(aws.Context, *ec2.LockSnapshotInput, ...request.Option) (*ec2.LockSnapshotOutput, error) + LockSnapshotRequest(*ec2.LockSnapshotInput) (*request.Request, *ec2.LockSnapshotOutput) + ModifyAddressAttribute(*ec2.ModifyAddressAttributeInput) (*ec2.ModifyAddressAttributeOutput, error) ModifyAddressAttributeWithContext(aws.Context, *ec2.ModifyAddressAttributeInput, ...request.Option) (*ec2.ModifyAddressAttributeOutput, error) ModifyAddressAttributeRequest(*ec2.ModifyAddressAttributeInput) (*request.Request, *ec2.ModifyAddressAttributeOutput) @@ -2586,6 +2667,10 @@ type EC2API interface { ProvisionByoipCidrWithContext(aws.Context, *ec2.ProvisionByoipCidrInput, ...request.Option) (*ec2.ProvisionByoipCidrOutput, error) ProvisionByoipCidrRequest(*ec2.ProvisionByoipCidrInput) (*request.Request, *ec2.ProvisionByoipCidrOutput) + ProvisionIpamByoasn(*ec2.ProvisionIpamByoasnInput) (*ec2.ProvisionIpamByoasnOutput, error) + ProvisionIpamByoasnWithContext(aws.Context, *ec2.ProvisionIpamByoasnInput, ...request.Option) (*ec2.ProvisionIpamByoasnOutput, error) + ProvisionIpamByoasnRequest(*ec2.ProvisionIpamByoasnInput) (*request.Request, *ec2.ProvisionIpamByoasnOutput) + ProvisionIpamPoolCidr(*ec2.ProvisionIpamPoolCidrInput) (*ec2.ProvisionIpamPoolCidrOutput, error) ProvisionIpamPoolCidrWithContext(aws.Context, *ec2.ProvisionIpamPoolCidrInput, ...request.Option) (*ec2.ProvisionIpamPoolCidrOutput, error) ProvisionIpamPoolCidrRequest(*ec2.ProvisionIpamPoolCidrInput) (*request.Request, *ec2.ProvisionIpamPoolCidrOutput) @@ -2594,6 +2679,10 @@ type EC2API interface { ProvisionPublicIpv4PoolCidrWithContext(aws.Context, *ec2.ProvisionPublicIpv4PoolCidrInput, ...request.Option) (*ec2.ProvisionPublicIpv4PoolCidrOutput, error) ProvisionPublicIpv4PoolCidrRequest(*ec2.ProvisionPublicIpv4PoolCidrInput) (*request.Request, *ec2.ProvisionPublicIpv4PoolCidrOutput) + PurchaseCapacityBlock(*ec2.PurchaseCapacityBlockInput) (*ec2.PurchaseCapacityBlockOutput, error) + PurchaseCapacityBlockWithContext(aws.Context, *ec2.PurchaseCapacityBlockInput, ...request.Option) (*ec2.PurchaseCapacityBlockOutput, error) + PurchaseCapacityBlockRequest(*ec2.PurchaseCapacityBlockInput) (*request.Request, *ec2.PurchaseCapacityBlockOutput) + PurchaseHostReservation(*ec2.PurchaseHostReservationInput) (*ec2.PurchaseHostReservationOutput, error) PurchaseHostReservationWithContext(aws.Context, *ec2.PurchaseHostReservationInput, ...request.Option) (*ec2.PurchaseHostReservationOutput, error) PurchaseHostReservationRequest(*ec2.PurchaseHostReservationInput) (*request.Request, *ec2.PurchaseHostReservationOutput) @@ -2828,6 +2917,10 @@ type EC2API interface { UnassignPrivateNatGatewayAddressWithContext(aws.Context, *ec2.UnassignPrivateNatGatewayAddressInput, ...request.Option) (*ec2.UnassignPrivateNatGatewayAddressOutput, error) UnassignPrivateNatGatewayAddressRequest(*ec2.UnassignPrivateNatGatewayAddressInput) (*request.Request, *ec2.UnassignPrivateNatGatewayAddressOutput) + UnlockSnapshot(*ec2.UnlockSnapshotInput) (*ec2.UnlockSnapshotOutput, error) + UnlockSnapshotWithContext(aws.Context, *ec2.UnlockSnapshotInput, ...request.Option) (*ec2.UnlockSnapshotOutput, error) + UnlockSnapshotRequest(*ec2.UnlockSnapshotInput) (*request.Request, *ec2.UnlockSnapshotOutput) + UnmonitorInstances(*ec2.UnmonitorInstancesInput) (*ec2.UnmonitorInstancesOutput, error) UnmonitorInstancesWithContext(aws.Context, *ec2.UnmonitorInstancesInput, ...request.Option) (*ec2.UnmonitorInstancesOutput, error) UnmonitorInstancesRequest(*ec2.UnmonitorInstancesInput) (*request.Request, *ec2.UnmonitorInstancesOutput) @@ -2916,6 +3009,9 @@ type EC2API interface { WaitUntilSpotInstanceRequestFulfilled(*ec2.DescribeSpotInstanceRequestsInput) error WaitUntilSpotInstanceRequestFulfilledWithContext(aws.Context, *ec2.DescribeSpotInstanceRequestsInput, ...request.WaiterOption) error + WaitUntilStoreImageTaskComplete(*ec2.DescribeStoreImageTasksInput) error + WaitUntilStoreImageTaskCompleteWithContext(aws.Context, *ec2.DescribeStoreImageTasksInput, ...request.WaiterOption) error + WaitUntilSubnetAvailable(*ec2.DescribeSubnetsInput) error WaitUntilSubnetAvailableWithContext(aws.Context, *ec2.DescribeSubnetsInput, ...request.WaiterOption) error diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go index a970f12fbf1bc..6dc68faf7a8d7 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go @@ -1283,6 +1283,62 @@ func (c *EC2) WaitUntilSpotInstanceRequestFulfilledWithContext(ctx aws.Context, return w.WaitWithContext(ctx) } +// WaitUntilStoreImageTaskComplete uses the Amazon EC2 API operation +// DescribeStoreImageTasks to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *EC2) WaitUntilStoreImageTaskComplete(input *DescribeStoreImageTasksInput) error { + return c.WaitUntilStoreImageTaskCompleteWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilStoreImageTaskCompleteWithContext is an extended version of WaitUntilStoreImageTaskComplete. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) WaitUntilStoreImageTaskCompleteWithContext(ctx aws.Context, input *DescribeStoreImageTasksInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilStoreImageTaskComplete", + MaxAttempts: 40, + Delay: request.ConstantWaiterDelay(5 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathAllWaiterMatch, Argument: "StoreImageTaskResults[].StoreTaskState", + Expected: "Completed", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "StoreImageTaskResults[].StoreTaskState", + Expected: "Failed", + }, + { + State: request.RetryWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "StoreImageTaskResults[].StoreTaskState", + Expected: "InProgress", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeStoreImageTasksInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeStoreImageTasksRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} + // WaitUntilSubnetAvailable uses the Amazon EC2 API operation // DescribeSubnets to wait for a condition to be met before returning. // If the condition is not met within the max attempt window, an error will diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go index 643b4fb74c2ee..406c1bc7f019d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go @@ -152,7 +152,7 @@ func (c *ELBV2) AddTagsRequest(input *AddTagsInput) (req *request.Request, outpu // // Adds the specified tags to the specified Elastic Load Balancing resource. // You can tag your Application Load Balancers, Network Load Balancers, Gateway -// Load Balancers, target groups, listeners, and rules. +// Load Balancers, target groups, trust stores, listeners, and rules. // // Each tag consists of a key and an optional value. If a resource already has // a tag with the same key, AddTags updates its value. @@ -170,7 +170,7 @@ func (c *ELBV2) AddTagsRequest(input *AddTagsInput) (req *request.Request, outpu // A tag key was specified more than once. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. // // - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" // The specified load balancer does not exist. @@ -184,6 +184,9 @@ func (c *ELBV2) AddTagsRequest(input *AddTagsInput) (req *request.Request, outpu // - ErrCodeRuleNotFoundException "RuleNotFound" // The specified rule does not exist. // +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AddTags func (c *ELBV2) AddTags(input *AddTagsInput) (*AddTagsOutput, error) { req, out := c.AddTagsRequest(input) @@ -206,6 +209,94 @@ func (c *ELBV2) AddTagsWithContext(ctx aws.Context, input *AddTagsInput, opts .. return out, req.Send() } +const opAddTrustStoreRevocations = "AddTrustStoreRevocations" + +// AddTrustStoreRevocationsRequest generates a "aws/request.Request" representing the +// client's request for the AddTrustStoreRevocations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AddTrustStoreRevocations for more information on using the AddTrustStoreRevocations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the AddTrustStoreRevocationsRequest method. +// req, resp := client.AddTrustStoreRevocationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AddTrustStoreRevocations +func (c *ELBV2) AddTrustStoreRevocationsRequest(input *AddTrustStoreRevocationsInput) (req *request.Request, output *AddTrustStoreRevocationsOutput) { + op := &request.Operation{ + Name: opAddTrustStoreRevocations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AddTrustStoreRevocationsInput{} + } + + output = &AddTrustStoreRevocationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// AddTrustStoreRevocations API operation for Elastic Load Balancing. +// +// Adds the specified revocation file to the specified trust store. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation AddTrustStoreRevocations for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeInvalidRevocationContentException "InvalidRevocationContent" +// The provided revocation file is an invalid format, or uses an incorrect algorithm. +// +// - ErrCodeTooManyTrustStoreRevocationEntriesException "TooManyTrustStoreRevocationEntries" +// The specified trust store has too many revocation entries. +// +// - ErrCodeRevocationContentNotFoundException "RevocationContentNotFound" +// The specified revocation file does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AddTrustStoreRevocations +func (c *ELBV2) AddTrustStoreRevocations(input *AddTrustStoreRevocationsInput) (*AddTrustStoreRevocationsOutput, error) { + req, out := c.AddTrustStoreRevocationsRequest(input) + return out, req.Send() +} + +// AddTrustStoreRevocationsWithContext is the same as AddTrustStoreRevocations with the addition of +// the ability to pass a context and additional request options. +// +// See AddTrustStoreRevocations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) AddTrustStoreRevocationsWithContext(ctx aws.Context, input *AddTrustStoreRevocationsInput, opts ...request.Option) (*AddTrustStoreRevocationsOutput, error) { + req, out := c.AddTrustStoreRevocationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateListener = "CreateListener" // CreateListenerRequest generates a "aws/request.Request" representing the @@ -328,7 +419,13 @@ func (c *ELBV2) CreateListenerRequest(input *CreateListenerInput) (req *request. // The specified ALPN policy is not supported. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeTrustStoreNotReadyException "TrustStoreNotReady" +// The specified trust store is not active. // // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateListener func (c *ELBV2) CreateListener(input *CreateListenerInput) (*CreateListenerOutput, error) { @@ -442,7 +539,7 @@ func (c *ELBV2) CreateLoadBalancerRequest(input *CreateLoadBalancerInput) (req * // The requested scheme is not valid. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. // // - ErrCodeDuplicateTagKeysException "DuplicateTagKeys" // A tag key was specified more than once. @@ -590,7 +687,7 @@ func (c *ELBV2) CreateRuleRequest(input *CreateRuleInput) (req *request.Request, // load balancer, it is counted as only one use. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. // // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateRule func (c *ELBV2) CreateRule(input *CreateRuleInput) (*CreateRuleOutput, error) { @@ -691,7 +788,7 @@ func (c *ELBV2) CreateTargetGroupRequest(input *CreateTargetGroupInput) (req *re // The requested configuration is not valid. // // - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// You've reached the limit on the number of tags for this resource. // // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateTargetGroup func (c *ELBV2) CreateTargetGroup(input *CreateTargetGroupInput) (*CreateTargetGroupOutput, error) { @@ -715,6 +812,101 @@ func (c *ELBV2) CreateTargetGroupWithContext(ctx aws.Context, input *CreateTarge return out, req.Send() } +const opCreateTrustStore = "CreateTrustStore" + +// CreateTrustStoreRequest generates a "aws/request.Request" representing the +// client's request for the CreateTrustStore operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTrustStore for more information on using the CreateTrustStore +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTrustStoreRequest method. +// req, resp := client.CreateTrustStoreRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateTrustStore +func (c *ELBV2) CreateTrustStoreRequest(input *CreateTrustStoreInput) (req *request.Request, output *CreateTrustStoreOutput) { + op := &request.Operation{ + Name: opCreateTrustStore, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTrustStoreInput{} + } + + output = &CreateTrustStoreOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTrustStore API operation for Elastic Load Balancing. +// +// Creates a trust store. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation CreateTrustStore for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDuplicateTrustStoreNameException "DuplicateTrustStoreName" +// A trust store with the specified name already exists. +// +// - ErrCodeTooManyTrustStoresException "TooManyTrustStores" +// You've reached the limit on the number of trust stores for your Amazon Web +// Services account. +// +// - ErrCodeInvalidCaCertificatesBundleException "InvalidCaCertificatesBundle" +// The specified ca certificate bundle is in an invalid format, or corrupt. +// +// - ErrCodeCaCertificatesBundleNotFoundException "CaCertificatesBundleNotFound" +// The specified ca certificate bundle does not exist. +// +// - ErrCodeTooManyTagsException "TooManyTags" +// You've reached the limit on the number of tags for this resource. +// +// - ErrCodeDuplicateTagKeysException "DuplicateTagKeys" +// A tag key was specified more than once. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateTrustStore +func (c *ELBV2) CreateTrustStore(input *CreateTrustStoreInput) (*CreateTrustStoreOutput, error) { + req, out := c.CreateTrustStoreRequest(input) + return out, req.Send() +} + +// CreateTrustStoreWithContext is the same as CreateTrustStore with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTrustStore for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) CreateTrustStoreWithContext(ctx aws.Context, input *CreateTrustStoreInput, opts ...request.Option) (*CreateTrustStoreOutput, error) { + req, out := c.CreateTrustStoreRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteListener = "DeleteListener" // DeleteListenerRequest generates a "aws/request.Request" representing the @@ -1065,6 +1257,89 @@ func (c *ELBV2) DeleteTargetGroupWithContext(ctx aws.Context, input *DeleteTarge return out, req.Send() } +const opDeleteTrustStore = "DeleteTrustStore" + +// DeleteTrustStoreRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTrustStore operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTrustStore for more information on using the DeleteTrustStore +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteTrustStoreRequest method. +// req, resp := client.DeleteTrustStoreRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DeleteTrustStore +func (c *ELBV2) DeleteTrustStoreRequest(input *DeleteTrustStoreInput) (req *request.Request, output *DeleteTrustStoreOutput) { + op := &request.Operation{ + Name: opDeleteTrustStore, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTrustStoreInput{} + } + + output = &DeleteTrustStoreOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteTrustStore API operation for Elastic Load Balancing. +// +// Deletes a trust store. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation DeleteTrustStore for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeTrustStoreInUseException "TrustStoreInUse" +// The specified trust store is currently in use. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DeleteTrustStore +func (c *ELBV2) DeleteTrustStore(input *DeleteTrustStoreInput) (*DeleteTrustStoreOutput, error) { + req, out := c.DeleteTrustStoreRequest(input) + return out, req.Send() +} + +// DeleteTrustStoreWithContext is the same as DeleteTrustStore with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTrustStore for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) DeleteTrustStoreWithContext(ctx aws.Context, input *DeleteTrustStoreInput, opts ...request.Option) (*DeleteTrustStoreOutput, error) { + req, out := c.DeleteTrustStoreRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeregisterTargets = "DeregisterTargets" // DeregisterTargetsRequest generates a "aws/request.Request" representing the @@ -1113,6 +1388,24 @@ func (c *ELBV2) DeregisterTargetsRequest(input *DeregisterTargetsInput) (req *re // the targets are deregistered, they no longer receive traffic from the load // balancer. // +// The load balancer stops sending requests to targets that are deregistering, +// but uses connection draining to ensure that in-flight traffic completes on +// the existing connections. This deregistration delay is configured by default +// but can be updated for each target group. +// +// For more information, see the following: +// +// - Deregistration delay (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#deregistration-delay) +// in the Application Load Balancers User Guide +// +// - Deregistration delay (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#deregistration-delay) +// in the Network Load Balancers User Guide +// +// - Deregistration delay (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/target-groups.html#deregistration-delay) +// in the Gateway Load Balancers User Guide +// +// Note: If the specified target does not exist, the action returns successfully. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1925,6 +2218,9 @@ func (c *ELBV2) DescribeTagsRequest(input *DescribeTagsInput) (req *request.Requ // - ErrCodeRuleNotFoundException "RuleNotFound" // The specified rule does not exist. // +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTags func (c *ELBV2) DescribeTags(input *DescribeTagsInput) (*DescribeTagsOutput, error) { req, out := c.DescribeTagsRequest(input) @@ -2265,1204 +2561,2906 @@ func (c *ELBV2) DescribeTargetHealthWithContext(ctx aws.Context, input *Describe return out, req.Send() } -const opModifyListener = "ModifyListener" +const opDescribeTrustStoreAssociations = "DescribeTrustStoreAssociations" -// ModifyListenerRequest generates a "aws/request.Request" representing the -// client's request for the ModifyListener operation. The "output" return +// DescribeTrustStoreAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrustStoreAssociations operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyListener for more information on using the ModifyListener +// See DescribeTrustStoreAssociations for more information on using the DescribeTrustStoreAssociations // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyListenerRequest method. -// req, resp := client.ModifyListenerRequest(params) +// // Example sending a request using the DescribeTrustStoreAssociationsRequest method. +// req, resp := client.DescribeTrustStoreAssociationsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListener -func (c *ELBV2) ModifyListenerRequest(input *ModifyListenerInput) (req *request.Request, output *ModifyListenerOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStoreAssociations +func (c *ELBV2) DescribeTrustStoreAssociationsRequest(input *DescribeTrustStoreAssociationsInput) (req *request.Request, output *DescribeTrustStoreAssociationsOutput) { op := &request.Operation{ - Name: opModifyListener, + Name: opDescribeTrustStoreAssociations, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "PageSize", + TruncationToken: "", + }, } if input == nil { - input = &ModifyListenerInput{} + input = &DescribeTrustStoreAssociationsInput{} } - output = &ModifyListenerOutput{} + output = &DescribeTrustStoreAssociationsOutput{} req = c.newRequest(op, input, output) return } -// ModifyListener API operation for Elastic Load Balancing. -// -// Replaces the specified properties of the specified listener. Any properties -// that you do not specify remain unchanged. -// -// Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the -// security policy and default certificate properties. If you change the protocol -// from HTTP to HTTPS, or from TCP to TLS, you must add the security policy -// and default certificate properties. +// DescribeTrustStoreAssociations API operation for Elastic Load Balancing. // -// To add an item to a list, remove an item from a list, or update an item in -// a list, you must provide the entire list. For example, to add an action, -// specify a list with the current actions plus the new action. +// Describes all resources associated with the specified trust store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyListener for usage and error information. +// API operation DescribeTrustStoreAssociations for usage and error information. // // Returned Error Codes: +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeDuplicateListenerException "DuplicateListener" -// A listener with the specified port already exists. -// -// - ErrCodeTooManyListenersException "TooManyListeners" -// You've reached the limit on the number of listeners per load balancer. -// -// - ErrCodeTooManyCertificatesException "TooManyCertificates" -// You've reached the limit on the number of certificates per load balancer. +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStoreAssociations +func (c *ELBV2) DescribeTrustStoreAssociations(input *DescribeTrustStoreAssociationsInput) (*DescribeTrustStoreAssociationsOutput, error) { + req, out := c.DescribeTrustStoreAssociationsRequest(input) + return out, req.Send() +} + +// DescribeTrustStoreAssociationsWithContext is the same as DescribeTrustStoreAssociations with the addition of +// the ability to pass a context and additional request options. // -// - ErrCodeListenerNotFoundException "ListenerNotFound" -// The specified listener does not exist. +// See DescribeTrustStoreAssociations for details on how to use this API operation. // -// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" -// The specified target group does not exist. +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) DescribeTrustStoreAssociationsWithContext(ctx aws.Context, input *DescribeTrustStoreAssociationsInput, opts ...request.Option) (*DescribeTrustStoreAssociationsOutput, error) { + req, out := c.DescribeTrustStoreAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTrustStoreAssociationsPages iterates over the pages of a DescribeTrustStoreAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. // -// - ErrCodeTargetGroupAssociationLimitException "TargetGroupAssociationLimit" -// You've reached the limit on the number of load balancers per target group. +// See DescribeTrustStoreAssociations method for more information on how to use this operation. // -// - ErrCodeIncompatibleProtocolsException "IncompatibleProtocols" -// The specified configuration is not valid with this protocol. +// Note: This operation can generate multiple requests to a service. // -// - ErrCodeSSLPolicyNotFoundException "SSLPolicyNotFound" -// The specified SSL policy does not exist. -// -// - ErrCodeCertificateNotFoundException "CertificateNotFound" -// The specified certificate does not exist. -// -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. -// -// - ErrCodeUnsupportedProtocolException "UnsupportedProtocol" -// The specified protocol is not supported. -// -// - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" -// You've reached the limit on the number of times a target can be registered -// with a load balancer. -// -// - ErrCodeTooManyTargetsException "TooManyTargets" -// You've reached the limit on the number of targets. -// -// - ErrCodeTooManyActionsException "TooManyActions" -// You've reached the limit on the number of actions per rule. -// -// - ErrCodeInvalidLoadBalancerActionException "InvalidLoadBalancerAction" -// The requested action is not valid. -// -// - ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException "TooManyUniqueTargetGroupsPerLoadBalancer" -// You've reached the limit on the number of unique target groups per load balancer -// across all listeners. If a target group is used by multiple actions for a -// load balancer, it is counted as only one use. -// -// - ErrCodeALPNPolicyNotSupportedException "ALPNPolicyNotFound" -// The specified ALPN policy is not supported. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListener -func (c *ELBV2) ModifyListener(input *ModifyListenerInput) (*ModifyListenerOutput, error) { - req, out := c.ModifyListenerRequest(input) - return out, req.Send() +// // Example iterating over at most 3 pages of a DescribeTrustStoreAssociations operation. +// pageNum := 0 +// err := client.DescribeTrustStoreAssociationsPages(params, +// func(page *elbv2.DescribeTrustStoreAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *ELBV2) DescribeTrustStoreAssociationsPages(input *DescribeTrustStoreAssociationsInput, fn func(*DescribeTrustStoreAssociationsOutput, bool) bool) error { + return c.DescribeTrustStoreAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) } -// ModifyListenerWithContext is the same as ModifyListener with the addition of -// the ability to pass a context and additional request options. -// -// See ModifyListener for details on how to use this API operation. +// DescribeTrustStoreAssociationsPagesWithContext same as DescribeTrustStoreAssociationsPages except +// it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyListenerWithContext(ctx aws.Context, input *ModifyListenerInput, opts ...request.Option) (*ModifyListenerOutput, error) { - req, out := c.ModifyListenerRequest(input) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return out, req.Send() +func (c *ELBV2) DescribeTrustStoreAssociationsPagesWithContext(ctx aws.Context, input *DescribeTrustStoreAssociationsInput, fn func(*DescribeTrustStoreAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrustStoreAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrustStoreAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTrustStoreAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() } -const opModifyLoadBalancerAttributes = "ModifyLoadBalancerAttributes" +const opDescribeTrustStoreRevocations = "DescribeTrustStoreRevocations" -// ModifyLoadBalancerAttributesRequest generates a "aws/request.Request" representing the -// client's request for the ModifyLoadBalancerAttributes operation. The "output" return +// DescribeTrustStoreRevocationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrustStoreRevocations operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyLoadBalancerAttributes for more information on using the ModifyLoadBalancerAttributes +// See DescribeTrustStoreRevocations for more information on using the DescribeTrustStoreRevocations // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyLoadBalancerAttributesRequest method. -// req, resp := client.ModifyLoadBalancerAttributesRequest(params) +// // Example sending a request using the DescribeTrustStoreRevocationsRequest method. +// req, resp := client.DescribeTrustStoreRevocationsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyLoadBalancerAttributes -func (c *ELBV2) ModifyLoadBalancerAttributesRequest(input *ModifyLoadBalancerAttributesInput) (req *request.Request, output *ModifyLoadBalancerAttributesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStoreRevocations +func (c *ELBV2) DescribeTrustStoreRevocationsRequest(input *DescribeTrustStoreRevocationsInput) (req *request.Request, output *DescribeTrustStoreRevocationsOutput) { op := &request.Operation{ - Name: opModifyLoadBalancerAttributes, + Name: opDescribeTrustStoreRevocations, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "PageSize", + TruncationToken: "", + }, } if input == nil { - input = &ModifyLoadBalancerAttributesInput{} + input = &DescribeTrustStoreRevocationsInput{} } - output = &ModifyLoadBalancerAttributesOutput{} + output = &DescribeTrustStoreRevocationsOutput{} req = c.newRequest(op, input, output) return } -// ModifyLoadBalancerAttributes API operation for Elastic Load Balancing. -// -// Modifies the specified attributes of the specified Application Load Balancer, -// Network Load Balancer, or Gateway Load Balancer. +// DescribeTrustStoreRevocations API operation for Elastic Load Balancing. // -// If any of the specified attributes can't be modified as requested, the call -// fails. Any existing attributes that you do not modify retain their current -// values. +// Describes the revocation files in use by the specified trust store arn, or +// revocation ID. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyLoadBalancerAttributes for usage and error information. +// API operation DescribeTrustStoreRevocations for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. +// - ErrCodeRevocationIdNotFoundException "RevocationIdNotFound" +// The specified revocation ID does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyLoadBalancerAttributes -func (c *ELBV2) ModifyLoadBalancerAttributes(input *ModifyLoadBalancerAttributesInput) (*ModifyLoadBalancerAttributesOutput, error) { - req, out := c.ModifyLoadBalancerAttributesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStoreRevocations +func (c *ELBV2) DescribeTrustStoreRevocations(input *DescribeTrustStoreRevocationsInput) (*DescribeTrustStoreRevocationsOutput, error) { + req, out := c.DescribeTrustStoreRevocationsRequest(input) return out, req.Send() } -// ModifyLoadBalancerAttributesWithContext is the same as ModifyLoadBalancerAttributes with the addition of +// DescribeTrustStoreRevocationsWithContext is the same as DescribeTrustStoreRevocations with the addition of // the ability to pass a context and additional request options. // -// See ModifyLoadBalancerAttributes for details on how to use this API operation. +// See DescribeTrustStoreRevocations for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyLoadBalancerAttributesWithContext(ctx aws.Context, input *ModifyLoadBalancerAttributesInput, opts ...request.Option) (*ModifyLoadBalancerAttributesOutput, error) { - req, out := c.ModifyLoadBalancerAttributesRequest(input) +func (c *ELBV2) DescribeTrustStoreRevocationsWithContext(ctx aws.Context, input *DescribeTrustStoreRevocationsInput, opts ...request.Option) (*DescribeTrustStoreRevocationsOutput, error) { + req, out := c.DescribeTrustStoreRevocationsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opModifyRule = "ModifyRule" +// DescribeTrustStoreRevocationsPages iterates over the pages of a DescribeTrustStoreRevocations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrustStoreRevocations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrustStoreRevocations operation. +// pageNum := 0 +// err := client.DescribeTrustStoreRevocationsPages(params, +// func(page *elbv2.DescribeTrustStoreRevocationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *ELBV2) DescribeTrustStoreRevocationsPages(input *DescribeTrustStoreRevocationsInput, fn func(*DescribeTrustStoreRevocationsOutput, bool) bool) error { + return c.DescribeTrustStoreRevocationsPagesWithContext(aws.BackgroundContext(), input, fn) +} -// ModifyRuleRequest generates a "aws/request.Request" representing the -// client's request for the ModifyRule operation. The "output" return +// DescribeTrustStoreRevocationsPagesWithContext same as DescribeTrustStoreRevocationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) DescribeTrustStoreRevocationsPagesWithContext(ctx aws.Context, input *DescribeTrustStoreRevocationsInput, fn func(*DescribeTrustStoreRevocationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrustStoreRevocationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrustStoreRevocationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTrustStoreRevocationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeTrustStores = "DescribeTrustStores" + +// DescribeTrustStoresRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrustStores operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyRule for more information on using the ModifyRule +// See DescribeTrustStores for more information on using the DescribeTrustStores // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyRuleRequest method. -// req, resp := client.ModifyRuleRequest(params) +// // Example sending a request using the DescribeTrustStoresRequest method. +// req, resp := client.DescribeTrustStoresRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRule -func (c *ELBV2) ModifyRuleRequest(input *ModifyRuleInput) (req *request.Request, output *ModifyRuleOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStores +func (c *ELBV2) DescribeTrustStoresRequest(input *DescribeTrustStoresInput) (req *request.Request, output *DescribeTrustStoresOutput) { op := &request.Operation{ - Name: opModifyRule, + Name: opDescribeTrustStores, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "PageSize", + TruncationToken: "", + }, } if input == nil { - input = &ModifyRuleInput{} + input = &DescribeTrustStoresInput{} } - output = &ModifyRuleOutput{} + output = &DescribeTrustStoresOutput{} req = c.newRequest(op, input, output) return } -// ModifyRule API operation for Elastic Load Balancing. -// -// Replaces the specified properties of the specified rule. Any properties that -// you do not specify are unchanged. +// DescribeTrustStores API operation for Elastic Load Balancing. // -// To add an item to a list, remove an item from a list, or update an item in -// a list, you must provide the entire list. For example, to add an action, -// specify a list with the current actions plus the new action. +// Describes all trust stores for a given account by trust store arn’s or +// name. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyRule for usage and error information. +// API operation DescribeTrustStores for usage and error information. // // Returned Error Codes: +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeTargetGroupAssociationLimitException "TargetGroupAssociationLimit" -// You've reached the limit on the number of load balancers per target group. -// -// - ErrCodeIncompatibleProtocolsException "IncompatibleProtocols" -// The specified configuration is not valid with this protocol. -// -// - ErrCodeRuleNotFoundException "RuleNotFound" -// The specified rule does not exist. -// -// - ErrCodeOperationNotPermittedException "OperationNotPermitted" -// This operation is not allowed. -// -// - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" -// You've reached the limit on the number of times a target can be registered -// with a load balancer. -// -// - ErrCodeTooManyTargetsException "TooManyTargets" -// You've reached the limit on the number of targets. -// -// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" -// The specified target group does not exist. -// -// - ErrCodeUnsupportedProtocolException "UnsupportedProtocol" -// The specified protocol is not supported. -// -// - ErrCodeTooManyActionsException "TooManyActions" -// You've reached the limit on the number of actions per rule. -// -// - ErrCodeInvalidLoadBalancerActionException "InvalidLoadBalancerAction" -// The requested action is not valid. -// -// - ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException "TooManyUniqueTargetGroupsPerLoadBalancer" -// You've reached the limit on the number of unique target groups per load balancer -// across all listeners. If a target group is used by multiple actions for a -// load balancer, it is counted as only one use. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRule -func (c *ELBV2) ModifyRule(input *ModifyRuleInput) (*ModifyRuleOutput, error) { - req, out := c.ModifyRuleRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/DescribeTrustStores +func (c *ELBV2) DescribeTrustStores(input *DescribeTrustStoresInput) (*DescribeTrustStoresOutput, error) { + req, out := c.DescribeTrustStoresRequest(input) return out, req.Send() } -// ModifyRuleWithContext is the same as ModifyRule with the addition of +// DescribeTrustStoresWithContext is the same as DescribeTrustStores with the addition of // the ability to pass a context and additional request options. // -// See ModifyRule for details on how to use this API operation. +// See DescribeTrustStores for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyRuleWithContext(ctx aws.Context, input *ModifyRuleInput, opts ...request.Option) (*ModifyRuleOutput, error) { - req, out := c.ModifyRuleRequest(input) +func (c *ELBV2) DescribeTrustStoresWithContext(ctx aws.Context, input *DescribeTrustStoresInput, opts ...request.Option) (*DescribeTrustStoresOutput, error) { + req, out := c.DescribeTrustStoresRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opModifyTargetGroup = "ModifyTargetGroup" +// DescribeTrustStoresPages iterates over the pages of a DescribeTrustStores operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrustStores method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrustStores operation. +// pageNum := 0 +// err := client.DescribeTrustStoresPages(params, +// func(page *elbv2.DescribeTrustStoresOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *ELBV2) DescribeTrustStoresPages(input *DescribeTrustStoresInput, fn func(*DescribeTrustStoresOutput, bool) bool) error { + return c.DescribeTrustStoresPagesWithContext(aws.BackgroundContext(), input, fn) +} -// ModifyTargetGroupRequest generates a "aws/request.Request" representing the -// client's request for the ModifyTargetGroup operation. The "output" return +// DescribeTrustStoresPagesWithContext same as DescribeTrustStoresPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) DescribeTrustStoresPagesWithContext(ctx aws.Context, input *DescribeTrustStoresInput, fn func(*DescribeTrustStoresOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrustStoresInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrustStoresRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTrustStoresOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opGetTrustStoreCaCertificatesBundle = "GetTrustStoreCaCertificatesBundle" + +// GetTrustStoreCaCertificatesBundleRequest generates a "aws/request.Request" representing the +// client's request for the GetTrustStoreCaCertificatesBundle operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyTargetGroup for more information on using the ModifyTargetGroup +// See GetTrustStoreCaCertificatesBundle for more information on using the GetTrustStoreCaCertificatesBundle // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyTargetGroupRequest method. -// req, resp := client.ModifyTargetGroupRequest(params) +// // Example sending a request using the GetTrustStoreCaCertificatesBundleRequest method. +// req, resp := client.GetTrustStoreCaCertificatesBundleRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroup -func (c *ELBV2) ModifyTargetGroupRequest(input *ModifyTargetGroupInput) (req *request.Request, output *ModifyTargetGroupOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetTrustStoreCaCertificatesBundle +func (c *ELBV2) GetTrustStoreCaCertificatesBundleRequest(input *GetTrustStoreCaCertificatesBundleInput) (req *request.Request, output *GetTrustStoreCaCertificatesBundleOutput) { op := &request.Operation{ - Name: opModifyTargetGroup, + Name: opGetTrustStoreCaCertificatesBundle, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &ModifyTargetGroupInput{} + input = &GetTrustStoreCaCertificatesBundleInput{} } - output = &ModifyTargetGroupOutput{} + output = &GetTrustStoreCaCertificatesBundleOutput{} req = c.newRequest(op, input, output) return } -// ModifyTargetGroup API operation for Elastic Load Balancing. +// GetTrustStoreCaCertificatesBundle API operation for Elastic Load Balancing. // -// Modifies the health checks used when evaluating the health state of the targets -// in the specified target group. +// Retrieves the ca certificate bundle. +// +// This action returns a pre-signed S3 URI which is active for ten minutes. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyTargetGroup for usage and error information. +// API operation GetTrustStoreCaCertificatesBundle for usage and error information. // // Returned Error Codes: +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" -// The specified target group does not exist. -// -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroup -func (c *ELBV2) ModifyTargetGroup(input *ModifyTargetGroupInput) (*ModifyTargetGroupOutput, error) { - req, out := c.ModifyTargetGroupRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetTrustStoreCaCertificatesBundle +func (c *ELBV2) GetTrustStoreCaCertificatesBundle(input *GetTrustStoreCaCertificatesBundleInput) (*GetTrustStoreCaCertificatesBundleOutput, error) { + req, out := c.GetTrustStoreCaCertificatesBundleRequest(input) return out, req.Send() } -// ModifyTargetGroupWithContext is the same as ModifyTargetGroup with the addition of +// GetTrustStoreCaCertificatesBundleWithContext is the same as GetTrustStoreCaCertificatesBundle with the addition of // the ability to pass a context and additional request options. // -// See ModifyTargetGroup for details on how to use this API operation. +// See GetTrustStoreCaCertificatesBundle for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyTargetGroupWithContext(ctx aws.Context, input *ModifyTargetGroupInput, opts ...request.Option) (*ModifyTargetGroupOutput, error) { - req, out := c.ModifyTargetGroupRequest(input) +func (c *ELBV2) GetTrustStoreCaCertificatesBundleWithContext(ctx aws.Context, input *GetTrustStoreCaCertificatesBundleInput, opts ...request.Option) (*GetTrustStoreCaCertificatesBundleOutput, error) { + req, out := c.GetTrustStoreCaCertificatesBundleRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opModifyTargetGroupAttributes = "ModifyTargetGroupAttributes" +const opGetTrustStoreRevocationContent = "GetTrustStoreRevocationContent" -// ModifyTargetGroupAttributesRequest generates a "aws/request.Request" representing the -// client's request for the ModifyTargetGroupAttributes operation. The "output" return +// GetTrustStoreRevocationContentRequest generates a "aws/request.Request" representing the +// client's request for the GetTrustStoreRevocationContent operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ModifyTargetGroupAttributes for more information on using the ModifyTargetGroupAttributes +// See GetTrustStoreRevocationContent for more information on using the GetTrustStoreRevocationContent // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ModifyTargetGroupAttributesRequest method. -// req, resp := client.ModifyTargetGroupAttributesRequest(params) +// // Example sending a request using the GetTrustStoreRevocationContentRequest method. +// req, resp := client.GetTrustStoreRevocationContentRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupAttributes -func (c *ELBV2) ModifyTargetGroupAttributesRequest(input *ModifyTargetGroupAttributesInput) (req *request.Request, output *ModifyTargetGroupAttributesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetTrustStoreRevocationContent +func (c *ELBV2) GetTrustStoreRevocationContentRequest(input *GetTrustStoreRevocationContentInput) (req *request.Request, output *GetTrustStoreRevocationContentOutput) { op := &request.Operation{ - Name: opModifyTargetGroupAttributes, + Name: opGetTrustStoreRevocationContent, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &ModifyTargetGroupAttributesInput{} + input = &GetTrustStoreRevocationContentInput{} } - output = &ModifyTargetGroupAttributesOutput{} + output = &GetTrustStoreRevocationContentOutput{} req = c.newRequest(op, input, output) return } -// ModifyTargetGroupAttributes API operation for Elastic Load Balancing. +// GetTrustStoreRevocationContent API operation for Elastic Load Balancing. // -// Modifies the specified attributes of the specified target group. +// Retrieves the specified revocation file. +// +// This action returns a pre-signed S3 URI which is active for ten minutes. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation ModifyTargetGroupAttributes for usage and error information. +// API operation GetTrustStoreRevocationContent for usage and error information. // // Returned Error Codes: // -// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" -// The specified target group does not exist. +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. +// - ErrCodeRevocationIdNotFoundException "RevocationIdNotFound" +// The specified revocation ID does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupAttributes -func (c *ELBV2) ModifyTargetGroupAttributes(input *ModifyTargetGroupAttributesInput) (*ModifyTargetGroupAttributesOutput, error) { - req, out := c.ModifyTargetGroupAttributesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/GetTrustStoreRevocationContent +func (c *ELBV2) GetTrustStoreRevocationContent(input *GetTrustStoreRevocationContentInput) (*GetTrustStoreRevocationContentOutput, error) { + req, out := c.GetTrustStoreRevocationContentRequest(input) return out, req.Send() } -// ModifyTargetGroupAttributesWithContext is the same as ModifyTargetGroupAttributes with the addition of +// GetTrustStoreRevocationContentWithContext is the same as GetTrustStoreRevocationContent with the addition of // the ability to pass a context and additional request options. // -// See ModifyTargetGroupAttributes for details on how to use this API operation. +// See GetTrustStoreRevocationContent for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) ModifyTargetGroupAttributesWithContext(ctx aws.Context, input *ModifyTargetGroupAttributesInput, opts ...request.Option) (*ModifyTargetGroupAttributesOutput, error) { - req, out := c.ModifyTargetGroupAttributesRequest(input) +func (c *ELBV2) GetTrustStoreRevocationContentWithContext(ctx aws.Context, input *GetTrustStoreRevocationContentInput, opts ...request.Option) (*GetTrustStoreRevocationContentOutput, error) { + req, out := c.GetTrustStoreRevocationContentRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opRegisterTargets = "RegisterTargets" +const opModifyListener = "ModifyListener" -// RegisterTargetsRequest generates a "aws/request.Request" representing the -// client's request for the RegisterTargets operation. The "output" return +// ModifyListenerRequest generates a "aws/request.Request" representing the +// client's request for the ModifyListener operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See RegisterTargets for more information on using the RegisterTargets +// See ModifyListener for more information on using the ModifyListener // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the RegisterTargetsRequest method. -// req, resp := client.RegisterTargetsRequest(params) +// // Example sending a request using the ModifyListenerRequest method. +// req, resp := client.ModifyListenerRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RegisterTargets -func (c *ELBV2) RegisterTargetsRequest(input *RegisterTargetsInput) (req *request.Request, output *RegisterTargetsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListener +func (c *ELBV2) ModifyListenerRequest(input *ModifyListenerInput) (req *request.Request, output *ModifyListenerOutput) { op := &request.Operation{ - Name: opRegisterTargets, + Name: opModifyListener, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &RegisterTargetsInput{} + input = &ModifyListenerInput{} } - output = &RegisterTargetsOutput{} + output = &ModifyListenerOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// RegisterTargets API operation for Elastic Load Balancing. -// -// Registers the specified targets with the specified target group. +// ModifyListener API operation for Elastic Load Balancing. // -// If the target is an EC2 instance, it must be in the running state when you -// register it. +// Replaces the specified properties of the specified listener. Any properties +// that you do not specify remain unchanged. // -// By default, the load balancer routes requests to registered targets using -// the protocol and port for the target group. Alternatively, you can override -// the port for a target when you register it. You can register each EC2 instance -// or IP address with the same target group multiple times using different ports. +// Changing the protocol from HTTPS to HTTP, or from TLS to TCP, removes the +// security policy and default certificate properties. If you change the protocol +// from HTTP to HTTPS, or from TCP to TLS, you must add the security policy +// and default certificate properties. // -// With a Network Load Balancer, you cannot register instances by instance ID -// if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, -// G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these -// types by IP address. +// To add an item to a list, remove an item from a list, or update an item in +// a list, you must provide the entire list. For example, to add an action, +// specify a list with the current actions plus the new action. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation RegisterTargets for usage and error information. +// API operation ModifyListener for usage and error information. // // Returned Error Codes: // +// - ErrCodeDuplicateListenerException "DuplicateListener" +// A listener with the specified port already exists. +// +// - ErrCodeTooManyListenersException "TooManyListeners" +// You've reached the limit on the number of listeners per load balancer. +// +// - ErrCodeTooManyCertificatesException "TooManyCertificates" +// You've reached the limit on the number of certificates per load balancer. +// +// - ErrCodeListenerNotFoundException "ListenerNotFound" +// The specified listener does not exist. +// // - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" // The specified target group does not exist. // -// - ErrCodeTooManyTargetsException "TooManyTargets" -// You've reached the limit on the number of targets. +// - ErrCodeTargetGroupAssociationLimitException "TargetGroupAssociationLimit" +// You've reached the limit on the number of load balancers per target group. // -// - ErrCodeInvalidTargetException "InvalidTarget" -// The specified target does not exist, is not in the same VPC as the target -// group, or has an unsupported instance type. +// - ErrCodeIncompatibleProtocolsException "IncompatibleProtocols" +// The specified configuration is not valid with this protocol. +// +// - ErrCodeSSLPolicyNotFoundException "SSLPolicyNotFound" +// The specified SSL policy does not exist. +// +// - ErrCodeCertificateNotFoundException "CertificateNotFound" +// The specified certificate does not exist. +// +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. +// +// - ErrCodeUnsupportedProtocolException "UnsupportedProtocol" +// The specified protocol is not supported. // // - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" // You've reached the limit on the number of times a target can be registered // with a load balancer. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RegisterTargets -func (c *ELBV2) RegisterTargets(input *RegisterTargetsInput) (*RegisterTargetsOutput, error) { - req, out := c.RegisterTargetsRequest(input) +// - ErrCodeTooManyTargetsException "TooManyTargets" +// You've reached the limit on the number of targets. +// +// - ErrCodeTooManyActionsException "TooManyActions" +// You've reached the limit on the number of actions per rule. +// +// - ErrCodeInvalidLoadBalancerActionException "InvalidLoadBalancerAction" +// The requested action is not valid. +// +// - ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException "TooManyUniqueTargetGroupsPerLoadBalancer" +// You've reached the limit on the number of unique target groups per load balancer +// across all listeners. If a target group is used by multiple actions for a +// load balancer, it is counted as only one use. +// +// - ErrCodeALPNPolicyNotSupportedException "ALPNPolicyNotFound" +// The specified ALPN policy is not supported. +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeTrustStoreNotReadyException "TrustStoreNotReady" +// The specified trust store is not active. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListener +func (c *ELBV2) ModifyListener(input *ModifyListenerInput) (*ModifyListenerOutput, error) { + req, out := c.ModifyListenerRequest(input) return out, req.Send() } -// RegisterTargetsWithContext is the same as RegisterTargets with the addition of +// ModifyListenerWithContext is the same as ModifyListener with the addition of // the ability to pass a context and additional request options. // -// See RegisterTargets for details on how to use this API operation. +// See ModifyListener for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) RegisterTargetsWithContext(ctx aws.Context, input *RegisterTargetsInput, opts ...request.Option) (*RegisterTargetsOutput, error) { - req, out := c.RegisterTargetsRequest(input) +func (c *ELBV2) ModifyListenerWithContext(ctx aws.Context, input *ModifyListenerInput, opts ...request.Option) (*ModifyListenerOutput, error) { + req, out := c.ModifyListenerRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opRemoveListenerCertificates = "RemoveListenerCertificates" +const opModifyLoadBalancerAttributes = "ModifyLoadBalancerAttributes" -// RemoveListenerCertificatesRequest generates a "aws/request.Request" representing the -// client's request for the RemoveListenerCertificates operation. The "output" return +// ModifyLoadBalancerAttributesRequest generates a "aws/request.Request" representing the +// client's request for the ModifyLoadBalancerAttributes operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See RemoveListenerCertificates for more information on using the RemoveListenerCertificates +// See ModifyLoadBalancerAttributes for more information on using the ModifyLoadBalancerAttributes // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the RemoveListenerCertificatesRequest method. -// req, resp := client.RemoveListenerCertificatesRequest(params) +// // Example sending a request using the ModifyLoadBalancerAttributesRequest method. +// req, resp := client.ModifyLoadBalancerAttributesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveListenerCertificates -func (c *ELBV2) RemoveListenerCertificatesRequest(input *RemoveListenerCertificatesInput) (req *request.Request, output *RemoveListenerCertificatesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyLoadBalancerAttributes +func (c *ELBV2) ModifyLoadBalancerAttributesRequest(input *ModifyLoadBalancerAttributesInput) (req *request.Request, output *ModifyLoadBalancerAttributesOutput) { op := &request.Operation{ - Name: opRemoveListenerCertificates, + Name: opModifyLoadBalancerAttributes, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &RemoveListenerCertificatesInput{} + input = &ModifyLoadBalancerAttributesInput{} } - output = &RemoveListenerCertificatesOutput{} + output = &ModifyLoadBalancerAttributesOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// RemoveListenerCertificates API operation for Elastic Load Balancing. +// ModifyLoadBalancerAttributes API operation for Elastic Load Balancing. // -// Removes the specified certificate from the certificate list for the specified -// HTTPS or TLS listener. +// Modifies the specified attributes of the specified Application Load Balancer, +// Network Load Balancer, or Gateway Load Balancer. +// +// If any of the specified attributes can't be modified as requested, the call +// fails. Any existing attributes that you do not modify retain their current +// values. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation RemoveListenerCertificates for usage and error information. +// API operation ModifyLoadBalancerAttributes for usage and error information. // // Returned Error Codes: // -// - ErrCodeListenerNotFoundException "ListenerNotFound" -// The specified listener does not exist. +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. // -// - ErrCodeOperationNotPermittedException "OperationNotPermitted" -// This operation is not allowed. +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveListenerCertificates -func (c *ELBV2) RemoveListenerCertificates(input *RemoveListenerCertificatesInput) (*RemoveListenerCertificatesOutput, error) { - req, out := c.RemoveListenerCertificatesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyLoadBalancerAttributes +func (c *ELBV2) ModifyLoadBalancerAttributes(input *ModifyLoadBalancerAttributesInput) (*ModifyLoadBalancerAttributesOutput, error) { + req, out := c.ModifyLoadBalancerAttributesRequest(input) return out, req.Send() } -// RemoveListenerCertificatesWithContext is the same as RemoveListenerCertificates with the addition of +// ModifyLoadBalancerAttributesWithContext is the same as ModifyLoadBalancerAttributes with the addition of // the ability to pass a context and additional request options. // -// See RemoveListenerCertificates for details on how to use this API operation. +// See ModifyLoadBalancerAttributes for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) RemoveListenerCertificatesWithContext(ctx aws.Context, input *RemoveListenerCertificatesInput, opts ...request.Option) (*RemoveListenerCertificatesOutput, error) { - req, out := c.RemoveListenerCertificatesRequest(input) +func (c *ELBV2) ModifyLoadBalancerAttributesWithContext(ctx aws.Context, input *ModifyLoadBalancerAttributesInput, opts ...request.Option) (*ModifyLoadBalancerAttributesOutput, error) { + req, out := c.ModifyLoadBalancerAttributesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opRemoveTags = "RemoveTags" +const opModifyRule = "ModifyRule" -// RemoveTagsRequest generates a "aws/request.Request" representing the -// client's request for the RemoveTags operation. The "output" return +// ModifyRuleRequest generates a "aws/request.Request" representing the +// client's request for the ModifyRule operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See RemoveTags for more information on using the RemoveTags +// See ModifyRule for more information on using the ModifyRule // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the RemoveTagsRequest method. -// req, resp := client.RemoveTagsRequest(params) +// // Example sending a request using the ModifyRuleRequest method. +// req, resp := client.ModifyRuleRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTags -func (c *ELBV2) RemoveTagsRequest(input *RemoveTagsInput) (req *request.Request, output *RemoveTagsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRule +func (c *ELBV2) ModifyRuleRequest(input *ModifyRuleInput) (req *request.Request, output *ModifyRuleOutput) { op := &request.Operation{ - Name: opRemoveTags, + Name: opModifyRule, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &RemoveTagsInput{} + input = &ModifyRuleInput{} } - output = &RemoveTagsOutput{} + output = &ModifyRuleOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// RemoveTags API operation for Elastic Load Balancing. +// ModifyRule API operation for Elastic Load Balancing. // -// Removes the specified tags from the specified Elastic Load Balancing resources. -// You can remove the tags for one or more Application Load Balancers, Network -// Load Balancers, Gateway Load Balancers, target groups, listeners, or rules. +// Replaces the specified properties of the specified rule. Any properties that +// you do not specify are unchanged. +// +// To add an item to a list, remove an item from a list, or update an item in +// a list, you must provide the entire list. For example, to add an action, +// specify a list with the current actions plus the new action. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation RemoveTags for usage and error information. +// API operation ModifyRule for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. +// - ErrCodeTargetGroupAssociationLimitException "TargetGroupAssociationLimit" +// You've reached the limit on the number of load balancers per target group. +// +// - ErrCodeIncompatibleProtocolsException "IncompatibleProtocols" +// The specified configuration is not valid with this protocol. +// +// - ErrCodeRuleNotFoundException "RuleNotFound" +// The specified rule does not exist. +// +// - ErrCodeOperationNotPermittedException "OperationNotPermitted" +// This operation is not allowed. +// +// - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" +// You've reached the limit on the number of times a target can be registered +// with a load balancer. +// +// - ErrCodeTooManyTargetsException "TooManyTargets" +// You've reached the limit on the number of targets. // // - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" // The specified target group does not exist. // -// - ErrCodeListenerNotFoundException "ListenerNotFound" -// The specified listener does not exist. +// - ErrCodeUnsupportedProtocolException "UnsupportedProtocol" +// The specified protocol is not supported. // -// - ErrCodeRuleNotFoundException "RuleNotFound" -// The specified rule does not exist. +// - ErrCodeTooManyActionsException "TooManyActions" +// You've reached the limit on the number of actions per rule. // -// - ErrCodeTooManyTagsException "TooManyTags" -// You've reached the limit on the number of tags per load balancer. +// - ErrCodeInvalidLoadBalancerActionException "InvalidLoadBalancerAction" +// The requested action is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTags -func (c *ELBV2) RemoveTags(input *RemoveTagsInput) (*RemoveTagsOutput, error) { - req, out := c.RemoveTagsRequest(input) +// - ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException "TooManyUniqueTargetGroupsPerLoadBalancer" +// You've reached the limit on the number of unique target groups per load balancer +// across all listeners. If a target group is used by multiple actions for a +// load balancer, it is counted as only one use. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRule +func (c *ELBV2) ModifyRule(input *ModifyRuleInput) (*ModifyRuleOutput, error) { + req, out := c.ModifyRuleRequest(input) return out, req.Send() } -// RemoveTagsWithContext is the same as RemoveTags with the addition of +// ModifyRuleWithContext is the same as ModifyRule with the addition of // the ability to pass a context and additional request options. // -// See RemoveTags for details on how to use this API operation. +// See ModifyRule for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) RemoveTagsWithContext(ctx aws.Context, input *RemoveTagsInput, opts ...request.Option) (*RemoveTagsOutput, error) { - req, out := c.RemoveTagsRequest(input) +func (c *ELBV2) ModifyRuleWithContext(ctx aws.Context, input *ModifyRuleInput, opts ...request.Option) (*ModifyRuleOutput, error) { + req, out := c.ModifyRuleRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opSetIpAddressType = "SetIpAddressType" +const opModifyTargetGroup = "ModifyTargetGroup" -// SetIpAddressTypeRequest generates a "aws/request.Request" representing the -// client's request for the SetIpAddressType operation. The "output" return +// ModifyTargetGroupRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTargetGroup operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See SetIpAddressType for more information on using the SetIpAddressType +// See ModifyTargetGroup for more information on using the ModifyTargetGroup // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the SetIpAddressTypeRequest method. -// req, resp := client.SetIpAddressTypeRequest(params) +// // Example sending a request using the ModifyTargetGroupRequest method. +// req, resp := client.ModifyTargetGroupRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetIpAddressType -func (c *ELBV2) SetIpAddressTypeRequest(input *SetIpAddressTypeInput) (req *request.Request, output *SetIpAddressTypeOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroup +func (c *ELBV2) ModifyTargetGroupRequest(input *ModifyTargetGroupInput) (req *request.Request, output *ModifyTargetGroupOutput) { op := &request.Operation{ - Name: opSetIpAddressType, + Name: opModifyTargetGroup, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &SetIpAddressTypeInput{} + input = &ModifyTargetGroupInput{} } - output = &SetIpAddressTypeOutput{} + output = &ModifyTargetGroupOutput{} req = c.newRequest(op, input, output) return } -// SetIpAddressType API operation for Elastic Load Balancing. +// ModifyTargetGroup API operation for Elastic Load Balancing. // -// Sets the type of IP addresses used by the subnets of the specified load balancer. +// Modifies the health checks used when evaluating the health state of the targets +// in the specified target group. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation SetIpAddressType for usage and error information. +// API operation ModifyTargetGroup for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. +// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" +// The specified target group does not exist. // // - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" // The requested configuration is not valid. // -// - ErrCodeInvalidSubnetException "InvalidSubnet" -// The specified subnet is out of available addresses. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetIpAddressType -func (c *ELBV2) SetIpAddressType(input *SetIpAddressTypeInput) (*SetIpAddressTypeOutput, error) { - req, out := c.SetIpAddressTypeRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroup +func (c *ELBV2) ModifyTargetGroup(input *ModifyTargetGroupInput) (*ModifyTargetGroupOutput, error) { + req, out := c.ModifyTargetGroupRequest(input) return out, req.Send() } -// SetIpAddressTypeWithContext is the same as SetIpAddressType with the addition of +// ModifyTargetGroupWithContext is the same as ModifyTargetGroup with the addition of // the ability to pass a context and additional request options. // -// See SetIpAddressType for details on how to use this API operation. +// See ModifyTargetGroup for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) SetIpAddressTypeWithContext(ctx aws.Context, input *SetIpAddressTypeInput, opts ...request.Option) (*SetIpAddressTypeOutput, error) { - req, out := c.SetIpAddressTypeRequest(input) +func (c *ELBV2) ModifyTargetGroupWithContext(ctx aws.Context, input *ModifyTargetGroupInput, opts ...request.Option) (*ModifyTargetGroupOutput, error) { + req, out := c.ModifyTargetGroupRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opSetRulePriorities = "SetRulePriorities" +const opModifyTargetGroupAttributes = "ModifyTargetGroupAttributes" -// SetRulePrioritiesRequest generates a "aws/request.Request" representing the -// client's request for the SetRulePriorities operation. The "output" return +// ModifyTargetGroupAttributesRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTargetGroupAttributes operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See SetRulePriorities for more information on using the SetRulePriorities +// See ModifyTargetGroupAttributes for more information on using the ModifyTargetGroupAttributes // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the SetRulePrioritiesRequest method. -// req, resp := client.SetRulePrioritiesRequest(params) +// // Example sending a request using the ModifyTargetGroupAttributesRequest method. +// req, resp := client.ModifyTargetGroupAttributesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetRulePriorities -func (c *ELBV2) SetRulePrioritiesRequest(input *SetRulePrioritiesInput) (req *request.Request, output *SetRulePrioritiesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupAttributes +func (c *ELBV2) ModifyTargetGroupAttributesRequest(input *ModifyTargetGroupAttributesInput) (req *request.Request, output *ModifyTargetGroupAttributesOutput) { op := &request.Operation{ - Name: opSetRulePriorities, + Name: opModifyTargetGroupAttributes, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &SetRulePrioritiesInput{} + input = &ModifyTargetGroupAttributesInput{} } - output = &SetRulePrioritiesOutput{} + output = &ModifyTargetGroupAttributesOutput{} req = c.newRequest(op, input, output) return } -// SetRulePriorities API operation for Elastic Load Balancing. -// -// Sets the priorities of the specified rules. +// ModifyTargetGroupAttributes API operation for Elastic Load Balancing. // -// You can reorder the rules as long as there are no priority conflicts in the -// new order. Any existing rules that you do not specify retain their current -// priority. +// Modifies the specified attributes of the specified target group. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation SetRulePriorities for usage and error information. +// API operation ModifyTargetGroupAttributes for usage and error information. // // Returned Error Codes: // -// - ErrCodeRuleNotFoundException "RuleNotFound" -// The specified rule does not exist. -// -// - ErrCodePriorityInUseException "PriorityInUse" -// The specified priority is in use. +// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" +// The specified target group does not exist. // -// - ErrCodeOperationNotPermittedException "OperationNotPermitted" -// This operation is not allowed. +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetRulePriorities -func (c *ELBV2) SetRulePriorities(input *SetRulePrioritiesInput) (*SetRulePrioritiesOutput, error) { - req, out := c.SetRulePrioritiesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupAttributes +func (c *ELBV2) ModifyTargetGroupAttributes(input *ModifyTargetGroupAttributesInput) (*ModifyTargetGroupAttributesOutput, error) { + req, out := c.ModifyTargetGroupAttributesRequest(input) return out, req.Send() } -// SetRulePrioritiesWithContext is the same as SetRulePriorities with the addition of +// ModifyTargetGroupAttributesWithContext is the same as ModifyTargetGroupAttributes with the addition of // the ability to pass a context and additional request options. // -// See SetRulePriorities for details on how to use this API operation. +// See ModifyTargetGroupAttributes for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) SetRulePrioritiesWithContext(ctx aws.Context, input *SetRulePrioritiesInput, opts ...request.Option) (*SetRulePrioritiesOutput, error) { - req, out := c.SetRulePrioritiesRequest(input) +func (c *ELBV2) ModifyTargetGroupAttributesWithContext(ctx aws.Context, input *ModifyTargetGroupAttributesInput, opts ...request.Option) (*ModifyTargetGroupAttributesOutput, error) { + req, out := c.ModifyTargetGroupAttributesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opSetSecurityGroups = "SetSecurityGroups" +const opModifyTrustStore = "ModifyTrustStore" -// SetSecurityGroupsRequest generates a "aws/request.Request" representing the -// client's request for the SetSecurityGroups operation. The "output" return +// ModifyTrustStoreRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTrustStore operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See SetSecurityGroups for more information on using the SetSecurityGroups +// See ModifyTrustStore for more information on using the ModifyTrustStore // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the SetSecurityGroupsRequest method. -// req, resp := client.SetSecurityGroupsRequest(params) +// // Example sending a request using the ModifyTrustStoreRequest method. +// req, resp := client.ModifyTrustStoreRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroups -func (c *ELBV2) SetSecurityGroupsRequest(input *SetSecurityGroupsInput) (req *request.Request, output *SetSecurityGroupsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTrustStore +func (c *ELBV2) ModifyTrustStoreRequest(input *ModifyTrustStoreInput) (req *request.Request, output *ModifyTrustStoreOutput) { op := &request.Operation{ - Name: opSetSecurityGroups, + Name: opModifyTrustStore, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &SetSecurityGroupsInput{} + input = &ModifyTrustStoreInput{} } - output = &SetSecurityGroupsOutput{} + output = &ModifyTrustStoreOutput{} req = c.newRequest(op, input, output) return } -// SetSecurityGroups API operation for Elastic Load Balancing. -// -// Associates the specified security groups with the specified Application Load -// Balancer. The specified security groups override the previously associated -// security groups. +// ModifyTrustStore API operation for Elastic Load Balancing. // -// You can't specify a security group for a Network Load Balancer or Gateway -// Load Balancer. +// Update the ca certificate bundle for a given trust store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation SetSecurityGroups for usage and error information. +// API operation ModifyTrustStore for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. // -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. +// - ErrCodeInvalidCaCertificatesBundleException "InvalidCaCertificatesBundle" +// The specified ca certificate bundle is in an invalid format, or corrupt. // -// - ErrCodeInvalidSecurityGroupException "InvalidSecurityGroup" -// The specified security group does not exist. +// - ErrCodeCaCertificatesBundleNotFoundException "CaCertificatesBundleNotFound" +// The specified ca certificate bundle does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroups -func (c *ELBV2) SetSecurityGroups(input *SetSecurityGroupsInput) (*SetSecurityGroupsOutput, error) { - req, out := c.SetSecurityGroupsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTrustStore +func (c *ELBV2) ModifyTrustStore(input *ModifyTrustStoreInput) (*ModifyTrustStoreOutput, error) { + req, out := c.ModifyTrustStoreRequest(input) return out, req.Send() } -// SetSecurityGroupsWithContext is the same as SetSecurityGroups with the addition of +// ModifyTrustStoreWithContext is the same as ModifyTrustStore with the addition of // the ability to pass a context and additional request options. // -// See SetSecurityGroups for details on how to use this API operation. +// See ModifyTrustStore for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *ELBV2) SetSecurityGroupsWithContext(ctx aws.Context, input *SetSecurityGroupsInput, opts ...request.Option) (*SetSecurityGroupsOutput, error) { - req, out := c.SetSecurityGroupsRequest(input) +func (c *ELBV2) ModifyTrustStoreWithContext(ctx aws.Context, input *ModifyTrustStoreInput, opts ...request.Option) (*ModifyTrustStoreOutput, error) { + req, out := c.ModifyTrustStoreRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opSetSubnets = "SetSubnets" +const opRegisterTargets = "RegisterTargets" -// SetSubnetsRequest generates a "aws/request.Request" representing the -// client's request for the SetSubnets operation. The "output" return +// RegisterTargetsRequest generates a "aws/request.Request" representing the +// client's request for the RegisterTargets operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See SetSubnets for more information on using the SetSubnets +// See RegisterTargets for more information on using the RegisterTargets // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the SetSubnetsRequest method. -// req, resp := client.SetSubnetsRequest(params) +// // Example sending a request using the RegisterTargetsRequest method. +// req, resp := client.RegisterTargetsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSubnets -func (c *ELBV2) SetSubnetsRequest(input *SetSubnetsInput) (req *request.Request, output *SetSubnetsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RegisterTargets +func (c *ELBV2) RegisterTargetsRequest(input *RegisterTargetsInput) (req *request.Request, output *RegisterTargetsOutput) { op := &request.Operation{ - Name: opSetSubnets, + Name: opRegisterTargets, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &SetSubnetsInput{} + input = &RegisterTargetsInput{} } - output = &SetSubnetsOutput{} + output = &RegisterTargetsOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// SetSubnets API operation for Elastic Load Balancing. +// RegisterTargets API operation for Elastic Load Balancing. // -// Enables the Availability Zones for the specified public subnets for the specified -// Application Load Balancer or Network Load Balancer. The specified subnets -// replace the previously enabled subnets. +// Registers the specified targets with the specified target group. +// +// If the target is an EC2 instance, it must be in the running state when you +// register it. +// +// By default, the load balancer routes requests to registered targets using +// the protocol and port for the target group. Alternatively, you can override +// the port for a target when you register it. You can register each EC2 instance +// or IP address with the same target group multiple times using different ports. // -// When you specify subnets for a Network Load Balancer, you must include all -// subnets that were enabled previously, with their existing configurations, -// plus any additional subnets. +// With a Network Load Balancer, you cannot register instances by instance ID +// if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, +// G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these +// types by IP address. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Elastic Load Balancing's -// API operation SetSubnets for usage and error information. +// API operation RegisterTargets for usage and error information. // // Returned Error Codes: // -// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" -// The specified load balancer does not exist. -// -// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" -// The requested configuration is not valid. -// -// - ErrCodeSubnetNotFoundException "SubnetNotFound" -// The specified subnet does not exist. +// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" +// The specified target group does not exist. // -// - ErrCodeInvalidSubnetException "InvalidSubnet" -// The specified subnet is out of available addresses. +// - ErrCodeTooManyTargetsException "TooManyTargets" +// You've reached the limit on the number of targets. // -// - ErrCodeAllocationIdNotFoundException "AllocationIdNotFound" -// The specified allocation ID does not exist. +// - ErrCodeInvalidTargetException "InvalidTarget" +// The specified target does not exist, is not in the same VPC as the target +// group, or has an unsupported instance type. // -// - ErrCodeAvailabilityZoneNotSupportedException "AvailabilityZoneNotSupported" -// The specified Availability Zone is not supported. +// - ErrCodeTooManyRegistrationsForTargetIdException "TooManyRegistrationsForTargetId" +// You've reached the limit on the number of times a target can be registered +// with a load balancer. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSubnets -func (c *ELBV2) SetSubnets(input *SetSubnetsInput) (*SetSubnetsOutput, error) { - req, out := c.SetSubnetsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RegisterTargets +func (c *ELBV2) RegisterTargets(input *RegisterTargetsInput) (*RegisterTargetsOutput, error) { + req, out := c.RegisterTargetsRequest(input) return out, req.Send() } -// SetSubnetsWithContext is the same as SetSubnets with the addition of +// RegisterTargetsWithContext is the same as RegisterTargets with the addition of +// the ability to pass a context and additional request options. +// +// See RegisterTargets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) RegisterTargetsWithContext(ctx aws.Context, input *RegisterTargetsInput, opts ...request.Option) (*RegisterTargetsOutput, error) { + req, out := c.RegisterTargetsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRemoveListenerCertificates = "RemoveListenerCertificates" + +// RemoveListenerCertificatesRequest generates a "aws/request.Request" representing the +// client's request for the RemoveListenerCertificates operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RemoveListenerCertificates for more information on using the RemoveListenerCertificates +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RemoveListenerCertificatesRequest method. +// req, resp := client.RemoveListenerCertificatesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveListenerCertificates +func (c *ELBV2) RemoveListenerCertificatesRequest(input *RemoveListenerCertificatesInput) (req *request.Request, output *RemoveListenerCertificatesOutput) { + op := &request.Operation{ + Name: opRemoveListenerCertificates, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RemoveListenerCertificatesInput{} + } + + output = &RemoveListenerCertificatesOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// RemoveListenerCertificates API operation for Elastic Load Balancing. +// +// Removes the specified certificate from the certificate list for the specified +// HTTPS or TLS listener. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation RemoveListenerCertificates for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeListenerNotFoundException "ListenerNotFound" +// The specified listener does not exist. +// +// - ErrCodeOperationNotPermittedException "OperationNotPermitted" +// This operation is not allowed. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveListenerCertificates +func (c *ELBV2) RemoveListenerCertificates(input *RemoveListenerCertificatesInput) (*RemoveListenerCertificatesOutput, error) { + req, out := c.RemoveListenerCertificatesRequest(input) + return out, req.Send() +} + +// RemoveListenerCertificatesWithContext is the same as RemoveListenerCertificates with the addition of +// the ability to pass a context and additional request options. +// +// See RemoveListenerCertificates for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) RemoveListenerCertificatesWithContext(ctx aws.Context, input *RemoveListenerCertificatesInput, opts ...request.Option) (*RemoveListenerCertificatesOutput, error) { + req, out := c.RemoveListenerCertificatesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRemoveTags = "RemoveTags" + +// RemoveTagsRequest generates a "aws/request.Request" representing the +// client's request for the RemoveTags operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RemoveTags for more information on using the RemoveTags +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RemoveTagsRequest method. +// req, resp := client.RemoveTagsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTags +func (c *ELBV2) RemoveTagsRequest(input *RemoveTagsInput) (req *request.Request, output *RemoveTagsOutput) { + op := &request.Operation{ + Name: opRemoveTags, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RemoveTagsInput{} + } + + output = &RemoveTagsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// RemoveTags API operation for Elastic Load Balancing. +// +// Removes the specified tags from the specified Elastic Load Balancing resources. +// You can remove the tags for one or more Application Load Balancers, Network +// Load Balancers, Gateway Load Balancers, target groups, listeners, or rules. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation RemoveTags for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. +// +// - ErrCodeTargetGroupNotFoundException "TargetGroupNotFound" +// The specified target group does not exist. +// +// - ErrCodeListenerNotFoundException "ListenerNotFound" +// The specified listener does not exist. +// +// - ErrCodeRuleNotFoundException "RuleNotFound" +// The specified rule does not exist. +// +// - ErrCodeTooManyTagsException "TooManyTags" +// You've reached the limit on the number of tags for this resource. +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTags +func (c *ELBV2) RemoveTags(input *RemoveTagsInput) (*RemoveTagsOutput, error) { + req, out := c.RemoveTagsRequest(input) + return out, req.Send() +} + +// RemoveTagsWithContext is the same as RemoveTags with the addition of +// the ability to pass a context and additional request options. +// +// See RemoveTags for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) RemoveTagsWithContext(ctx aws.Context, input *RemoveTagsInput, opts ...request.Option) (*RemoveTagsOutput, error) { + req, out := c.RemoveTagsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRemoveTrustStoreRevocations = "RemoveTrustStoreRevocations" + +// RemoveTrustStoreRevocationsRequest generates a "aws/request.Request" representing the +// client's request for the RemoveTrustStoreRevocations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RemoveTrustStoreRevocations for more information on using the RemoveTrustStoreRevocations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RemoveTrustStoreRevocationsRequest method. +// req, resp := client.RemoveTrustStoreRevocationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTrustStoreRevocations +func (c *ELBV2) RemoveTrustStoreRevocationsRequest(input *RemoveTrustStoreRevocationsInput) (req *request.Request, output *RemoveTrustStoreRevocationsOutput) { + op := &request.Operation{ + Name: opRemoveTrustStoreRevocations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RemoveTrustStoreRevocationsInput{} + } + + output = &RemoveTrustStoreRevocationsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// RemoveTrustStoreRevocations API operation for Elastic Load Balancing. +// +// Removes the specified revocation file from the specified trust store. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation RemoveTrustStoreRevocations for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeTrustStoreNotFoundException "TrustStoreNotFound" +// The specified trust store does not exist. +// +// - ErrCodeRevocationIdNotFoundException "RevocationIdNotFound" +// The specified revocation ID does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/RemoveTrustStoreRevocations +func (c *ELBV2) RemoveTrustStoreRevocations(input *RemoveTrustStoreRevocationsInput) (*RemoveTrustStoreRevocationsOutput, error) { + req, out := c.RemoveTrustStoreRevocationsRequest(input) + return out, req.Send() +} + +// RemoveTrustStoreRevocationsWithContext is the same as RemoveTrustStoreRevocations with the addition of +// the ability to pass a context and additional request options. +// +// See RemoveTrustStoreRevocations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) RemoveTrustStoreRevocationsWithContext(ctx aws.Context, input *RemoveTrustStoreRevocationsInput, opts ...request.Option) (*RemoveTrustStoreRevocationsOutput, error) { + req, out := c.RemoveTrustStoreRevocationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSetIpAddressType = "SetIpAddressType" + +// SetIpAddressTypeRequest generates a "aws/request.Request" representing the +// client's request for the SetIpAddressType operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetIpAddressType for more information on using the SetIpAddressType +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SetIpAddressTypeRequest method. +// req, resp := client.SetIpAddressTypeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetIpAddressType +func (c *ELBV2) SetIpAddressTypeRequest(input *SetIpAddressTypeInput) (req *request.Request, output *SetIpAddressTypeOutput) { + op := &request.Operation{ + Name: opSetIpAddressType, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetIpAddressTypeInput{} + } + + output = &SetIpAddressTypeOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetIpAddressType API operation for Elastic Load Balancing. +// +// Sets the type of IP addresses used by the subnets of the specified load balancer. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation SetIpAddressType for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. +// +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. +// +// - ErrCodeInvalidSubnetException "InvalidSubnet" +// The specified subnet is out of available addresses. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetIpAddressType +func (c *ELBV2) SetIpAddressType(input *SetIpAddressTypeInput) (*SetIpAddressTypeOutput, error) { + req, out := c.SetIpAddressTypeRequest(input) + return out, req.Send() +} + +// SetIpAddressTypeWithContext is the same as SetIpAddressType with the addition of +// the ability to pass a context and additional request options. +// +// See SetIpAddressType for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) SetIpAddressTypeWithContext(ctx aws.Context, input *SetIpAddressTypeInput, opts ...request.Option) (*SetIpAddressTypeOutput, error) { + req, out := c.SetIpAddressTypeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSetRulePriorities = "SetRulePriorities" + +// SetRulePrioritiesRequest generates a "aws/request.Request" representing the +// client's request for the SetRulePriorities operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetRulePriorities for more information on using the SetRulePriorities +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SetRulePrioritiesRequest method. +// req, resp := client.SetRulePrioritiesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetRulePriorities +func (c *ELBV2) SetRulePrioritiesRequest(input *SetRulePrioritiesInput) (req *request.Request, output *SetRulePrioritiesOutput) { + op := &request.Operation{ + Name: opSetRulePriorities, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetRulePrioritiesInput{} + } + + output = &SetRulePrioritiesOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetRulePriorities API operation for Elastic Load Balancing. +// +// Sets the priorities of the specified rules. +// +// You can reorder the rules as long as there are no priority conflicts in the +// new order. Any existing rules that you do not specify retain their current +// priority. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation SetRulePriorities for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeRuleNotFoundException "RuleNotFound" +// The specified rule does not exist. +// +// - ErrCodePriorityInUseException "PriorityInUse" +// The specified priority is in use. +// +// - ErrCodeOperationNotPermittedException "OperationNotPermitted" +// This operation is not allowed. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetRulePriorities +func (c *ELBV2) SetRulePriorities(input *SetRulePrioritiesInput) (*SetRulePrioritiesOutput, error) { + req, out := c.SetRulePrioritiesRequest(input) + return out, req.Send() +} + +// SetRulePrioritiesWithContext is the same as SetRulePriorities with the addition of +// the ability to pass a context and additional request options. +// +// See SetRulePriorities for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) SetRulePrioritiesWithContext(ctx aws.Context, input *SetRulePrioritiesInput, opts ...request.Option) (*SetRulePrioritiesOutput, error) { + req, out := c.SetRulePrioritiesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSetSecurityGroups = "SetSecurityGroups" + +// SetSecurityGroupsRequest generates a "aws/request.Request" representing the +// client's request for the SetSecurityGroups operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetSecurityGroups for more information on using the SetSecurityGroups +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SetSecurityGroupsRequest method. +// req, resp := client.SetSecurityGroupsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroups +func (c *ELBV2) SetSecurityGroupsRequest(input *SetSecurityGroupsInput) (req *request.Request, output *SetSecurityGroupsOutput) { + op := &request.Operation{ + Name: opSetSecurityGroups, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetSecurityGroupsInput{} + } + + output = &SetSecurityGroupsOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetSecurityGroups API operation for Elastic Load Balancing. +// +// Associates the specified security groups with the specified Application Load +// Balancer or Network Load Balancer. The specified security groups override +// the previously associated security groups. +// +// You can't perform this operation on a Network Load Balancer unless you specified +// a security group for the load balancer when you created it. +// +// You can't associate a security group with a Gateway Load Balancer. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation SetSecurityGroups for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. +// +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. +// +// - ErrCodeInvalidSecurityGroupException "InvalidSecurityGroup" +// The specified security group does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroups +func (c *ELBV2) SetSecurityGroups(input *SetSecurityGroupsInput) (*SetSecurityGroupsOutput, error) { + req, out := c.SetSecurityGroupsRequest(input) + return out, req.Send() +} + +// SetSecurityGroupsWithContext is the same as SetSecurityGroups with the addition of +// the ability to pass a context and additional request options. +// +// See SetSecurityGroups for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) SetSecurityGroupsWithContext(ctx aws.Context, input *SetSecurityGroupsInput, opts ...request.Option) (*SetSecurityGroupsOutput, error) { + req, out := c.SetSecurityGroupsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSetSubnets = "SetSubnets" + +// SetSubnetsRequest generates a "aws/request.Request" representing the +// client's request for the SetSubnets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetSubnets for more information on using the SetSubnets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SetSubnetsRequest method. +// req, resp := client.SetSubnetsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSubnets +func (c *ELBV2) SetSubnetsRequest(input *SetSubnetsInput) (req *request.Request, output *SetSubnetsOutput) { + op := &request.Operation{ + Name: opSetSubnets, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetSubnetsInput{} + } + + output = &SetSubnetsOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetSubnets API operation for Elastic Load Balancing. +// +// Enables the Availability Zones for the specified public subnets for the specified +// Application Load Balancer, Network Load Balancer or Gateway Load Balancer. +// The specified subnets replace the previously enabled subnets. +// +// When you specify subnets for a Network Load Balancer, or Gateway Load Balancer +// you must include all subnets that were enabled previously, with their existing +// configurations, plus any additional subnets. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Elastic Load Balancing's +// API operation SetSubnets for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeLoadBalancerNotFoundException "LoadBalancerNotFound" +// The specified load balancer does not exist. +// +// - ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" +// The requested configuration is not valid. +// +// - ErrCodeSubnetNotFoundException "SubnetNotFound" +// The specified subnet does not exist. +// +// - ErrCodeInvalidSubnetException "InvalidSubnet" +// The specified subnet is out of available addresses. +// +// - ErrCodeAllocationIdNotFoundException "AllocationIdNotFound" +// The specified allocation ID does not exist. +// +// - ErrCodeAvailabilityZoneNotSupportedException "AvailabilityZoneNotSupported" +// The specified Availability Zone is not supported. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSubnets +func (c *ELBV2) SetSubnets(input *SetSubnetsInput) (*SetSubnetsOutput, error) { + req, out := c.SetSubnetsRequest(input) + return out, req.Send() +} + +// SetSubnetsWithContext is the same as SetSubnets with the addition of // the ability to pass a context and additional request options. // // See SetSubnets for details on how to use this API operation. // -// The context must be non-nil and will be used for request cancellation. If -// the context is nil a panic will occur. In the future the SDK may create -// sub-contexts for http.Requests. See https://golang.org/pkg/context/ -// for more information on using Contexts. -func (c *ELBV2) SetSubnetsWithContext(ctx aws.Context, input *SetSubnetsInput, opts ...request.Option) (*SetSubnetsOutput, error) { - req, out := c.SetSubnetsRequest(input) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return out, req.Send() +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ELBV2) SetSubnetsWithContext(ctx aws.Context, input *SetSubnetsInput, opts ...request.Option) (*SetSubnetsOutput, error) { + req, out := c.SetSubnetsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// Information about an action. +// +// Each rule must include exactly one of the following types of actions: forward, +// fixed-response, or redirect, and it must be the last action to be performed. +type Action struct { + _ struct{} `type:"structure"` + + // [HTTPS listeners] Information for using Amazon Cognito to authenticate users. + // Specify only when Type is authenticate-cognito. + AuthenticateCognitoConfig *AuthenticateCognitoActionConfig `type:"structure"` + + // [HTTPS listeners] Information about an identity provider that is compliant + // with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc. + AuthenticateOidcConfig *AuthenticateOidcActionConfig `type:"structure"` + + // [Application Load Balancer] Information for creating an action that returns + // a custom HTTP response. Specify only when Type is fixed-response. + FixedResponseConfig *FixedResponseActionConfig `type:"structure"` + + // Information for creating an action that distributes requests among one or + // more target groups. For Network Load Balancers, you can specify a single + // target group. Specify only when Type is forward. If you specify both ForwardConfig + // and TargetGroupArn, you can specify only one target group using ForwardConfig + // and it must be the same target group specified in TargetGroupArn. + ForwardConfig *ForwardActionConfig `type:"structure"` + + // The order for the action. This value is required for rules with multiple + // actions. The action with the lowest value for order is performed first. + Order *int64 `min:"1" type:"integer"` + + // [Application Load Balancer] Information for creating a redirect action. Specify + // only when Type is redirect. + RedirectConfig *RedirectActionConfig `type:"structure"` + + // The Amazon Resource Name (ARN) of the target group. Specify only when Type + // is forward and you want to route to a single target group. To route to one + // or more target groups, use ForwardConfig instead. + TargetGroupArn *string `type:"string"` + + // The type of action. + // + // Type is a required field + Type *string `type:"string" required:"true" enum:"ActionTypeEnum"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Action) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Action) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Action) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Action"} + if s.Order != nil && *s.Order < 1 { + invalidParams.Add(request.NewErrParamMinValue("Order", 1)) + } + if s.Type == nil { + invalidParams.Add(request.NewErrParamRequired("Type")) + } + if s.AuthenticateCognitoConfig != nil { + if err := s.AuthenticateCognitoConfig.Validate(); err != nil { + invalidParams.AddNested("AuthenticateCognitoConfig", err.(request.ErrInvalidParams)) + } + } + if s.AuthenticateOidcConfig != nil { + if err := s.AuthenticateOidcConfig.Validate(); err != nil { + invalidParams.AddNested("AuthenticateOidcConfig", err.(request.ErrInvalidParams)) + } + } + if s.FixedResponseConfig != nil { + if err := s.FixedResponseConfig.Validate(); err != nil { + invalidParams.AddNested("FixedResponseConfig", err.(request.ErrInvalidParams)) + } + } + if s.RedirectConfig != nil { + if err := s.RedirectConfig.Validate(); err != nil { + invalidParams.AddNested("RedirectConfig", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthenticateCognitoConfig sets the AuthenticateCognitoConfig field's value. +func (s *Action) SetAuthenticateCognitoConfig(v *AuthenticateCognitoActionConfig) *Action { + s.AuthenticateCognitoConfig = v + return s +} + +// SetAuthenticateOidcConfig sets the AuthenticateOidcConfig field's value. +func (s *Action) SetAuthenticateOidcConfig(v *AuthenticateOidcActionConfig) *Action { + s.AuthenticateOidcConfig = v + return s +} + +// SetFixedResponseConfig sets the FixedResponseConfig field's value. +func (s *Action) SetFixedResponseConfig(v *FixedResponseActionConfig) *Action { + s.FixedResponseConfig = v + return s +} + +// SetForwardConfig sets the ForwardConfig field's value. +func (s *Action) SetForwardConfig(v *ForwardActionConfig) *Action { + s.ForwardConfig = v + return s +} + +// SetOrder sets the Order field's value. +func (s *Action) SetOrder(v int64) *Action { + s.Order = &v + return s +} + +// SetRedirectConfig sets the RedirectConfig field's value. +func (s *Action) SetRedirectConfig(v *RedirectActionConfig) *Action { + s.RedirectConfig = v + return s +} + +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *Action) SetTargetGroupArn(v string) *Action { + s.TargetGroupArn = &v + return s +} + +// SetType sets the Type field's value. +func (s *Action) SetType(v string) *Action { + s.Type = &v + return s +} + +type AddListenerCertificatesInput struct { + _ struct{} `type:"structure"` + + // The certificate to add. You can specify one certificate per call. Set CertificateArn + // to the certificate ARN but do not set IsDefault. + // + // Certificates is a required field + Certificates []*Certificate `type:"list" required:"true"` + + // The Amazon Resource Name (ARN) of the listener. + // + // ListenerArn is a required field + ListenerArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddListenerCertificatesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddListenerCertificatesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AddListenerCertificatesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AddListenerCertificatesInput"} + if s.Certificates == nil { + invalidParams.Add(request.NewErrParamRequired("Certificates")) + } + if s.ListenerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCertificates sets the Certificates field's value. +func (s *AddListenerCertificatesInput) SetCertificates(v []*Certificate) *AddListenerCertificatesInput { + s.Certificates = v + return s +} + +// SetListenerArn sets the ListenerArn field's value. +func (s *AddListenerCertificatesInput) SetListenerArn(v string) *AddListenerCertificatesInput { + s.ListenerArn = &v + return s +} + +type AddListenerCertificatesOutput struct { + _ struct{} `type:"structure"` + + // Information about the certificates in the certificate list. + Certificates []*Certificate `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddListenerCertificatesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddListenerCertificatesOutput) GoString() string { + return s.String() +} + +// SetCertificates sets the Certificates field's value. +func (s *AddListenerCertificatesOutput) SetCertificates(v []*Certificate) *AddListenerCertificatesOutput { + s.Certificates = v + return s +} + +type AddTagsInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the resource. + // + // ResourceArns is a required field + ResourceArns []*string `type:"list" required:"true"` + + // The tags. + // + // Tags is a required field + Tags []*Tag `min:"1" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTagsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTagsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AddTagsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AddTagsInput"} + if s.ResourceArns == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArns")) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArns sets the ResourceArns field's value. +func (s *AddTagsInput) SetResourceArns(v []*string) *AddTagsInput { + s.ResourceArns = v + return s +} + +// SetTags sets the Tags field's value. +func (s *AddTagsInput) SetTags(v []*Tag) *AddTagsInput { + s.Tags = v + return s +} + +type AddTagsOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTagsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTagsOutput) GoString() string { + return s.String() +} + +type AddTrustStoreRevocationsInput struct { + _ struct{} `type:"structure"` + + // The revocation file to add. + RevocationContents []*RevocationContent `type:"list"` + + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTrustStoreRevocationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTrustStoreRevocationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AddTrustStoreRevocationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AddTrustStoreRevocationsInput"} + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetRevocationContents sets the RevocationContents field's value. +func (s *AddTrustStoreRevocationsInput) SetRevocationContents(v []*RevocationContent) *AddTrustStoreRevocationsInput { + s.RevocationContents = v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *AddTrustStoreRevocationsInput) SetTrustStoreArn(v string) *AddTrustStoreRevocationsInput { + s.TrustStoreArn = &v + return s +} + +type AddTrustStoreRevocationsOutput struct { + _ struct{} `type:"structure"` + + // Information about the revocation file added to the trust store. + TrustStoreRevocations []*TrustStoreRevocation `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTrustStoreRevocationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AddTrustStoreRevocationsOutput) GoString() string { + return s.String() +} + +// SetTrustStoreRevocations sets the TrustStoreRevocations field's value. +func (s *AddTrustStoreRevocationsOutput) SetTrustStoreRevocations(v []*TrustStoreRevocation) *AddTrustStoreRevocationsOutput { + s.TrustStoreRevocations = v + return s +} + +// Information about anomaly detection and mitigation. +type AnomalyDetection struct { + _ struct{} `type:"structure"` + + // Indicates whether anomaly mitigation is in progress. + MitigationInEffect *string `type:"string" enum:"MitigationInEffectEnum"` + + // The latest anomaly detection result. + Result *string `type:"string" enum:"AnomalyResultEnum"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnomalyDetection) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnomalyDetection) GoString() string { + return s.String() +} + +// SetMitigationInEffect sets the MitigationInEffect field's value. +func (s *AnomalyDetection) SetMitigationInEffect(v string) *AnomalyDetection { + s.MitigationInEffect = &v + return s +} + +// SetResult sets the Result field's value. +func (s *AnomalyDetection) SetResult(v string) *AnomalyDetection { + s.Result = &v + return s +} + +// Request parameters to use when integrating with Amazon Cognito to authenticate +// users. +type AuthenticateCognitoActionConfig struct { + _ struct{} `type:"structure"` + + // The query parameters (up to 10) to include in the redirect request to the + // authorization endpoint. + AuthenticationRequestExtraParams map[string]*string `type:"map"` + + // The behavior if the user is not authenticated. The following are possible + // values: + // + // * deny - Return an HTTP 401 Unauthorized error. + // + // * allow - Allow the request to be forwarded to the target. + // + // * authenticate - Redirect the request to the IdP authorization endpoint. + // This is the default value. + OnUnauthenticatedRequest *string `type:"string" enum:"AuthenticateCognitoActionConditionalBehaviorEnum"` + + // The set of user claims to be requested from the IdP. The default is openid. + // + // To verify which scope values your IdP supports and how to separate multiple + // values, see the documentation for your IdP. + Scope *string `type:"string"` + + // The name of the cookie used to maintain session information. The default + // is AWSELBAuthSessionCookie. + SessionCookieName *string `type:"string"` + + // The maximum duration of the authentication session, in seconds. The default + // is 604800 seconds (7 days). + SessionTimeout *int64 `type:"long"` + + // The Amazon Resource Name (ARN) of the Amazon Cognito user pool. + // + // UserPoolArn is a required field + UserPoolArn *string `type:"string" required:"true"` + + // The ID of the Amazon Cognito user pool client. + // + // UserPoolClientId is a required field + UserPoolClientId *string `type:"string" required:"true"` + + // The domain prefix or fully-qualified domain name of the Amazon Cognito user + // pool. + // + // UserPoolDomain is a required field + UserPoolDomain *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthenticateCognitoActionConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthenticateCognitoActionConfig) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AuthenticateCognitoActionConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AuthenticateCognitoActionConfig"} + if s.UserPoolArn == nil { + invalidParams.Add(request.NewErrParamRequired("UserPoolArn")) + } + if s.UserPoolClientId == nil { + invalidParams.Add(request.NewErrParamRequired("UserPoolClientId")) + } + if s.UserPoolDomain == nil { + invalidParams.Add(request.NewErrParamRequired("UserPoolDomain")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value. +func (s *AuthenticateCognitoActionConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *AuthenticateCognitoActionConfig { + s.AuthenticationRequestExtraParams = v + return s +} + +// SetOnUnauthenticatedRequest sets the OnUnauthenticatedRequest field's value. +func (s *AuthenticateCognitoActionConfig) SetOnUnauthenticatedRequest(v string) *AuthenticateCognitoActionConfig { + s.OnUnauthenticatedRequest = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *AuthenticateCognitoActionConfig) SetScope(v string) *AuthenticateCognitoActionConfig { + s.Scope = &v + return s +} + +// SetSessionCookieName sets the SessionCookieName field's value. +func (s *AuthenticateCognitoActionConfig) SetSessionCookieName(v string) *AuthenticateCognitoActionConfig { + s.SessionCookieName = &v + return s +} + +// SetSessionTimeout sets the SessionTimeout field's value. +func (s *AuthenticateCognitoActionConfig) SetSessionTimeout(v int64) *AuthenticateCognitoActionConfig { + s.SessionTimeout = &v + return s +} + +// SetUserPoolArn sets the UserPoolArn field's value. +func (s *AuthenticateCognitoActionConfig) SetUserPoolArn(v string) *AuthenticateCognitoActionConfig { + s.UserPoolArn = &v + return s +} + +// SetUserPoolClientId sets the UserPoolClientId field's value. +func (s *AuthenticateCognitoActionConfig) SetUserPoolClientId(v string) *AuthenticateCognitoActionConfig { + s.UserPoolClientId = &v + return s +} + +// SetUserPoolDomain sets the UserPoolDomain field's value. +func (s *AuthenticateCognitoActionConfig) SetUserPoolDomain(v string) *AuthenticateCognitoActionConfig { + s.UserPoolDomain = &v + return s +} + +// Request parameters when using an identity provider (IdP) that is compliant +// with OpenID Connect (OIDC) to authenticate users. +type AuthenticateOidcActionConfig struct { + _ struct{} `type:"structure"` + + // The query parameters (up to 10) to include in the redirect request to the + // authorization endpoint. + AuthenticationRequestExtraParams map[string]*string `type:"map"` + + // The authorization endpoint of the IdP. This must be a full URL, including + // the HTTPS protocol, the domain, and the path. + // + // AuthorizationEndpoint is a required field + AuthorizationEndpoint *string `type:"string" required:"true"` + + // The OAuth 2.0 client identifier. + // + // ClientId is a required field + ClientId *string `type:"string" required:"true"` + + // The OAuth 2.0 client secret. This parameter is required if you are creating + // a rule. If you are modifying a rule, you can omit this parameter if you set + // UseExistingClientSecret to true. + ClientSecret *string `type:"string"` + + // The OIDC issuer identifier of the IdP. This must be a full URL, including + // the HTTPS protocol, the domain, and the path. + // + // Issuer is a required field + Issuer *string `type:"string" required:"true"` + + // The behavior if the user is not authenticated. The following are possible + // values: + // + // * deny - Return an HTTP 401 Unauthorized error. + // + // * allow - Allow the request to be forwarded to the target. + // + // * authenticate - Redirect the request to the IdP authorization endpoint. + // This is the default value. + OnUnauthenticatedRequest *string `type:"string" enum:"AuthenticateOidcActionConditionalBehaviorEnum"` + + // The set of user claims to be requested from the IdP. The default is openid. + // + // To verify which scope values your IdP supports and how to separate multiple + // values, see the documentation for your IdP. + Scope *string `type:"string"` + + // The name of the cookie used to maintain session information. The default + // is AWSELBAuthSessionCookie. + SessionCookieName *string `type:"string"` + + // The maximum duration of the authentication session, in seconds. The default + // is 604800 seconds (7 days). + SessionTimeout *int64 `type:"long"` + + // The token endpoint of the IdP. This must be a full URL, including the HTTPS + // protocol, the domain, and the path. + // + // TokenEndpoint is a required field + TokenEndpoint *string `type:"string" required:"true"` + + // Indicates whether to use the existing client secret when modifying a rule. + // If you are creating a rule, you can omit this parameter or set it to false. + UseExistingClientSecret *bool `type:"boolean"` + + // The user info endpoint of the IdP. This must be a full URL, including the + // HTTPS protocol, the domain, and the path. + // + // UserInfoEndpoint is a required field + UserInfoEndpoint *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthenticateOidcActionConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthenticateOidcActionConfig) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AuthenticateOidcActionConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AuthenticateOidcActionConfig"} + if s.AuthorizationEndpoint == nil { + invalidParams.Add(request.NewErrParamRequired("AuthorizationEndpoint")) + } + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.Issuer == nil { + invalidParams.Add(request.NewErrParamRequired("Issuer")) + } + if s.TokenEndpoint == nil { + invalidParams.Add(request.NewErrParamRequired("TokenEndpoint")) + } + if s.UserInfoEndpoint == nil { + invalidParams.Add(request.NewErrParamRequired("UserInfoEndpoint")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value. +func (s *AuthenticateOidcActionConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *AuthenticateOidcActionConfig { + s.AuthenticationRequestExtraParams = v + return s +} + +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *AuthenticateOidcActionConfig) SetAuthorizationEndpoint(v string) *AuthenticateOidcActionConfig { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *AuthenticateOidcActionConfig) SetClientId(v string) *AuthenticateOidcActionConfig { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *AuthenticateOidcActionConfig) SetClientSecret(v string) *AuthenticateOidcActionConfig { + s.ClientSecret = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *AuthenticateOidcActionConfig) SetIssuer(v string) *AuthenticateOidcActionConfig { + s.Issuer = &v + return s +} + +// SetOnUnauthenticatedRequest sets the OnUnauthenticatedRequest field's value. +func (s *AuthenticateOidcActionConfig) SetOnUnauthenticatedRequest(v string) *AuthenticateOidcActionConfig { + s.OnUnauthenticatedRequest = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *AuthenticateOidcActionConfig) SetScope(v string) *AuthenticateOidcActionConfig { + s.Scope = &v + return s +} + +// SetSessionCookieName sets the SessionCookieName field's value. +func (s *AuthenticateOidcActionConfig) SetSessionCookieName(v string) *AuthenticateOidcActionConfig { + s.SessionCookieName = &v + return s +} + +// SetSessionTimeout sets the SessionTimeout field's value. +func (s *AuthenticateOidcActionConfig) SetSessionTimeout(v int64) *AuthenticateOidcActionConfig { + s.SessionTimeout = &v + return s +} + +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *AuthenticateOidcActionConfig) SetTokenEndpoint(v string) *AuthenticateOidcActionConfig { + s.TokenEndpoint = &v + return s +} + +// SetUseExistingClientSecret sets the UseExistingClientSecret field's value. +func (s *AuthenticateOidcActionConfig) SetUseExistingClientSecret(v bool) *AuthenticateOidcActionConfig { + s.UseExistingClientSecret = &v + return s +} + +// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. +func (s *AuthenticateOidcActionConfig) SetUserInfoEndpoint(v string) *AuthenticateOidcActionConfig { + s.UserInfoEndpoint = &v + return s +} + +// Information about an Availability Zone. +type AvailabilityZone struct { + _ struct{} `type:"structure"` + + // [Network Load Balancers] If you need static IP addresses for your load balancer, + // you can specify one Elastic IP address per Availability Zone when you create + // an internal-facing load balancer. For internal load balancers, you can specify + // a private IP address from the IPv4 range of the subnet. + LoadBalancerAddresses []*LoadBalancerAddress `type:"list"` + + // [Application Load Balancers on Outposts] The ID of the Outpost. + OutpostId *string `type:"string"` + + // The ID of the subnet. You can specify one subnet per Availability Zone. + SubnetId *string `type:"string"` + + // The name of the Availability Zone. + ZoneName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AvailabilityZone) String() string { + return awsutil.Prettify(s) } -// Information about an action. +// GoString returns the string representation. // -// Each rule must include exactly one of the following types of actions: forward, -// fixed-response, or redirect, and it must be the last action to be performed. -type Action struct { +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AvailabilityZone) GoString() string { + return s.String() +} + +// SetLoadBalancerAddresses sets the LoadBalancerAddresses field's value. +func (s *AvailabilityZone) SetLoadBalancerAddresses(v []*LoadBalancerAddress) *AvailabilityZone { + s.LoadBalancerAddresses = v + return s +} + +// SetOutpostId sets the OutpostId field's value. +func (s *AvailabilityZone) SetOutpostId(v string) *AvailabilityZone { + s.OutpostId = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *AvailabilityZone) SetSubnetId(v string) *AvailabilityZone { + s.SubnetId = &v + return s +} + +// SetZoneName sets the ZoneName field's value. +func (s *AvailabilityZone) SetZoneName(v string) *AvailabilityZone { + s.ZoneName = &v + return s +} + +// Information about an SSL server certificate. +type Certificate struct { _ struct{} `type:"structure"` - // [HTTPS listeners] Information for using Amazon Cognito to authenticate users. - // Specify only when Type is authenticate-cognito. - AuthenticateCognitoConfig *AuthenticateCognitoActionConfig `type:"structure"` + // The Amazon Resource Name (ARN) of the certificate. + CertificateArn *string `type:"string"` - // [HTTPS listeners] Information about an identity provider that is compliant - // with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc. - AuthenticateOidcConfig *AuthenticateOidcActionConfig `type:"structure"` + // Indicates whether the certificate is the default certificate. Do not set + // this value when specifying a certificate as an input. This value is not included + // in the output when describing a listener, but is included when describing + // listener certificates. + IsDefault *bool `type:"boolean"` +} - // [Application Load Balancer] Information for creating an action that returns - // a custom HTTP response. Specify only when Type is fixed-response. - FixedResponseConfig *FixedResponseActionConfig `type:"structure"` +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Certificate) String() string { + return awsutil.Prettify(s) +} - // Information for creating an action that distributes requests among one or - // more target groups. For Network Load Balancers, you can specify a single - // target group. Specify only when Type is forward. If you specify both ForwardConfig - // and TargetGroupArn, you can specify only one target group using ForwardConfig - // and it must be the same target group specified in TargetGroupArn. - ForwardConfig *ForwardActionConfig `type:"structure"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Certificate) GoString() string { + return s.String() +} - // The order for the action. This value is required for rules with multiple - // actions. The action with the lowest value for order is performed first. - Order *int64 `min:"1" type:"integer"` +// SetCertificateArn sets the CertificateArn field's value. +func (s *Certificate) SetCertificateArn(v string) *Certificate { + s.CertificateArn = &v + return s +} - // [Application Load Balancer] Information for creating a redirect action. Specify - // only when Type is redirect. - RedirectConfig *RedirectActionConfig `type:"structure"` +// SetIsDefault sets the IsDefault field's value. +func (s *Certificate) SetIsDefault(v bool) *Certificate { + s.IsDefault = &v + return s +} - // The Amazon Resource Name (ARN) of the target group. Specify only when Type - // is forward and you want to route to a single target group. To route to one - // or more target groups, use ForwardConfig instead. - TargetGroupArn *string `type:"string"` +// Information about a cipher used in a policy. +type Cipher struct { + _ struct{} `type:"structure"` - // The type of action. + // The name of the cipher. + Name *string `type:"string"` + + // The priority of the cipher. + Priority *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Cipher) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Cipher) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *Cipher) SetName(v string) *Cipher { + s.Name = &v + return s +} + +// SetPriority sets the Priority field's value. +func (s *Cipher) SetPriority(v int64) *Cipher { + s.Priority = &v + return s +} + +type CreateListenerInput struct { + _ struct{} `type:"structure"` + + // [TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) + // policy. You can specify one policy name. The following are the possible values: // - // Type is a required field - Type *string `type:"string" required:"true" enum:"ActionTypeEnum"` + // * HTTP1Only + // + // * HTTP2Only + // + // * HTTP2Optional + // + // * HTTP2Preferred + // + // * None + // + // For more information, see ALPN policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#alpn-policies) + // in the Network Load Balancers Guide. + AlpnPolicy []*string `type:"list"` + + // [HTTPS and TLS listeners] The default certificate for the listener. You must + // provide exactly one certificate. Set CertificateArn to the certificate ARN + // but do not set IsDefault. + Certificates []*Certificate `type:"list"` + + // The actions for the default rule. + // + // DefaultActions is a required field + DefaultActions []*Action `type:"list" required:"true"` + + // The Amazon Resource Name (ARN) of the load balancer. + // + // LoadBalancerArn is a required field + LoadBalancerArn *string `type:"string" required:"true"` + + // The mutual authentication configuration information. + MutualAuthentication *MutualAuthenticationAttributes `type:"structure"` + + // The port on which the load balancer is listening. You cannot specify a port + // for a Gateway Load Balancer. + Port *int64 `min:"1" type:"integer"` + + // The protocol for connections from clients to the load balancer. For Application + // Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load + // Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t + // specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot + // specify a protocol for a Gateway Load Balancer. + Protocol *string `type:"string" enum:"ProtocolEnum"` + + // [HTTPS and TLS listeners] The security policy that defines which protocols + // and ciphers are supported. + // + // For more information, see Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) + // in the Application Load Balancers Guide and Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) + // in the Network Load Balancers Guide. + SslPolicy *string `type:"string"` + + // The tags to assign to the listener. + Tags []*Tag `min:"1" type:"list"` } // String returns the string representation. @@ -3470,7 +5468,7 @@ type Action struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Action) String() string { +func (s CreateListenerInput) String() string { return awsutil.Prettify(s) } @@ -3479,37 +5477,43 @@ func (s Action) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Action) GoString() string { +func (s CreateListenerInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *Action) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "Action"} - if s.Order != nil && *s.Order < 1 { - invalidParams.Add(request.NewErrParamMinValue("Order", 1)) - } - if s.Type == nil { - invalidParams.Add(request.NewErrParamRequired("Type")) +func (s *CreateListenerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateListenerInput"} + if s.DefaultActions == nil { + invalidParams.Add(request.NewErrParamRequired("DefaultActions")) } - if s.AuthenticateCognitoConfig != nil { - if err := s.AuthenticateCognitoConfig.Validate(); err != nil { - invalidParams.AddNested("AuthenticateCognitoConfig", err.(request.ErrInvalidParams)) - } + if s.LoadBalancerArn == nil { + invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) } - if s.AuthenticateOidcConfig != nil { - if err := s.AuthenticateOidcConfig.Validate(); err != nil { - invalidParams.AddNested("AuthenticateOidcConfig", err.(request.ErrInvalidParams)) - } + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) } - if s.FixedResponseConfig != nil { - if err := s.FixedResponseConfig.Validate(); err != nil { - invalidParams.AddNested("FixedResponseConfig", err.(request.ErrInvalidParams)) + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.DefaultActions != nil { + for i, v := range s.DefaultActions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "DefaultActions", i), err.(request.ErrInvalidParams)) + } } } - if s.RedirectConfig != nil { - if err := s.RedirectConfig.Validate(); err != nil { - invalidParams.AddNested("RedirectConfig", err.(request.ErrInvalidParams)) + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } } } @@ -3519,67 +5523,177 @@ func (s *Action) Validate() error { return nil } -// SetAuthenticateCognitoConfig sets the AuthenticateCognitoConfig field's value. -func (s *Action) SetAuthenticateCognitoConfig(v *AuthenticateCognitoActionConfig) *Action { - s.AuthenticateCognitoConfig = v +// SetAlpnPolicy sets the AlpnPolicy field's value. +func (s *CreateListenerInput) SetAlpnPolicy(v []*string) *CreateListenerInput { + s.AlpnPolicy = v return s } -// SetAuthenticateOidcConfig sets the AuthenticateOidcConfig field's value. -func (s *Action) SetAuthenticateOidcConfig(v *AuthenticateOidcActionConfig) *Action { - s.AuthenticateOidcConfig = v +// SetCertificates sets the Certificates field's value. +func (s *CreateListenerInput) SetCertificates(v []*Certificate) *CreateListenerInput { + s.Certificates = v return s } -// SetFixedResponseConfig sets the FixedResponseConfig field's value. -func (s *Action) SetFixedResponseConfig(v *FixedResponseActionConfig) *Action { - s.FixedResponseConfig = v +// SetDefaultActions sets the DefaultActions field's value. +func (s *CreateListenerInput) SetDefaultActions(v []*Action) *CreateListenerInput { + s.DefaultActions = v return s } -// SetForwardConfig sets the ForwardConfig field's value. -func (s *Action) SetForwardConfig(v *ForwardActionConfig) *Action { - s.ForwardConfig = v +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *CreateListenerInput) SetLoadBalancerArn(v string) *CreateListenerInput { + s.LoadBalancerArn = &v return s } -// SetOrder sets the Order field's value. -func (s *Action) SetOrder(v int64) *Action { - s.Order = &v +// SetMutualAuthentication sets the MutualAuthentication field's value. +func (s *CreateListenerInput) SetMutualAuthentication(v *MutualAuthenticationAttributes) *CreateListenerInput { + s.MutualAuthentication = v return s } -// SetRedirectConfig sets the RedirectConfig field's value. -func (s *Action) SetRedirectConfig(v *RedirectActionConfig) *Action { - s.RedirectConfig = v +// SetPort sets the Port field's value. +func (s *CreateListenerInput) SetPort(v int64) *CreateListenerInput { + s.Port = &v return s } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *Action) SetTargetGroupArn(v string) *Action { - s.TargetGroupArn = &v +// SetProtocol sets the Protocol field's value. +func (s *CreateListenerInput) SetProtocol(v string) *CreateListenerInput { + s.Protocol = &v return s } -// SetType sets the Type field's value. -func (s *Action) SetType(v string) *Action { - s.Type = &v +// SetSslPolicy sets the SslPolicy field's value. +func (s *CreateListenerInput) SetSslPolicy(v string) *CreateListenerInput { + s.SslPolicy = &v return s } -type AddListenerCertificatesInput struct { +// SetTags sets the Tags field's value. +func (s *CreateListenerInput) SetTags(v []*Tag) *CreateListenerInput { + s.Tags = v + return s +} + +type CreateListenerOutput struct { _ struct{} `type:"structure"` - // The certificate to add. You can specify one certificate per call. Set CertificateArn - // to the certificate ARN but do not set IsDefault. + // Information about the listener. + Listeners []*Listener `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateListenerOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateListenerOutput) GoString() string { + return s.String() +} + +// SetListeners sets the Listeners field's value. +func (s *CreateListenerOutput) SetListeners(v []*Listener) *CreateListenerOutput { + s.Listeners = v + return s +} + +type CreateLoadBalancerInput struct { + _ struct{} `type:"structure"` + + // [Application Load Balancers on Outposts] The ID of the customer-owned address + // pool (CoIP pool). + CustomerOwnedIpv4Pool *string `type:"string"` + + // The type of IP addresses used by the subnets for your load balancer. The + // possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and + // IPv6 addresses). + IpAddressType *string `type:"string" enum:"IpAddressType"` + + // The name of the load balancer. // - // Certificates is a required field - Certificates []*Certificate `type:"list" required:"true"` + // This name must be unique per region per account, can have a maximum of 32 + // characters, must contain only alphanumeric characters or hyphens, must not + // begin or end with a hyphen, and must not begin with "internal-". + // + // Name is a required field + Name *string `type:"string" required:"true"` - // The Amazon Resource Name (ARN) of the listener. + // The nodes of an Internet-facing load balancer have public IP addresses. The + // DNS name of an Internet-facing load balancer is publicly resolvable to the + // public IP addresses of the nodes. Therefore, Internet-facing load balancers + // can route requests from clients over the internet. // - // ListenerArn is a required field - ListenerArn *string `type:"string" required:"true"` + // The nodes of an internal load balancer have only private IP addresses. The + // DNS name of an internal load balancer is publicly resolvable to the private + // IP addresses of the nodes. Therefore, internal load balancers can route requests + // only from clients with access to the VPC for the load balancer. + // + // The default is an Internet-facing load balancer. + // + // You cannot specify a scheme for a Gateway Load Balancer. + Scheme *string `type:"string" enum:"LoadBalancerSchemeEnum"` + + // [Application Load Balancers and Network Load Balancers] The IDs of the security + // groups for the load balancer. + SecurityGroups []*string `type:"list"` + + // The IDs of the public subnets. You can specify only one subnet per Availability + // Zone. You must specify either subnets or subnet mappings, but not both. + // + // [Application Load Balancers] You must specify subnets from at least two Availability + // Zones. You cannot specify Elastic IP addresses for your subnets. + // + // [Application Load Balancers on Outposts] You must specify one Outpost subnet. + // + // [Application Load Balancers on Local Zones] You can specify subnets from + // one or more Local Zones. + // + // [Network Load Balancers] You can specify subnets from one or more Availability + // Zones. You can specify one Elastic IP address per subnet if you need static + // IP addresses for your internet-facing load balancer. For internal load balancers, + // you can specify one private IP address per subnet from the IPv4 range of + // the subnet. For internet-facing load balancer, you can specify one IPv6 address + // per subnet. + // + // [Gateway Load Balancers] You can specify subnets from one or more Availability + // Zones. You cannot specify Elastic IP addresses for your subnets. + SubnetMappings []*SubnetMapping `type:"list"` + + // The IDs of the public subnets. You can specify only one subnet per Availability + // Zone. You must specify either subnets or subnet mappings, but not both. To + // specify an Elastic IP address, specify subnet mappings instead of subnets. + // + // [Application Load Balancers] You must specify subnets from at least two Availability + // Zones. + // + // [Application Load Balancers on Outposts] You must specify one Outpost subnet. + // + // [Application Load Balancers on Local Zones] You can specify subnets from + // one or more Local Zones. + // + // [Network Load Balancers] You can specify subnets from one or more Availability + // Zones. + // + // [Gateway Load Balancers] You can specify subnets from one or more Availability + // Zones. + Subnets []*string `type:"list"` + + // The tags to assign to the load balancer. + Tags []*Tag `min:"1" type:"list"` + + // The type of load balancer. The default is application. + Type *string `type:"string" enum:"LoadBalancerTypeEnum"` } // String returns the string representation. @@ -3587,7 +5701,7 @@ type AddListenerCertificatesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddListenerCertificatesInput) String() string { +func (s CreateLoadBalancerInput) String() string { return awsutil.Prettify(s) } @@ -3596,18 +5710,28 @@ func (s AddListenerCertificatesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddListenerCertificatesInput) GoString() string { +func (s CreateLoadBalancerInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *AddListenerCertificatesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AddListenerCertificatesInput"} - if s.Certificates == nil { - invalidParams.Add(request.NewErrParamRequired("Certificates")) +func (s *CreateLoadBalancerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateLoadBalancerInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) } - if s.ListenerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -3616,23 +5740,65 @@ func (s *AddListenerCertificatesInput) Validate() error { return nil } -// SetCertificates sets the Certificates field's value. -func (s *AddListenerCertificatesInput) SetCertificates(v []*Certificate) *AddListenerCertificatesInput { - s.Certificates = v +// SetCustomerOwnedIpv4Pool sets the CustomerOwnedIpv4Pool field's value. +func (s *CreateLoadBalancerInput) SetCustomerOwnedIpv4Pool(v string) *CreateLoadBalancerInput { + s.CustomerOwnedIpv4Pool = &v + return s +} + +// SetIpAddressType sets the IpAddressType field's value. +func (s *CreateLoadBalancerInput) SetIpAddressType(v string) *CreateLoadBalancerInput { + s.IpAddressType = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateLoadBalancerInput) SetName(v string) *CreateLoadBalancerInput { + s.Name = &v + return s +} + +// SetScheme sets the Scheme field's value. +func (s *CreateLoadBalancerInput) SetScheme(v string) *CreateLoadBalancerInput { + s.Scheme = &v + return s +} + +// SetSecurityGroups sets the SecurityGroups field's value. +func (s *CreateLoadBalancerInput) SetSecurityGroups(v []*string) *CreateLoadBalancerInput { + s.SecurityGroups = v + return s +} + +// SetSubnetMappings sets the SubnetMappings field's value. +func (s *CreateLoadBalancerInput) SetSubnetMappings(v []*SubnetMapping) *CreateLoadBalancerInput { + s.SubnetMappings = v + return s +} + +// SetSubnets sets the Subnets field's value. +func (s *CreateLoadBalancerInput) SetSubnets(v []*string) *CreateLoadBalancerInput { + s.Subnets = v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateLoadBalancerInput) SetTags(v []*Tag) *CreateLoadBalancerInput { + s.Tags = v return s } -// SetListenerArn sets the ListenerArn field's value. -func (s *AddListenerCertificatesInput) SetListenerArn(v string) *AddListenerCertificatesInput { - s.ListenerArn = &v +// SetType sets the Type field's value. +func (s *CreateLoadBalancerInput) SetType(v string) *CreateLoadBalancerInput { + s.Type = &v return s } -type AddListenerCertificatesOutput struct { +type CreateLoadBalancerOutput struct { _ struct{} `type:"structure"` - // Information about the certificates in the certificate list. - Certificates []*Certificate `type:"list"` + // Information about the load balancer. + LoadBalancers []*LoadBalancer `type:"list"` } // String returns the string representation. @@ -3640,7 +5806,7 @@ type AddListenerCertificatesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddListenerCertificatesOutput) String() string { +func (s CreateLoadBalancerOutput) String() string { return awsutil.Prettify(s) } @@ -3649,28 +5815,41 @@ func (s AddListenerCertificatesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddListenerCertificatesOutput) GoString() string { +func (s CreateLoadBalancerOutput) GoString() string { return s.String() } -// SetCertificates sets the Certificates field's value. -func (s *AddListenerCertificatesOutput) SetCertificates(v []*Certificate) *AddListenerCertificatesOutput { - s.Certificates = v +// SetLoadBalancers sets the LoadBalancers field's value. +func (s *CreateLoadBalancerOutput) SetLoadBalancers(v []*LoadBalancer) *CreateLoadBalancerOutput { + s.LoadBalancers = v return s } -type AddTagsInput struct { +type CreateRuleInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the resource. + // The actions. // - // ResourceArns is a required field - ResourceArns []*string `type:"list" required:"true"` + // Actions is a required field + Actions []*Action `type:"list" required:"true"` - // The tags. + // The conditions. // - // Tags is a required field - Tags []*Tag `min:"1" type:"list" required:"true"` + // Conditions is a required field + Conditions []*RuleCondition `type:"list" required:"true"` + + // The Amazon Resource Name (ARN) of the listener. + // + // ListenerArn is a required field + ListenerArn *string `type:"string" required:"true"` + + // The rule priority. A listener can't have multiple rules with the same priority. + // + // Priority is a required field + Priority *int64 `min:"1" type:"integer" required:"true"` + + // The tags to assign to the rule. + Tags []*Tag `min:"1" type:"list"` } // String returns the string representation. @@ -3678,7 +5857,7 @@ type AddTagsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddTagsInput) String() string { +func (s CreateRuleInput) String() string { return awsutil.Prettify(s) } @@ -3687,22 +5866,41 @@ func (s AddTagsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AddTagsInput) GoString() string { +func (s CreateRuleInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *AddTagsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AddTagsInput"} - if s.ResourceArns == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceArns")) +func (s *CreateRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateRuleInput"} + if s.Actions == nil { + invalidParams.Add(request.NewErrParamRequired("Actions")) } - if s.Tags == nil { - invalidParams.Add(request.NewErrParamRequired("Tags")) + if s.Conditions == nil { + invalidParams.Add(request.NewErrParamRequired("Conditions")) + } + if s.ListenerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + } + if s.Priority == nil { + invalidParams.Add(request.NewErrParamRequired("Priority")) + } + if s.Priority != nil && *s.Priority < 1 { + invalidParams.Add(request.NewErrParamMinValue("Priority", 1)) } if s.Tags != nil && len(s.Tags) < 1 { invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) } + if s.Actions != nil { + for i, v := range s.Actions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Actions", i), err.(request.ErrInvalidParams)) + } + } + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -3720,89 +5918,41 @@ func (s *AddTagsInput) Validate() error { return nil } -// SetResourceArns sets the ResourceArns field's value. -func (s *AddTagsInput) SetResourceArns(v []*string) *AddTagsInput { - s.ResourceArns = v +// SetActions sets the Actions field's value. +func (s *CreateRuleInput) SetActions(v []*Action) *CreateRuleInput { + s.Actions = v return s } -// SetTags sets the Tags field's value. -func (s *AddTagsInput) SetTags(v []*Tag) *AddTagsInput { - s.Tags = v +// SetConditions sets the Conditions field's value. +func (s *CreateRuleInput) SetConditions(v []*RuleCondition) *CreateRuleInput { + s.Conditions = v return s } -type AddTagsOutput struct { - _ struct{} `type:"structure"` +// SetListenerArn sets the ListenerArn field's value. +func (s *CreateRuleInput) SetListenerArn(v string) *CreateRuleInput { + s.ListenerArn = &v + return s } -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AddTagsOutput) String() string { - return awsutil.Prettify(s) +// SetPriority sets the Priority field's value. +func (s *CreateRuleInput) SetPriority(v int64) *CreateRuleInput { + s.Priority = &v + return s } -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AddTagsOutput) GoString() string { - return s.String() +// SetTags sets the Tags field's value. +func (s *CreateRuleInput) SetTags(v []*Tag) *CreateRuleInput { + s.Tags = v + return s } -// Request parameters to use when integrating with Amazon Cognito to authenticate -// users. -type AuthenticateCognitoActionConfig struct { +type CreateRuleOutput struct { _ struct{} `type:"structure"` - // The query parameters (up to 10) to include in the redirect request to the - // authorization endpoint. - AuthenticationRequestExtraParams map[string]*string `type:"map"` - - // The behavior if the user is not authenticated. The following are possible - // values: - // - // * deny - Return an HTTP 401 Unauthorized error. - // - // * allow - Allow the request to be forwarded to the target. - // - // * authenticate - Redirect the request to the IdP authorization endpoint. - // This is the default value. - OnUnauthenticatedRequest *string `type:"string" enum:"AuthenticateCognitoActionConditionalBehaviorEnum"` - - // The set of user claims to be requested from the IdP. The default is openid. - // - // To verify which scope values your IdP supports and how to separate multiple - // values, see the documentation for your IdP. - Scope *string `type:"string"` - - // The name of the cookie used to maintain session information. The default - // is AWSELBAuthSessionCookie. - SessionCookieName *string `type:"string"` - - // The maximum duration of the authentication session, in seconds. The default - // is 604800 seconds (7 days). - SessionTimeout *int64 `type:"long"` - - // The Amazon Resource Name (ARN) of the Amazon Cognito user pool. - // - // UserPoolArn is a required field - UserPoolArn *string `type:"string" required:"true"` - - // The ID of the Amazon Cognito user pool client. - // - // UserPoolClientId is a required field - UserPoolClientId *string `type:"string" required:"true"` - - // The domain prefix or fully-qualified domain name of the Amazon Cognito user - // pool. - // - // UserPoolDomain is a required field - UserPoolDomain *string `type:"string" required:"true"` + // Information about the rule. + Rules []*Rule `type:"list"` } // String returns the string representation. @@ -3810,7 +5960,7 @@ type AuthenticateCognitoActionConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AuthenticateCognitoActionConfig) String() string { +func (s CreateRuleOutput) String() string { return awsutil.Prettify(s) } @@ -3819,148 +5969,137 @@ func (s AuthenticateCognitoActionConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AuthenticateCognitoActionConfig) GoString() string { +func (s CreateRuleOutput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *AuthenticateCognitoActionConfig) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AuthenticateCognitoActionConfig"} - if s.UserPoolArn == nil { - invalidParams.Add(request.NewErrParamRequired("UserPoolArn")) - } - if s.UserPoolClientId == nil { - invalidParams.Add(request.NewErrParamRequired("UserPoolClientId")) - } - if s.UserPoolDomain == nil { - invalidParams.Add(request.NewErrParamRequired("UserPoolDomain")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value. -func (s *AuthenticateCognitoActionConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *AuthenticateCognitoActionConfig { - s.AuthenticationRequestExtraParams = v - return s -} - -// SetOnUnauthenticatedRequest sets the OnUnauthenticatedRequest field's value. -func (s *AuthenticateCognitoActionConfig) SetOnUnauthenticatedRequest(v string) *AuthenticateCognitoActionConfig { - s.OnUnauthenticatedRequest = &v - return s -} - -// SetScope sets the Scope field's value. -func (s *AuthenticateCognitoActionConfig) SetScope(v string) *AuthenticateCognitoActionConfig { - s.Scope = &v - return s -} - -// SetSessionCookieName sets the SessionCookieName field's value. -func (s *AuthenticateCognitoActionConfig) SetSessionCookieName(v string) *AuthenticateCognitoActionConfig { - s.SessionCookieName = &v +// SetRules sets the Rules field's value. +func (s *CreateRuleOutput) SetRules(v []*Rule) *CreateRuleOutput { + s.Rules = v return s } -// SetSessionTimeout sets the SessionTimeout field's value. -func (s *AuthenticateCognitoActionConfig) SetSessionTimeout(v int64) *AuthenticateCognitoActionConfig { - s.SessionTimeout = &v - return s -} +type CreateTargetGroupInput struct { + _ struct{} `type:"structure"` -// SetUserPoolArn sets the UserPoolArn field's value. -func (s *AuthenticateCognitoActionConfig) SetUserPoolArn(v string) *AuthenticateCognitoActionConfig { - s.UserPoolArn = &v - return s -} + // Indicates whether health checks are enabled. If the target type is lambda, + // health checks are disabled by default but can be enabled. If the target type + // is instance, ip, or alb, health checks are always enabled and cannot be disabled. + HealthCheckEnabled *bool `type:"boolean"` -// SetUserPoolClientId sets the UserPoolClientId field's value. -func (s *AuthenticateCognitoActionConfig) SetUserPoolClientId(v string) *AuthenticateCognitoActionConfig { - s.UserPoolClientId = &v - return s -} + // The approximate amount of time, in seconds, between health checks of an individual + // target. The range is 5-300. If the target group protocol is TCP, TLS, UDP, + // TCP_UDP, HTTP or HTTPS, the default is 30 seconds. If the target group protocol + // is GENEVE, the default is 10 seconds. If the target type is lambda, the default + // is 35 seconds. + HealthCheckIntervalSeconds *int64 `min:"5" type:"integer"` -// SetUserPoolDomain sets the UserPoolDomain field's value. -func (s *AuthenticateCognitoActionConfig) SetUserPoolDomain(v string) *AuthenticateCognitoActionConfig { - s.UserPoolDomain = &v - return s -} + // [HTTP/HTTPS health checks] The destination for health checks on the targets. + // + // [HTTP1 or HTTP2 protocol version] The ping path. The default is /. + // + // [GRPC protocol version] The path of a custom health check method with the + // format /package.service/method. The default is /Amazon Web Services.ALB/healthcheck. + HealthCheckPath *string `min:"1" type:"string"` -// Request parameters when using an identity provider (IdP) that is compliant -// with OpenID Connect (OIDC) to authenticate users. -type AuthenticateOidcActionConfig struct { - _ struct{} `type:"structure"` + // The port the load balancer uses when performing health checks on targets. + // If the protocol is HTTP, HTTPS, TCP, TLS, UDP, or TCP_UDP, the default is + // traffic-port, which is the port on which each target receives traffic from + // the load balancer. If the protocol is GENEVE, the default is port 80. + HealthCheckPort *string `type:"string"` - // The query parameters (up to 10) to include in the redirect request to the - // authorization endpoint. - AuthenticationRequestExtraParams map[string]*string `type:"map"` + // The protocol the load balancer uses when performing health checks on targets. + // For Application Load Balancers, the default is HTTP. For Network Load Balancers + // and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported + // for health checks if the protocol of the target group is HTTP or HTTPS. The + // GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks. + HealthCheckProtocol *string `type:"string" enum:"ProtocolEnum"` - // The authorization endpoint of the IdP. This must be a full URL, including - // the HTTPS protocol, the domain, and the path. - // - // AuthorizationEndpoint is a required field - AuthorizationEndpoint *string `type:"string" required:"true"` + // The amount of time, in seconds, during which no response from a target means + // a failed health check. The range is 2–120 seconds. For target groups with + // a protocol of HTTP, the default is 6 seconds. For target groups with a protocol + // of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a + // protocol of GENEVE, the default is 5 seconds. If the target type is lambda, + // the default is 30 seconds. + HealthCheckTimeoutSeconds *int64 `min:"2" type:"integer"` - // The OAuth 2.0 client identifier. - // - // ClientId is a required field - ClientId *string `type:"string" required:"true"` + // The number of consecutive health check successes required before considering + // a target healthy. The range is 2-10. If the target group protocol is TCP, + // TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 5. For target groups with + // a protocol of GENEVE, the default is 5. If the target type is lambda, the + // default is 5. + HealthyThresholdCount *int64 `min:"2" type:"integer"` - // The OAuth 2.0 client secret. This parameter is required if you are creating - // a rule. If you are modifying a rule, you can omit this parameter if you set - // UseExistingClientSecret to true. - ClientSecret *string `type:"string"` + // The type of IP address used for this target group. The possible values are + // ipv4 and ipv6. This is an optional parameter. If not specified, the IP address + // type defaults to ipv4. + IpAddressType *string `type:"string" enum:"TargetGroupIpAddressTypeEnum"` - // The OIDC issuer identifier of the IdP. This must be a full URL, including - // the HTTPS protocol, the domain, and the path. - // - // Issuer is a required field - Issuer *string `type:"string" required:"true"` + // [HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for + // a successful response from a target. For target groups with a protocol of + // TCP, TCP_UDP, UDP or TLS the range is 200-599. For target groups with a protocol + // of HTTP or HTTPS, the range is 200-499. For target groups with a protocol + // of GENEVE, the range is 200-399. + Matcher *Matcher `type:"structure"` - // The behavior if the user is not authenticated. The following are possible - // values: - // - // * deny - Return an HTTP 401 Unauthorized error. + // The name of the target group. // - // * allow - Allow the request to be forwarded to the target. + // This name must be unique per region per account, can have a maximum of 32 + // characters, must contain only alphanumeric characters or hyphens, and must + // not begin or end with a hyphen. // - // * authenticate - Redirect the request to the IdP authorization endpoint. - // This is the default value. - OnUnauthenticatedRequest *string `type:"string" enum:"AuthenticateOidcActionConditionalBehaviorEnum"` + // Name is a required field + Name *string `type:"string" required:"true"` - // The set of user claims to be requested from the IdP. The default is openid. - // - // To verify which scope values your IdP supports and how to separate multiple - // values, see the documentation for your IdP. - Scope *string `type:"string"` + // The port on which the targets receive traffic. This port is used unless you + // specify a port override when registering the target. If the target is a Lambda + // function, this parameter does not apply. If the protocol is GENEVE, the supported + // port is 6081. + Port *int64 `min:"1" type:"integer"` - // The name of the cookie used to maintain session information. The default - // is AWSELBAuthSessionCookie. - SessionCookieName *string `type:"string"` + // The protocol to use for routing traffic to the targets. For Application Load + // Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, + // the supported protocols are TCP, TLS, UDP, or TCP_UDP. For Gateway Load Balancers, + // the supported protocol is GENEVE. A TCP_UDP listener must be associated with + // a TCP_UDP target group. If the target is a Lambda function, this parameter + // does not apply. + Protocol *string `type:"string" enum:"ProtocolEnum"` - // The maximum duration of the authentication session, in seconds. The default - // is 604800 seconds (7 days). - SessionTimeout *int64 `type:"long"` + // [HTTP/HTTPS protocol] The protocol version. Specify GRPC to send requests + // to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. + // The default is HTTP1, which sends requests to targets using HTTP/1.1. + ProtocolVersion *string `type:"string"` - // The token endpoint of the IdP. This must be a full URL, including the HTTPS - // protocol, the domain, and the path. + // The tags to assign to the target group. + Tags []*Tag `min:"1" type:"list"` + + // The type of target that you must specify when registering targets with this + // target group. You can't specify targets for a target group using more than + // one target type. // - // TokenEndpoint is a required field - TokenEndpoint *string `type:"string" required:"true"` + // * instance - Register targets by instance ID. This is the default value. + // + // * ip - Register targets by IP address. You can specify IP addresses from + // the subnets of the virtual private cloud (VPC) for the target group, the + // RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the + // RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP + // addresses. + // + // * lambda - Register a single Lambda function as a target. + // + // * alb - Register a single Application Load Balancer as a target. + TargetType *string `type:"string" enum:"TargetTypeEnum"` - // Indicates whether to use the existing client secret when modifying a rule. - // If you are creating a rule, you can omit this parameter or set it to false. - UseExistingClientSecret *bool `type:"boolean"` + // The number of consecutive health check failures required before considering + // a target unhealthy. The range is 2-10. If the target group protocol is TCP, + // TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 2. For target groups with + // a protocol of GENEVE, the default is 2. If the target type is lambda, the + // default is 5. + UnhealthyThresholdCount *int64 `min:"2" type:"integer"` - // The user info endpoint of the IdP. This must be a full URL, including the - // HTTPS protocol, the domain, and the path. - // - // UserInfoEndpoint is a required field - UserInfoEndpoint *string `type:"string" required:"true"` + // The identifier of the virtual private cloud (VPC). If the target is a Lambda + // function, this parameter does not apply. Otherwise, this parameter is required. + VpcId *string `type:"string"` } // String returns the string representation. @@ -3968,7 +6107,7 @@ type AuthenticateOidcActionConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AuthenticateOidcActionConfig) String() string { +func (s CreateTargetGroupInput) String() string { return awsutil.Prettify(s) } @@ -3977,27 +6116,46 @@ func (s AuthenticateOidcActionConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AuthenticateOidcActionConfig) GoString() string { +func (s CreateTargetGroupInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *AuthenticateOidcActionConfig) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AuthenticateOidcActionConfig"} - if s.AuthorizationEndpoint == nil { - invalidParams.Add(request.NewErrParamRequired("AuthorizationEndpoint")) +func (s *CreateTargetGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTargetGroupInput"} + if s.HealthCheckIntervalSeconds != nil && *s.HealthCheckIntervalSeconds < 5 { + invalidParams.Add(request.NewErrParamMinValue("HealthCheckIntervalSeconds", 5)) } - if s.ClientId == nil { - invalidParams.Add(request.NewErrParamRequired("ClientId")) + if s.HealthCheckPath != nil && len(*s.HealthCheckPath) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HealthCheckPath", 1)) } - if s.Issuer == nil { - invalidParams.Add(request.NewErrParamRequired("Issuer")) + if s.HealthCheckTimeoutSeconds != nil && *s.HealthCheckTimeoutSeconds < 2 { + invalidParams.Add(request.NewErrParamMinValue("HealthCheckTimeoutSeconds", 2)) } - if s.TokenEndpoint == nil { - invalidParams.Add(request.NewErrParamRequired("TokenEndpoint")) + if s.HealthyThresholdCount != nil && *s.HealthyThresholdCount < 2 { + invalidParams.Add(request.NewErrParamMinValue("HealthyThresholdCount", 2)) } - if s.UserInfoEndpoint == nil { - invalidParams.Add(request.NewErrParamRequired("UserInfoEndpoint")) + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.UnhealthyThresholdCount != nil && *s.UnhealthyThresholdCount < 2 { + invalidParams.Add(request.NewErrParamMinValue("UnhealthyThresholdCount", 2)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -4006,193 +6164,113 @@ func (s *AuthenticateOidcActionConfig) Validate() error { return nil } -// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value. -func (s *AuthenticateOidcActionConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *AuthenticateOidcActionConfig { - s.AuthenticationRequestExtraParams = v - return s -} - -// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. -func (s *AuthenticateOidcActionConfig) SetAuthorizationEndpoint(v string) *AuthenticateOidcActionConfig { - s.AuthorizationEndpoint = &v - return s -} - -// SetClientId sets the ClientId field's value. -func (s *AuthenticateOidcActionConfig) SetClientId(v string) *AuthenticateOidcActionConfig { - s.ClientId = &v - return s -} - -// SetClientSecret sets the ClientSecret field's value. -func (s *AuthenticateOidcActionConfig) SetClientSecret(v string) *AuthenticateOidcActionConfig { - s.ClientSecret = &v - return s -} - -// SetIssuer sets the Issuer field's value. -func (s *AuthenticateOidcActionConfig) SetIssuer(v string) *AuthenticateOidcActionConfig { - s.Issuer = &v - return s -} - -// SetOnUnauthenticatedRequest sets the OnUnauthenticatedRequest field's value. -func (s *AuthenticateOidcActionConfig) SetOnUnauthenticatedRequest(v string) *AuthenticateOidcActionConfig { - s.OnUnauthenticatedRequest = &v - return s -} - -// SetScope sets the Scope field's value. -func (s *AuthenticateOidcActionConfig) SetScope(v string) *AuthenticateOidcActionConfig { - s.Scope = &v - return s -} - -// SetSessionCookieName sets the SessionCookieName field's value. -func (s *AuthenticateOidcActionConfig) SetSessionCookieName(v string) *AuthenticateOidcActionConfig { - s.SessionCookieName = &v +// SetHealthCheckEnabled sets the HealthCheckEnabled field's value. +func (s *CreateTargetGroupInput) SetHealthCheckEnabled(v bool) *CreateTargetGroupInput { + s.HealthCheckEnabled = &v return s } -// SetSessionTimeout sets the SessionTimeout field's value. -func (s *AuthenticateOidcActionConfig) SetSessionTimeout(v int64) *AuthenticateOidcActionConfig { - s.SessionTimeout = &v +// SetHealthCheckIntervalSeconds sets the HealthCheckIntervalSeconds field's value. +func (s *CreateTargetGroupInput) SetHealthCheckIntervalSeconds(v int64) *CreateTargetGroupInput { + s.HealthCheckIntervalSeconds = &v return s } -// SetTokenEndpoint sets the TokenEndpoint field's value. -func (s *AuthenticateOidcActionConfig) SetTokenEndpoint(v string) *AuthenticateOidcActionConfig { - s.TokenEndpoint = &v +// SetHealthCheckPath sets the HealthCheckPath field's value. +func (s *CreateTargetGroupInput) SetHealthCheckPath(v string) *CreateTargetGroupInput { + s.HealthCheckPath = &v return s } -// SetUseExistingClientSecret sets the UseExistingClientSecret field's value. -func (s *AuthenticateOidcActionConfig) SetUseExistingClientSecret(v bool) *AuthenticateOidcActionConfig { - s.UseExistingClientSecret = &v +// SetHealthCheckPort sets the HealthCheckPort field's value. +func (s *CreateTargetGroupInput) SetHealthCheckPort(v string) *CreateTargetGroupInput { + s.HealthCheckPort = &v return s } -// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. -func (s *AuthenticateOidcActionConfig) SetUserInfoEndpoint(v string) *AuthenticateOidcActionConfig { - s.UserInfoEndpoint = &v +// SetHealthCheckProtocol sets the HealthCheckProtocol field's value. +func (s *CreateTargetGroupInput) SetHealthCheckProtocol(v string) *CreateTargetGroupInput { + s.HealthCheckProtocol = &v return s } -// Information about an Availability Zone. -type AvailabilityZone struct { - _ struct{} `type:"structure"` - - // [Network Load Balancers] If you need static IP addresses for your load balancer, - // you can specify one Elastic IP address per Availability Zone when you create - // an internal-facing load balancer. For internal load balancers, you can specify - // a private IP address from the IPv4 range of the subnet. - LoadBalancerAddresses []*LoadBalancerAddress `type:"list"` - - // [Application Load Balancers on Outposts] The ID of the Outpost. - OutpostId *string `type:"string"` - - // The ID of the subnet. You can specify one subnet per Availability Zone. - SubnetId *string `type:"string"` - - // The name of the Availability Zone. - ZoneName *string `type:"string"` +// SetHealthCheckTimeoutSeconds sets the HealthCheckTimeoutSeconds field's value. +func (s *CreateTargetGroupInput) SetHealthCheckTimeoutSeconds(v int64) *CreateTargetGroupInput { + s.HealthCheckTimeoutSeconds = &v + return s } -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AvailabilityZone) String() string { - return awsutil.Prettify(s) +// SetHealthyThresholdCount sets the HealthyThresholdCount field's value. +func (s *CreateTargetGroupInput) SetHealthyThresholdCount(v int64) *CreateTargetGroupInput { + s.HealthyThresholdCount = &v + return s } -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AvailabilityZone) GoString() string { - return s.String() +// SetIpAddressType sets the IpAddressType field's value. +func (s *CreateTargetGroupInput) SetIpAddressType(v string) *CreateTargetGroupInput { + s.IpAddressType = &v + return s } -// SetLoadBalancerAddresses sets the LoadBalancerAddresses field's value. -func (s *AvailabilityZone) SetLoadBalancerAddresses(v []*LoadBalancerAddress) *AvailabilityZone { - s.LoadBalancerAddresses = v +// SetMatcher sets the Matcher field's value. +func (s *CreateTargetGroupInput) SetMatcher(v *Matcher) *CreateTargetGroupInput { + s.Matcher = v return s } -// SetOutpostId sets the OutpostId field's value. -func (s *AvailabilityZone) SetOutpostId(v string) *AvailabilityZone { - s.OutpostId = &v +// SetName sets the Name field's value. +func (s *CreateTargetGroupInput) SetName(v string) *CreateTargetGroupInput { + s.Name = &v return s } -// SetSubnetId sets the SubnetId field's value. -func (s *AvailabilityZone) SetSubnetId(v string) *AvailabilityZone { - s.SubnetId = &v +// SetPort sets the Port field's value. +func (s *CreateTargetGroupInput) SetPort(v int64) *CreateTargetGroupInput { + s.Port = &v return s } -// SetZoneName sets the ZoneName field's value. -func (s *AvailabilityZone) SetZoneName(v string) *AvailabilityZone { - s.ZoneName = &v +// SetProtocol sets the Protocol field's value. +func (s *CreateTargetGroupInput) SetProtocol(v string) *CreateTargetGroupInput { + s.Protocol = &v return s } -// Information about an SSL server certificate. -type Certificate struct { - _ struct{} `type:"structure"` - - // The Amazon Resource Name (ARN) of the certificate. - CertificateArn *string `type:"string"` - - // Indicates whether the certificate is the default certificate. Do not set - // this value when specifying a certificate as an input. This value is not included - // in the output when describing a listener, but is included when describing - // listener certificates. - IsDefault *bool `type:"boolean"` +// SetProtocolVersion sets the ProtocolVersion field's value. +func (s *CreateTargetGroupInput) SetProtocolVersion(v string) *CreateTargetGroupInput { + s.ProtocolVersion = &v + return s } -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s Certificate) String() string { - return awsutil.Prettify(s) +// SetTags sets the Tags field's value. +func (s *CreateTargetGroupInput) SetTags(v []*Tag) *CreateTargetGroupInput { + s.Tags = v + return s } -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s Certificate) GoString() string { - return s.String() +// SetTargetType sets the TargetType field's value. +func (s *CreateTargetGroupInput) SetTargetType(v string) *CreateTargetGroupInput { + s.TargetType = &v + return s } -// SetCertificateArn sets the CertificateArn field's value. -func (s *Certificate) SetCertificateArn(v string) *Certificate { - s.CertificateArn = &v +// SetUnhealthyThresholdCount sets the UnhealthyThresholdCount field's value. +func (s *CreateTargetGroupInput) SetUnhealthyThresholdCount(v int64) *CreateTargetGroupInput { + s.UnhealthyThresholdCount = &v return s } -// SetIsDefault sets the IsDefault field's value. -func (s *Certificate) SetIsDefault(v bool) *Certificate { - s.IsDefault = &v +// SetVpcId sets the VpcId field's value. +func (s *CreateTargetGroupInput) SetVpcId(v string) *CreateTargetGroupInput { + s.VpcId = &v return s } -// Information about a cipher used in a policy. -type Cipher struct { +type CreateTargetGroupOutput struct { _ struct{} `type:"structure"` - // The name of the cipher. - Name *string `type:"string"` - - // The priority of the cipher. - Priority *int64 `type:"integer"` + // Information about the target group. + TargetGroups []*TargetGroup `type:"list"` } // String returns the string representation. @@ -4200,7 +6278,7 @@ type Cipher struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Cipher) String() string { +func (s CreateTargetGroupOutput) String() string { return awsutil.Prettify(s) } @@ -4209,77 +6287,41 @@ func (s Cipher) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s Cipher) GoString() string { +func (s CreateTargetGroupOutput) GoString() string { return s.String() } -// SetName sets the Name field's value. -func (s *Cipher) SetName(v string) *Cipher { - s.Name = &v - return s -} - -// SetPriority sets the Priority field's value. -func (s *Cipher) SetPriority(v int64) *Cipher { - s.Priority = &v +// SetTargetGroups sets the TargetGroups field's value. +func (s *CreateTargetGroupOutput) SetTargetGroups(v []*TargetGroup) *CreateTargetGroupOutput { + s.TargetGroups = v return s } -type CreateListenerInput struct { +type CreateTrustStoreInput struct { _ struct{} `type:"structure"` - // [TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) - // policy. You can specify one policy name. The following are the possible values: - // - // * HTTP1Only - // - // * HTTP2Only - // - // * HTTP2Optional - // - // * HTTP2Preferred - // - // * None - // - // For more information, see ALPN policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#alpn-policies) - // in the Network Load Balancers Guide. - AlpnPolicy []*string `type:"list"` - - // [HTTPS and TLS listeners] The default certificate for the listener. You must - // provide exactly one certificate. Set CertificateArn to the certificate ARN - // but do not set IsDefault. - Certificates []*Certificate `type:"list"` - - // The actions for the default rule. + // The Amazon S3 bucket for the ca certificates bundle. // - // DefaultActions is a required field - DefaultActions []*Action `type:"list" required:"true"` + // CaCertificatesBundleS3Bucket is a required field + CaCertificatesBundleS3Bucket *string `type:"string" required:"true"` - // The Amazon Resource Name (ARN) of the load balancer. + // The Amazon S3 path for the ca certificates bundle. // - // LoadBalancerArn is a required field - LoadBalancerArn *string `type:"string" required:"true"` - - // The port on which the load balancer is listening. You cannot specify a port - // for a Gateway Load Balancer. - Port *int64 `min:"1" type:"integer"` + // CaCertificatesBundleS3Key is a required field + CaCertificatesBundleS3Key *string `type:"string" required:"true"` - // The protocol for connections from clients to the load balancer. For Application - // Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load - // Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t - // specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot - // specify a protocol for a Gateway Load Balancer. - Protocol *string `type:"string" enum:"ProtocolEnum"` + // The Amazon S3 object version for the ca certificates bundle. If undefined + // the current version is used. + CaCertificatesBundleS3ObjectVersion *string `type:"string"` - // [HTTPS and TLS listeners] The security policy that defines which protocols - // and ciphers are supported. + // The name of the trust store. // - // For more information, see Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) - // in the Application Load Balancers Guide and Security policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) - // in the Network Load Balancers Guide. - SslPolicy *string `type:"string"` + // This name must be unique per region and cannot be changed after creation. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` - // The tags to assign to the listener. + // The tags to assign to the trust store. Tags []*Tag `min:"1" type:"list"` } @@ -4288,7 +6330,7 @@ type CreateListenerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateListenerInput) String() string { +func (s CreateTrustStoreInput) String() string { return awsutil.Prettify(s) } @@ -4297,35 +6339,28 @@ func (s CreateListenerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateListenerInput) GoString() string { +func (s CreateTrustStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateListenerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateListenerInput"} - if s.DefaultActions == nil { - invalidParams.Add(request.NewErrParamRequired("DefaultActions")) +func (s *CreateTrustStoreInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTrustStoreInput"} + if s.CaCertificatesBundleS3Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("CaCertificatesBundleS3Bucket")) } - if s.LoadBalancerArn == nil { - invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) + if s.CaCertificatesBundleS3Key == nil { + invalidParams.Add(request.NewErrParamRequired("CaCertificatesBundleS3Key")) } - if s.Port != nil && *s.Port < 1 { - invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } if s.Tags != nil && len(s.Tags) < 1 { invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) } - if s.DefaultActions != nil { - for i, v := range s.DefaultActions { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "DefaultActions", i), err.(request.ErrInvalidParams)) - } - } - } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -4343,59 +6378,41 @@ func (s *CreateListenerInput) Validate() error { return nil } -// SetAlpnPolicy sets the AlpnPolicy field's value. -func (s *CreateListenerInput) SetAlpnPolicy(v []*string) *CreateListenerInput { - s.AlpnPolicy = v - return s -} - -// SetCertificates sets the Certificates field's value. -func (s *CreateListenerInput) SetCertificates(v []*Certificate) *CreateListenerInput { - s.Certificates = v - return s -} - -// SetDefaultActions sets the DefaultActions field's value. -func (s *CreateListenerInput) SetDefaultActions(v []*Action) *CreateListenerInput { - s.DefaultActions = v - return s -} - -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *CreateListenerInput) SetLoadBalancerArn(v string) *CreateListenerInput { - s.LoadBalancerArn = &v +// SetCaCertificatesBundleS3Bucket sets the CaCertificatesBundleS3Bucket field's value. +func (s *CreateTrustStoreInput) SetCaCertificatesBundleS3Bucket(v string) *CreateTrustStoreInput { + s.CaCertificatesBundleS3Bucket = &v return s } -// SetPort sets the Port field's value. -func (s *CreateListenerInput) SetPort(v int64) *CreateListenerInput { - s.Port = &v +// SetCaCertificatesBundleS3Key sets the CaCertificatesBundleS3Key field's value. +func (s *CreateTrustStoreInput) SetCaCertificatesBundleS3Key(v string) *CreateTrustStoreInput { + s.CaCertificatesBundleS3Key = &v return s } -// SetProtocol sets the Protocol field's value. -func (s *CreateListenerInput) SetProtocol(v string) *CreateListenerInput { - s.Protocol = &v +// SetCaCertificatesBundleS3ObjectVersion sets the CaCertificatesBundleS3ObjectVersion field's value. +func (s *CreateTrustStoreInput) SetCaCertificatesBundleS3ObjectVersion(v string) *CreateTrustStoreInput { + s.CaCertificatesBundleS3ObjectVersion = &v return s } -// SetSslPolicy sets the SslPolicy field's value. -func (s *CreateListenerInput) SetSslPolicy(v string) *CreateListenerInput { - s.SslPolicy = &v +// SetName sets the Name field's value. +func (s *CreateTrustStoreInput) SetName(v string) *CreateTrustStoreInput { + s.Name = &v return s } // SetTags sets the Tags field's value. -func (s *CreateListenerInput) SetTags(v []*Tag) *CreateListenerInput { +func (s *CreateTrustStoreInput) SetTags(v []*Tag) *CreateTrustStoreInput { s.Tags = v return s } -type CreateListenerOutput struct { +type CreateTrustStoreOutput struct { _ struct{} `type:"structure"` - // Information about the listener. - Listeners []*Listener `type:"list"` + // Information about the trust store created. + TrustStores []*TrustStore `type:"list"` } // String returns the string representation. @@ -4403,7 +6420,7 @@ type CreateListenerOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateListenerOutput) String() string { +func (s CreateTrustStoreOutput) String() string { return awsutil.Prettify(s) } @@ -4412,102 +6429,91 @@ func (s CreateListenerOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateListenerOutput) GoString() string { +func (s CreateTrustStoreOutput) GoString() string { return s.String() } -// SetListeners sets the Listeners field's value. -func (s *CreateListenerOutput) SetListeners(v []*Listener) *CreateListenerOutput { - s.Listeners = v +// SetTrustStores sets the TrustStores field's value. +func (s *CreateTrustStoreOutput) SetTrustStores(v []*TrustStore) *CreateTrustStoreOutput { + s.TrustStores = v return s } -type CreateLoadBalancerInput struct { +type DeleteListenerInput struct { _ struct{} `type:"structure"` - // [Application Load Balancers on Outposts] The ID of the customer-owned address - // pool (CoIP pool). - CustomerOwnedIpv4Pool *string `type:"string"` + // The Amazon Resource Name (ARN) of the listener. + // + // ListenerArn is a required field + ListenerArn *string `type:"string" required:"true"` +} - // The type of IP addresses used by the subnets for your load balancer. The - // possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and - // IPv6 addresses). - IpAddressType *string `type:"string" enum:"IpAddressType"` +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteListenerInput) String() string { + return awsutil.Prettify(s) +} - // The name of the load balancer. - // - // This name must be unique per region per account, can have a maximum of 32 - // characters, must contain only alphanumeric characters or hyphens, must not - // begin or end with a hyphen, and must not begin with "internal-". - // - // Name is a required field - Name *string `type:"string" required:"true"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteListenerInput) GoString() string { + return s.String() +} - // The nodes of an Internet-facing load balancer have public IP addresses. The - // DNS name of an Internet-facing load balancer is publicly resolvable to the - // public IP addresses of the nodes. Therefore, Internet-facing load balancers - // can route requests from clients over the internet. - // - // The nodes of an internal load balancer have only private IP addresses. The - // DNS name of an internal load balancer is publicly resolvable to the private - // IP addresses of the nodes. Therefore, internal load balancers can route requests - // only from clients with access to the VPC for the load balancer. - // - // The default is an Internet-facing load balancer. - // - // You cannot specify a scheme for a Gateway Load Balancer. - Scheme *string `type:"string" enum:"LoadBalancerSchemeEnum"` +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteListenerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteListenerInput"} + if s.ListenerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + } - // [Application Load Balancers] The IDs of the security groups for the load - // balancer. - SecurityGroups []*string `type:"list"` + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} - // The IDs of the public subnets. You can specify only one subnet per Availability - // Zone. You must specify either subnets or subnet mappings, but not both. - // - // [Application Load Balancers] You must specify subnets from at least two Availability - // Zones. You cannot specify Elastic IP addresses for your subnets. - // - // [Application Load Balancers on Outposts] You must specify one Outpost subnet. - // - // [Application Load Balancers on Local Zones] You can specify subnets from - // one or more Local Zones. - // - // [Network Load Balancers] You can specify subnets from one or more Availability - // Zones. You can specify one Elastic IP address per subnet if you need static - // IP addresses for your internet-facing load balancer. For internal load balancers, - // you can specify one private IP address per subnet from the IPv4 range of - // the subnet. For internet-facing load balancer, you can specify one IPv6 address - // per subnet. - // - // [Gateway Load Balancers] You can specify subnets from one or more Availability - // Zones. You cannot specify Elastic IP addresses for your subnets. - SubnetMappings []*SubnetMapping `type:"list"` +// SetListenerArn sets the ListenerArn field's value. +func (s *DeleteListenerInput) SetListenerArn(v string) *DeleteListenerInput { + s.ListenerArn = &v + return s +} - // The IDs of the public subnets. You can specify only one subnet per Availability - // Zone. You must specify either subnets or subnet mappings, but not both. To - // specify an Elastic IP address, specify subnet mappings instead of subnets. - // - // [Application Load Balancers] You must specify subnets from at least two Availability - // Zones. - // - // [Application Load Balancers on Outposts] You must specify one Outpost subnet. - // - // [Application Load Balancers on Local Zones] You can specify subnets from - // one or more Local Zones. - // - // [Network Load Balancers] You can specify subnets from one or more Availability - // Zones. - // - // [Gateway Load Balancers] You can specify subnets from one or more Availability - // Zones. - Subnets []*string `type:"list"` +type DeleteListenerOutput struct { + _ struct{} `type:"structure"` +} - // The tags to assign to the load balancer. - Tags []*Tag `min:"1" type:"list"` +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteListenerOutput) String() string { + return awsutil.Prettify(s) +} - // The type of load balancer. The default is application. - Type *string `type:"string" enum:"LoadBalancerTypeEnum"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteListenerOutput) GoString() string { + return s.String() +} + +type DeleteLoadBalancerInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the load balancer. + // + // LoadBalancerArn is a required field + LoadBalancerArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -4515,7 +6521,7 @@ type CreateLoadBalancerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateLoadBalancerInput) String() string { +func (s DeleteLoadBalancerInput) String() string { return awsutil.Prettify(s) } @@ -4524,28 +6530,15 @@ func (s CreateLoadBalancerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateLoadBalancerInput) GoString() string { +func (s DeleteLoadBalancerInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateLoadBalancerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateLoadBalancerInput"} - if s.Name == nil { - invalidParams.Add(request.NewErrParamRequired("Name")) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) - } - if s.Tags != nil { - for i, v := range s.Tags { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) - } - } +func (s *DeleteLoadBalancerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteLoadBalancerInput"} + if s.LoadBalancerArn == nil { + invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) } if invalidParams.Len() > 0 { @@ -4554,65 +6547,82 @@ func (s *CreateLoadBalancerInput) Validate() error { return nil } -// SetCustomerOwnedIpv4Pool sets the CustomerOwnedIpv4Pool field's value. -func (s *CreateLoadBalancerInput) SetCustomerOwnedIpv4Pool(v string) *CreateLoadBalancerInput { - s.CustomerOwnedIpv4Pool = &v +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *DeleteLoadBalancerInput) SetLoadBalancerArn(v string) *DeleteLoadBalancerInput { + s.LoadBalancerArn = &v return s } -// SetIpAddressType sets the IpAddressType field's value. -func (s *CreateLoadBalancerInput) SetIpAddressType(v string) *CreateLoadBalancerInput { - s.IpAddressType = &v - return s +type DeleteLoadBalancerOutput struct { + _ struct{} `type:"structure"` } -// SetName sets the Name field's value. -func (s *CreateLoadBalancerInput) SetName(v string) *CreateLoadBalancerInput { - s.Name = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLoadBalancerOutput) String() string { + return awsutil.Prettify(s) } -// SetScheme sets the Scheme field's value. -func (s *CreateLoadBalancerInput) SetScheme(v string) *CreateLoadBalancerInput { - s.Scheme = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLoadBalancerOutput) GoString() string { + return s.String() } -// SetSecurityGroups sets the SecurityGroups field's value. -func (s *CreateLoadBalancerInput) SetSecurityGroups(v []*string) *CreateLoadBalancerInput { - s.SecurityGroups = v - return s +type DeleteRuleInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the rule. + // + // RuleArn is a required field + RuleArn *string `type:"string" required:"true"` } -// SetSubnetMappings sets the SubnetMappings field's value. -func (s *CreateLoadBalancerInput) SetSubnetMappings(v []*SubnetMapping) *CreateLoadBalancerInput { - s.SubnetMappings = v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteRuleInput) String() string { + return awsutil.Prettify(s) } -// SetSubnets sets the Subnets field's value. -func (s *CreateLoadBalancerInput) SetSubnets(v []*string) *CreateLoadBalancerInput { - s.Subnets = v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteRuleInput) GoString() string { + return s.String() } -// SetTags sets the Tags field's value. -func (s *CreateLoadBalancerInput) SetTags(v []*Tag) *CreateLoadBalancerInput { - s.Tags = v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteRuleInput"} + if s.RuleArn == nil { + invalidParams.Add(request.NewErrParamRequired("RuleArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetType sets the Type field's value. -func (s *CreateLoadBalancerInput) SetType(v string) *CreateLoadBalancerInput { - s.Type = &v +// SetRuleArn sets the RuleArn field's value. +func (s *DeleteRuleInput) SetRuleArn(v string) *DeleteRuleInput { + s.RuleArn = &v return s } -type CreateLoadBalancerOutput struct { +type DeleteRuleOutput struct { _ struct{} `type:"structure"` - - // Information about the load balancer. - LoadBalancers []*LoadBalancer `type:"list"` } // String returns the string representation. @@ -4620,7 +6630,7 @@ type CreateLoadBalancerOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateLoadBalancerOutput) String() string { +func (s DeleteRuleOutput) String() string { return awsutil.Prettify(s) } @@ -4629,41 +6639,17 @@ func (s CreateLoadBalancerOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateLoadBalancerOutput) GoString() string { +func (s DeleteRuleOutput) GoString() string { return s.String() } -// SetLoadBalancers sets the LoadBalancers field's value. -func (s *CreateLoadBalancerOutput) SetLoadBalancers(v []*LoadBalancer) *CreateLoadBalancerOutput { - s.LoadBalancers = v - return s -} - -type CreateRuleInput struct { +type DeleteTargetGroupInput struct { _ struct{} `type:"structure"` - // The actions. - // - // Actions is a required field - Actions []*Action `type:"list" required:"true"` - - // The conditions. - // - // Conditions is a required field - Conditions []*RuleCondition `type:"list" required:"true"` - - // The Amazon Resource Name (ARN) of the listener. - // - // ListenerArn is a required field - ListenerArn *string `type:"string" required:"true"` - - // The rule priority. A listener can't have multiple rules with the same priority. + // The Amazon Resource Name (ARN) of the target group. // - // Priority is a required field - Priority *int64 `min:"1" type:"integer" required:"true"` - - // The tags to assign to the rule. - Tags []*Tag `min:"1" type:"list"` + // TargetGroupArn is a required field + TargetGroupArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -4671,7 +6657,7 @@ type CreateRuleInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateRuleInput) String() string { +func (s DeleteTargetGroupInput) String() string { return awsutil.Prettify(s) } @@ -4680,50 +6666,15 @@ func (s CreateRuleInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateRuleInput) GoString() string { +func (s DeleteTargetGroupInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateRuleInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateRuleInput"} - if s.Actions == nil { - invalidParams.Add(request.NewErrParamRequired("Actions")) - } - if s.Conditions == nil { - invalidParams.Add(request.NewErrParamRequired("Conditions")) - } - if s.ListenerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ListenerArn")) - } - if s.Priority == nil { - invalidParams.Add(request.NewErrParamRequired("Priority")) - } - if s.Priority != nil && *s.Priority < 1 { - invalidParams.Add(request.NewErrParamMinValue("Priority", 1)) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) - } - if s.Actions != nil { - for i, v := range s.Actions { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Actions", i), err.(request.ErrInvalidParams)) - } - } - } - if s.Tags != nil { - for i, v := range s.Tags { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) - } - } +func (s *DeleteTargetGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTargetGroupInput"} + if s.TargetGroupArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) } if invalidParams.Len() > 0 { @@ -4732,41 +6683,14 @@ func (s *CreateRuleInput) Validate() error { return nil } -// SetActions sets the Actions field's value. -func (s *CreateRuleInput) SetActions(v []*Action) *CreateRuleInput { - s.Actions = v - return s -} - -// SetConditions sets the Conditions field's value. -func (s *CreateRuleInput) SetConditions(v []*RuleCondition) *CreateRuleInput { - s.Conditions = v - return s -} - -// SetListenerArn sets the ListenerArn field's value. -func (s *CreateRuleInput) SetListenerArn(v string) *CreateRuleInput { - s.ListenerArn = &v - return s -} - -// SetPriority sets the Priority field's value. -func (s *CreateRuleInput) SetPriority(v int64) *CreateRuleInput { - s.Priority = &v - return s -} - -// SetTags sets the Tags field's value. -func (s *CreateRuleInput) SetTags(v []*Tag) *CreateRuleInput { - s.Tags = v +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *DeleteTargetGroupInput) SetTargetGroupArn(v string) *DeleteTargetGroupInput { + s.TargetGroupArn = &v return s } -type CreateRuleOutput struct { +type DeleteTargetGroupOutput struct { _ struct{} `type:"structure"` - - // Information about the rule. - Rules []*Rule `type:"list"` } // String returns the string representation. @@ -4774,7 +6698,7 @@ type CreateRuleOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateRuleOutput) String() string { +func (s DeleteTargetGroupOutput) String() string { return awsutil.Prettify(s) } @@ -4782,138 +6706,18 @@ func (s CreateRuleOutput) String() string { // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s CreateRuleOutput) GoString() string { - return s.String() -} - -// SetRules sets the Rules field's value. -func (s *CreateRuleOutput) SetRules(v []*Rule) *CreateRuleOutput { - s.Rules = v - return s -} - -type CreateTargetGroupInput struct { - _ struct{} `type:"structure"` - - // Indicates whether health checks are enabled. If the target type is lambda, - // health checks are disabled by default but can be enabled. If the target type - // is instance, ip, or alb, health checks are always enabled and cannot be disabled. - HealthCheckEnabled *bool `type:"boolean"` - - // The approximate amount of time, in seconds, between health checks of an individual - // target. The range is 5-300. If the target group protocol is TCP, TLS, UDP, - // TCP_UDP, HTTP or HTTPS, the default is 30 seconds. If the target group protocol - // is GENEVE, the default is 10 seconds. If the target type is lambda, the default - // is 35 seconds. - HealthCheckIntervalSeconds *int64 `min:"5" type:"integer"` - - // [HTTP/HTTPS health checks] The destination for health checks on the targets. - // - // [HTTP1 or HTTP2 protocol version] The ping path. The default is /. - // - // [GRPC protocol version] The path of a custom health check method with the - // format /package.service/method. The default is /Amazon Web Services.ALB/healthcheck. - HealthCheckPath *string `min:"1" type:"string"` - - // The port the load balancer uses when performing health checks on targets. - // If the protocol is HTTP, HTTPS, TCP, TLS, UDP, or TCP_UDP, the default is - // traffic-port, which is the port on which each target receives traffic from - // the load balancer. If the protocol is GENEVE, the default is port 80. - HealthCheckPort *string `type:"string"` - - // The protocol the load balancer uses when performing health checks on targets. - // For Application Load Balancers, the default is HTTP. For Network Load Balancers - // and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported - // for health checks if the protocol of the target group is HTTP or HTTPS. The - // GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks. - HealthCheckProtocol *string `type:"string" enum:"ProtocolEnum"` - - // The amount of time, in seconds, during which no response from a target means - // a failed health check. The range is 2–120 seconds. For target groups with - // a protocol of HTTP, the default is 6 seconds. For target groups with a protocol - // of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a - // protocol of GENEVE, the default is 5 seconds. If the target type is lambda, - // the default is 30 seconds. - HealthCheckTimeoutSeconds *int64 `min:"2" type:"integer"` - - // The number of consecutive health check successes required before considering - // a target healthy. The range is 2-10. If the target group protocol is TCP, - // TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 5. For target groups with - // a protocol of GENEVE, the default is 5. If the target type is lambda, the - // default is 5. - HealthyThresholdCount *int64 `min:"2" type:"integer"` - - // The type of IP address used for this target group. The possible values are - // ipv4 and ipv6. This is an optional parameter. If not specified, the IP address - // type defaults to ipv4. - IpAddressType *string `type:"string" enum:"TargetGroupIpAddressTypeEnum"` - - // [HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for - // a successful response from a target. For target groups with a protocol of - // TCP, TCP_UDP, UDP or TLS the range is 200-599. For target groups with a protocol - // of HTTP or HTTPS, the range is 200-499. For target groups with a protocol - // of GENEVE, the range is 200-399. - Matcher *Matcher `type:"structure"` - - // The name of the target group. - // - // This name must be unique per region per account, can have a maximum of 32 - // characters, must contain only alphanumeric characters or hyphens, and must - // not begin or end with a hyphen. - // - // Name is a required field - Name *string `type:"string" required:"true"` - - // The port on which the targets receive traffic. This port is used unless you - // specify a port override when registering the target. If the target is a Lambda - // function, this parameter does not apply. If the protocol is GENEVE, the supported - // port is 6081. - Port *int64 `min:"1" type:"integer"` - - // The protocol to use for routing traffic to the targets. For Application Load - // Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, - // the supported protocols are TCP, TLS, UDP, or TCP_UDP. For Gateway Load Balancers, - // the supported protocol is GENEVE. A TCP_UDP listener must be associated with - // a TCP_UDP target group. If the target is a Lambda function, this parameter - // does not apply. - Protocol *string `type:"string" enum:"ProtocolEnum"` - - // [HTTP/HTTPS protocol] The protocol version. Specify GRPC to send requests - // to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. - // The default is HTTP1, which sends requests to targets using HTTP/1.1. - ProtocolVersion *string `type:"string"` - - // The tags to assign to the target group. - Tags []*Tag `min:"1" type:"list"` - - // The type of target that you must specify when registering targets with this - // target group. You can't specify targets for a target group using more than - // one target type. - // - // * instance - Register targets by instance ID. This is the default value. - // - // * ip - Register targets by IP address. You can specify IP addresses from - // the subnets of the virtual private cloud (VPC) for the target group, the - // RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the - // RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP - // addresses. - // - // * lambda - Register a single Lambda function as a target. - // - // * alb - Register a single Application Load Balancer as a target. - TargetType *string `type:"string" enum:"TargetTypeEnum"` +// value will be replaced with "sensitive". +func (s DeleteTargetGroupOutput) GoString() string { + return s.String() +} - // The number of consecutive health check failures required before considering - // a target unhealthy. The range is 2-10. If the target group protocol is TCP, - // TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 2. For target groups with - // a protocol of GENEVE, the default is 2. If the target type is lambda, the - // default is 5. - UnhealthyThresholdCount *int64 `min:"2" type:"integer"` +type DeleteTrustStoreInput struct { + _ struct{} `type:"structure"` - // The identifier of the virtual private cloud (VPC). If the target is a Lambda - // function, this parameter does not apply. Otherwise, this parameter is required. - VpcId *string `type:"string"` + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -4921,7 +6725,7 @@ type CreateTargetGroupInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateTargetGroupInput) String() string { +func (s DeleteTrustStoreInput) String() string { return awsutil.Prettify(s) } @@ -4930,46 +6734,15 @@ func (s CreateTargetGroupInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateTargetGroupInput) GoString() string { +func (s DeleteTrustStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateTargetGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateTargetGroupInput"} - if s.HealthCheckIntervalSeconds != nil && *s.HealthCheckIntervalSeconds < 5 { - invalidParams.Add(request.NewErrParamMinValue("HealthCheckIntervalSeconds", 5)) - } - if s.HealthCheckPath != nil && len(*s.HealthCheckPath) < 1 { - invalidParams.Add(request.NewErrParamMinLen("HealthCheckPath", 1)) - } - if s.HealthCheckTimeoutSeconds != nil && *s.HealthCheckTimeoutSeconds < 2 { - invalidParams.Add(request.NewErrParamMinValue("HealthCheckTimeoutSeconds", 2)) - } - if s.HealthyThresholdCount != nil && *s.HealthyThresholdCount < 2 { - invalidParams.Add(request.NewErrParamMinValue("HealthyThresholdCount", 2)) - } - if s.Name == nil { - invalidParams.Add(request.NewErrParamRequired("Name")) - } - if s.Port != nil && *s.Port < 1 { - invalidParams.Add(request.NewErrParamMinValue("Port", 1)) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) - } - if s.UnhealthyThresholdCount != nil && *s.UnhealthyThresholdCount < 2 { - invalidParams.Add(request.NewErrParamMinValue("UnhealthyThresholdCount", 2)) - } - if s.Tags != nil { - for i, v := range s.Tags { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) - } - } +func (s *DeleteTrustStoreInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTrustStoreInput"} + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -4978,113 +6751,107 @@ func (s *CreateTargetGroupInput) Validate() error { return nil } -// SetHealthCheckEnabled sets the HealthCheckEnabled field's value. -func (s *CreateTargetGroupInput) SetHealthCheckEnabled(v bool) *CreateTargetGroupInput { - s.HealthCheckEnabled = &v - return s -} - -// SetHealthCheckIntervalSeconds sets the HealthCheckIntervalSeconds field's value. -func (s *CreateTargetGroupInput) SetHealthCheckIntervalSeconds(v int64) *CreateTargetGroupInput { - s.HealthCheckIntervalSeconds = &v - return s -} - -// SetHealthCheckPath sets the HealthCheckPath field's value. -func (s *CreateTargetGroupInput) SetHealthCheckPath(v string) *CreateTargetGroupInput { - s.HealthCheckPath = &v - return s -} - -// SetHealthCheckPort sets the HealthCheckPort field's value. -func (s *CreateTargetGroupInput) SetHealthCheckPort(v string) *CreateTargetGroupInput { - s.HealthCheckPort = &v - return s -} - -// SetHealthCheckProtocol sets the HealthCheckProtocol field's value. -func (s *CreateTargetGroupInput) SetHealthCheckProtocol(v string) *CreateTargetGroupInput { - s.HealthCheckProtocol = &v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *DeleteTrustStoreInput) SetTrustStoreArn(v string) *DeleteTrustStoreInput { + s.TrustStoreArn = &v return s } -// SetHealthCheckTimeoutSeconds sets the HealthCheckTimeoutSeconds field's value. -func (s *CreateTargetGroupInput) SetHealthCheckTimeoutSeconds(v int64) *CreateTargetGroupInput { - s.HealthCheckTimeoutSeconds = &v - return s +type DeleteTrustStoreOutput struct { + _ struct{} `type:"structure"` } -// SetHealthyThresholdCount sets the HealthyThresholdCount field's value. -func (s *CreateTargetGroupInput) SetHealthyThresholdCount(v int64) *CreateTargetGroupInput { - s.HealthyThresholdCount = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTrustStoreOutput) String() string { + return awsutil.Prettify(s) } -// SetIpAddressType sets the IpAddressType field's value. -func (s *CreateTargetGroupInput) SetIpAddressType(v string) *CreateTargetGroupInput { - s.IpAddressType = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTrustStoreOutput) GoString() string { + return s.String() } -// SetMatcher sets the Matcher field's value. -func (s *CreateTargetGroupInput) SetMatcher(v *Matcher) *CreateTargetGroupInput { - s.Matcher = v - return s -} +type DeregisterTargetsInput struct { + _ struct{} `type:"structure"` -// SetName sets the Name field's value. -func (s *CreateTargetGroupInput) SetName(v string) *CreateTargetGroupInput { - s.Name = &v - return s -} + // The Amazon Resource Name (ARN) of the target group. + // + // TargetGroupArn is a required field + TargetGroupArn *string `type:"string" required:"true"` -// SetPort sets the Port field's value. -func (s *CreateTargetGroupInput) SetPort(v int64) *CreateTargetGroupInput { - s.Port = &v - return s + // The targets. If you specified a port override when you registered a target, + // you must specify both the target ID and the port when you deregister it. + // + // Targets is a required field + Targets []*TargetDescription `type:"list" required:"true"` } -// SetProtocol sets the Protocol field's value. -func (s *CreateTargetGroupInput) SetProtocol(v string) *CreateTargetGroupInput { - s.Protocol = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeregisterTargetsInput) String() string { + return awsutil.Prettify(s) } -// SetProtocolVersion sets the ProtocolVersion field's value. -func (s *CreateTargetGroupInput) SetProtocolVersion(v string) *CreateTargetGroupInput { - s.ProtocolVersion = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeregisterTargetsInput) GoString() string { + return s.String() } -// SetTags sets the Tags field's value. -func (s *CreateTargetGroupInput) SetTags(v []*Tag) *CreateTargetGroupInput { - s.Tags = v - return s -} +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeregisterTargetsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeregisterTargetsInput"} + if s.TargetGroupArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) + } + if s.Targets == nil { + invalidParams.Add(request.NewErrParamRequired("Targets")) + } + if s.Targets != nil { + for i, v := range s.Targets { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Targets", i), err.(request.ErrInvalidParams)) + } + } + } -// SetTargetType sets the TargetType field's value. -func (s *CreateTargetGroupInput) SetTargetType(v string) *CreateTargetGroupInput { - s.TargetType = &v - return s + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetUnhealthyThresholdCount sets the UnhealthyThresholdCount field's value. -func (s *CreateTargetGroupInput) SetUnhealthyThresholdCount(v int64) *CreateTargetGroupInput { - s.UnhealthyThresholdCount = &v +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *DeregisterTargetsInput) SetTargetGroupArn(v string) *DeregisterTargetsInput { + s.TargetGroupArn = &v return s } -// SetVpcId sets the VpcId field's value. -func (s *CreateTargetGroupInput) SetVpcId(v string) *CreateTargetGroupInput { - s.VpcId = &v +// SetTargets sets the Targets field's value. +func (s *DeregisterTargetsInput) SetTargets(v []*TargetDescription) *DeregisterTargetsInput { + s.Targets = v return s } -type CreateTargetGroupOutput struct { +type DeregisterTargetsOutput struct { _ struct{} `type:"structure"` - - // Information about the target group. - TargetGroups []*TargetGroup `type:"list"` } // String returns the string representation. @@ -5092,7 +6859,7 @@ type CreateTargetGroupOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateTargetGroupOutput) String() string { +func (s DeregisterTargetsOutput) String() string { return awsutil.Prettify(s) } @@ -5101,23 +6868,19 @@ func (s CreateTargetGroupOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s CreateTargetGroupOutput) GoString() string { +func (s DeregisterTargetsOutput) GoString() string { return s.String() } -// SetTargetGroups sets the TargetGroups field's value. -func (s *CreateTargetGroupOutput) SetTargetGroups(v []*TargetGroup) *CreateTargetGroupOutput { - s.TargetGroups = v - return s -} - -type DeleteListenerInput struct { +type DescribeAccountLimitsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the listener. - // - // ListenerArn is a required field - ListenerArn *string `type:"string" required:"true"` + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` } // String returns the string representation. @@ -5125,7 +6888,7 @@ type DeleteListenerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteListenerInput) String() string { +func (s DescribeAccountLimitsInput) String() string { return awsutil.Prettify(s) } @@ -5134,15 +6897,15 @@ func (s DeleteListenerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteListenerInput) GoString() string { +func (s DescribeAccountLimitsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteListenerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteListenerInput"} - if s.ListenerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ListenerArn")) +func (s *DescribeAccountLimitsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeAccountLimitsInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -5151,14 +6914,27 @@ func (s *DeleteListenerInput) Validate() error { return nil } -// SetListenerArn sets the ListenerArn field's value. -func (s *DeleteListenerInput) SetListenerArn(v string) *DeleteListenerInput { - s.ListenerArn = &v +// SetMarker sets the Marker field's value. +func (s *DescribeAccountLimitsInput) SetMarker(v string) *DescribeAccountLimitsInput { + s.Marker = &v return s } -type DeleteListenerOutput struct { +// SetPageSize sets the PageSize field's value. +func (s *DescribeAccountLimitsInput) SetPageSize(v int64) *DescribeAccountLimitsInput { + s.PageSize = &v + return s +} + +type DescribeAccountLimitsOutput struct { _ struct{} `type:"structure"` + + // Information about the limits. + Limits []*Limit `type:"list"` + + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` } // String returns the string representation. @@ -5166,7 +6942,7 @@ type DeleteListenerOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteListenerOutput) String() string { +func (s DescribeAccountLimitsOutput) String() string { return awsutil.Prettify(s) } @@ -5175,17 +6951,36 @@ func (s DeleteListenerOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteListenerOutput) GoString() string { +func (s DescribeAccountLimitsOutput) GoString() string { return s.String() } -type DeleteLoadBalancerInput struct { +// SetLimits sets the Limits field's value. +func (s *DescribeAccountLimitsOutput) SetLimits(v []*Limit) *DescribeAccountLimitsOutput { + s.Limits = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeAccountLimitsOutput) SetNextMarker(v string) *DescribeAccountLimitsOutput { + s.NextMarker = &v + return s +} + +type DescribeListenerCertificatesInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the load balancer. + // The Amazon Resource Names (ARN) of the listener. // - // LoadBalancerArn is a required field - LoadBalancerArn *string `type:"string" required:"true"` + // ListenerArn is a required field + ListenerArn *string `type:"string" required:"true"` + + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` } // String returns the string representation. @@ -5193,7 +6988,7 @@ type DeleteLoadBalancerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteLoadBalancerInput) String() string { +func (s DescribeListenerCertificatesInput) String() string { return awsutil.Prettify(s) } @@ -5202,15 +6997,18 @@ func (s DeleteLoadBalancerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteLoadBalancerInput) GoString() string { +func (s DescribeListenerCertificatesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteLoadBalancerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteLoadBalancerInput"} - if s.LoadBalancerArn == nil { - invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) +func (s *DescribeListenerCertificatesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeListenerCertificatesInput"} + if s.ListenerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ListenerArn")) + } + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -5219,14 +7017,33 @@ func (s *DeleteLoadBalancerInput) Validate() error { return nil } -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *DeleteLoadBalancerInput) SetLoadBalancerArn(v string) *DeleteLoadBalancerInput { - s.LoadBalancerArn = &v +// SetListenerArn sets the ListenerArn field's value. +func (s *DescribeListenerCertificatesInput) SetListenerArn(v string) *DescribeListenerCertificatesInput { + s.ListenerArn = &v return s } -type DeleteLoadBalancerOutput struct { +// SetMarker sets the Marker field's value. +func (s *DescribeListenerCertificatesInput) SetMarker(v string) *DescribeListenerCertificatesInput { + s.Marker = &v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *DescribeListenerCertificatesInput) SetPageSize(v int64) *DescribeListenerCertificatesInput { + s.PageSize = &v + return s +} + +type DescribeListenerCertificatesOutput struct { _ struct{} `type:"structure"` + + // Information about the certificates. + Certificates []*Certificate `type:"list"` + + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` } // String returns the string representation. @@ -5234,7 +7051,7 @@ type DeleteLoadBalancerOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteLoadBalancerOutput) String() string { +func (s DescribeListenerCertificatesOutput) String() string { return awsutil.Prettify(s) } @@ -5243,17 +7060,37 @@ func (s DeleteLoadBalancerOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteLoadBalancerOutput) GoString() string { +func (s DescribeListenerCertificatesOutput) GoString() string { return s.String() } -type DeleteRuleInput struct { +// SetCertificates sets the Certificates field's value. +func (s *DescribeListenerCertificatesOutput) SetCertificates(v []*Certificate) *DescribeListenerCertificatesOutput { + s.Certificates = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeListenerCertificatesOutput) SetNextMarker(v string) *DescribeListenerCertificatesOutput { + s.NextMarker = &v + return s +} + +type DescribeListenersInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the rule. - // - // RuleArn is a required field - RuleArn *string `type:"string" required:"true"` + // The Amazon Resource Names (ARN) of the listeners. + ListenerArns []*string `type:"list"` + + // The Amazon Resource Name (ARN) of the load balancer. + LoadBalancerArn *string `type:"string"` + + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` } // String returns the string representation. @@ -5261,7 +7098,7 @@ type DeleteRuleInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteRuleInput) String() string { +func (s DescribeListenersInput) String() string { return awsutil.Prettify(s) } @@ -5270,15 +7107,15 @@ func (s DeleteRuleInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteRuleInput) GoString() string { +func (s DescribeListenersInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteRuleInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteRuleInput"} - if s.RuleArn == nil { - invalidParams.Add(request.NewErrParamRequired("RuleArn")) +func (s *DescribeListenersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeListenersInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -5287,14 +7124,39 @@ func (s *DeleteRuleInput) Validate() error { return nil } -// SetRuleArn sets the RuleArn field's value. -func (s *DeleteRuleInput) SetRuleArn(v string) *DeleteRuleInput { - s.RuleArn = &v +// SetListenerArns sets the ListenerArns field's value. +func (s *DescribeListenersInput) SetListenerArns(v []*string) *DescribeListenersInput { + s.ListenerArns = v return s } -type DeleteRuleOutput struct { +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *DescribeListenersInput) SetLoadBalancerArn(v string) *DescribeListenersInput { + s.LoadBalancerArn = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeListenersInput) SetMarker(v string) *DescribeListenersInput { + s.Marker = &v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *DescribeListenersInput) SetPageSize(v int64) *DescribeListenersInput { + s.PageSize = &v + return s +} + +type DescribeListenersOutput struct { _ struct{} `type:"structure"` + + // Information about the listeners. + Listeners []*Listener `type:"list"` + + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` } // String returns the string representation. @@ -5302,7 +7164,7 @@ type DeleteRuleOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteRuleOutput) String() string { +func (s DescribeListenersOutput) String() string { return awsutil.Prettify(s) } @@ -5311,17 +7173,29 @@ func (s DeleteRuleOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteRuleOutput) GoString() string { +func (s DescribeListenersOutput) GoString() string { return s.String() } -type DeleteTargetGroupInput struct { +// SetListeners sets the Listeners field's value. +func (s *DescribeListenersOutput) SetListeners(v []*Listener) *DescribeListenersOutput { + s.Listeners = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeListenersOutput) SetNextMarker(v string) *DescribeListenersOutput { + s.NextMarker = &v + return s +} + +type DescribeLoadBalancerAttributesInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the target group. + // The Amazon Resource Name (ARN) of the load balancer. // - // TargetGroupArn is a required field - TargetGroupArn *string `type:"string" required:"true"` + // LoadBalancerArn is a required field + LoadBalancerArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -5329,7 +7203,7 @@ type DeleteTargetGroupInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteTargetGroupInput) String() string { +func (s DescribeLoadBalancerAttributesInput) String() string { return awsutil.Prettify(s) } @@ -5338,15 +7212,15 @@ func (s DeleteTargetGroupInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteTargetGroupInput) GoString() string { +func (s DescribeLoadBalancerAttributesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteTargetGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteTargetGroupInput"} - if s.TargetGroupArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) +func (s *DescribeLoadBalancerAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLoadBalancerAttributesInput"} + if s.LoadBalancerArn == nil { + invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) } if invalidParams.Len() > 0 { @@ -5355,14 +7229,17 @@ func (s *DeleteTargetGroupInput) Validate() error { return nil } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *DeleteTargetGroupInput) SetTargetGroupArn(v string) *DeleteTargetGroupInput { - s.TargetGroupArn = &v +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *DescribeLoadBalancerAttributesInput) SetLoadBalancerArn(v string) *DescribeLoadBalancerAttributesInput { + s.LoadBalancerArn = &v return s } -type DeleteTargetGroupOutput struct { +type DescribeLoadBalancerAttributesOutput struct { _ struct{} `type:"structure"` + + // Information about the load balancer attributes. + Attributes []*LoadBalancerAttribute `type:"list"` } // String returns the string representation. @@ -5370,7 +7247,7 @@ type DeleteTargetGroupOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteTargetGroupOutput) String() string { +func (s DescribeLoadBalancerAttributesOutput) String() string { return awsutil.Prettify(s) } @@ -5379,23 +7256,32 @@ func (s DeleteTargetGroupOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeleteTargetGroupOutput) GoString() string { +func (s DescribeLoadBalancerAttributesOutput) GoString() string { return s.String() } -type DeregisterTargetsInput struct { +// SetAttributes sets the Attributes field's value. +func (s *DescribeLoadBalancerAttributesOutput) SetAttributes(v []*LoadBalancerAttribute) *DescribeLoadBalancerAttributesOutput { + s.Attributes = v + return s +} + +type DescribeLoadBalancersInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the target group. - // - // TargetGroupArn is a required field - TargetGroupArn *string `type:"string" required:"true"` + // The Amazon Resource Names (ARN) of the load balancers. You can specify up + // to 20 load balancers in a single call. + LoadBalancerArns []*string `type:"list"` - // The targets. If you specified a port override when you registered a target, - // you must specify both the target ID and the port when you deregister it. - // - // Targets is a required field - Targets []*TargetDescription `type:"list" required:"true"` + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The names of the load balancers. + Names []*string `type:"list"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` } // String returns the string representation. @@ -5403,7 +7289,7 @@ type DeregisterTargetsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeregisterTargetsInput) String() string { +func (s DescribeLoadBalancersInput) String() string { return awsutil.Prettify(s) } @@ -5412,28 +7298,15 @@ func (s DeregisterTargetsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeregisterTargetsInput) GoString() string { +func (s DescribeLoadBalancersInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeregisterTargetsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeregisterTargetsInput"} - if s.TargetGroupArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) - } - if s.Targets == nil { - invalidParams.Add(request.NewErrParamRequired("Targets")) - } - if s.Targets != nil { - for i, v := range s.Targets { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Targets", i), err.(request.ErrInvalidParams)) - } - } +func (s *DescribeLoadBalancersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLoadBalancersInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -5442,20 +7315,39 @@ func (s *DeregisterTargetsInput) Validate() error { return nil } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *DeregisterTargetsInput) SetTargetGroupArn(v string) *DeregisterTargetsInput { - s.TargetGroupArn = &v +// SetLoadBalancerArns sets the LoadBalancerArns field's value. +func (s *DescribeLoadBalancersInput) SetLoadBalancerArns(v []*string) *DescribeLoadBalancersInput { + s.LoadBalancerArns = v return s } -// SetTargets sets the Targets field's value. -func (s *DeregisterTargetsInput) SetTargets(v []*TargetDescription) *DeregisterTargetsInput { - s.Targets = v +// SetMarker sets the Marker field's value. +func (s *DescribeLoadBalancersInput) SetMarker(v string) *DescribeLoadBalancersInput { + s.Marker = &v return s } -type DeregisterTargetsOutput struct { +// SetNames sets the Names field's value. +func (s *DescribeLoadBalancersInput) SetNames(v []*string) *DescribeLoadBalancersInput { + s.Names = v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *DescribeLoadBalancersInput) SetPageSize(v int64) *DescribeLoadBalancersInput { + s.PageSize = &v + return s +} + +type DescribeLoadBalancersOutput struct { _ struct{} `type:"structure"` + + // Information about the load balancers. + LoadBalancers []*LoadBalancer `type:"list"` + + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` } // String returns the string representation. @@ -5463,7 +7355,7 @@ type DeregisterTargetsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeregisterTargetsOutput) String() string { +func (s DescribeLoadBalancersOutput) String() string { return awsutil.Prettify(s) } @@ -5472,19 +7364,37 @@ func (s DeregisterTargetsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DeregisterTargetsOutput) GoString() string { +func (s DescribeLoadBalancersOutput) GoString() string { return s.String() } -type DescribeAccountLimitsInput struct { +// SetLoadBalancers sets the LoadBalancers field's value. +func (s *DescribeLoadBalancersOutput) SetLoadBalancers(v []*LoadBalancer) *DescribeLoadBalancersOutput { + s.LoadBalancers = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeLoadBalancersOutput) SetNextMarker(v string) *DescribeLoadBalancersOutput { + s.NextMarker = &v + return s +} + +type DescribeRulesInput struct { _ struct{} `type:"structure"` + // The Amazon Resource Name (ARN) of the listener. + ListenerArn *string `type:"string"` + // The marker for the next set of results. (You received this marker from a // previous call.) Marker *string `type:"string"` // The maximum number of results to return with this call. PageSize *int64 `min:"1" type:"integer"` + + // The Amazon Resource Names (ARN) of the rules. + RuleArns []*string `type:"list"` } // String returns the string representation. @@ -5492,7 +7402,7 @@ type DescribeAccountLimitsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeAccountLimitsInput) String() string { +func (s DescribeRulesInput) String() string { return awsutil.Prettify(s) } @@ -5501,13 +7411,13 @@ func (s DescribeAccountLimitsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeAccountLimitsInput) GoString() string { +func (s DescribeRulesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeAccountLimitsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeAccountLimitsInput"} +func (s *DescribeRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeRulesInput"} if s.PageSize != nil && *s.PageSize < 1 { invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } @@ -5518,27 +7428,39 @@ func (s *DescribeAccountLimitsInput) Validate() error { return nil } +// SetListenerArn sets the ListenerArn field's value. +func (s *DescribeRulesInput) SetListenerArn(v string) *DescribeRulesInput { + s.ListenerArn = &v + return s +} + // SetMarker sets the Marker field's value. -func (s *DescribeAccountLimitsInput) SetMarker(v string) *DescribeAccountLimitsInput { +func (s *DescribeRulesInput) SetMarker(v string) *DescribeRulesInput { s.Marker = &v return s } // SetPageSize sets the PageSize field's value. -func (s *DescribeAccountLimitsInput) SetPageSize(v int64) *DescribeAccountLimitsInput { +func (s *DescribeRulesInput) SetPageSize(v int64) *DescribeRulesInput { s.PageSize = &v return s } -type DescribeAccountLimitsOutput struct { - _ struct{} `type:"structure"` +// SetRuleArns sets the RuleArns field's value. +func (s *DescribeRulesInput) SetRuleArns(v []*string) *DescribeRulesInput { + s.RuleArns = v + return s +} - // Information about the limits. - Limits []*Limit `type:"list"` +type DescribeRulesOutput struct { + _ struct{} `type:"structure"` // If there are additional results, this is the marker for the next set of results. // Otherwise, this is null. NextMarker *string `type:"string"` + + // Information about the rules. + Rules []*Rule `type:"list"` } // String returns the string representation. @@ -5546,7 +7468,7 @@ type DescribeAccountLimitsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeAccountLimitsOutput) String() string { +func (s DescribeRulesOutput) String() string { return awsutil.Prettify(s) } @@ -5555,34 +7477,36 @@ func (s DescribeAccountLimitsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeAccountLimitsOutput) GoString() string { +func (s DescribeRulesOutput) GoString() string { return s.String() } -// SetLimits sets the Limits field's value. -func (s *DescribeAccountLimitsOutput) SetLimits(v []*Limit) *DescribeAccountLimitsOutput { - s.Limits = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeRulesOutput) SetNextMarker(v string) *DescribeRulesOutput { + s.NextMarker = &v return s } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeAccountLimitsOutput) SetNextMarker(v string) *DescribeAccountLimitsOutput { - s.NextMarker = &v +// SetRules sets the Rules field's value. +func (s *DescribeRulesOutput) SetRules(v []*Rule) *DescribeRulesOutput { + s.Rules = v return s } -type DescribeListenerCertificatesInput struct { +type DescribeSSLPoliciesInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the listener. - // - // ListenerArn is a required field - ListenerArn *string `type:"string" required:"true"` + // The type of load balancer. The default lists the SSL policies for all load + // balancers. + LoadBalancerType *string `type:"string" enum:"LoadBalancerTypeEnum"` // The marker for the next set of results. (You received this marker from a // previous call.) Marker *string `type:"string"` + // The names of the policies. + Names []*string `type:"list"` + // The maximum number of results to return with this call. PageSize *int64 `min:"1" type:"integer"` } @@ -5592,7 +7516,7 @@ type DescribeListenerCertificatesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenerCertificatesInput) String() string { +func (s DescribeSSLPoliciesInput) String() string { return awsutil.Prettify(s) } @@ -5601,16 +7525,13 @@ func (s DescribeListenerCertificatesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenerCertificatesInput) GoString() string { +func (s DescribeSSLPoliciesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeListenerCertificatesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeListenerCertificatesInput"} - if s.ListenerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ListenerArn")) - } +func (s *DescribeSSLPoliciesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSSLPoliciesInput"} if s.PageSize != nil && *s.PageSize < 1 { invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } @@ -5621,33 +7542,39 @@ func (s *DescribeListenerCertificatesInput) Validate() error { return nil } -// SetListenerArn sets the ListenerArn field's value. -func (s *DescribeListenerCertificatesInput) SetListenerArn(v string) *DescribeListenerCertificatesInput { - s.ListenerArn = &v +// SetLoadBalancerType sets the LoadBalancerType field's value. +func (s *DescribeSSLPoliciesInput) SetLoadBalancerType(v string) *DescribeSSLPoliciesInput { + s.LoadBalancerType = &v return s } // SetMarker sets the Marker field's value. -func (s *DescribeListenerCertificatesInput) SetMarker(v string) *DescribeListenerCertificatesInput { +func (s *DescribeSSLPoliciesInput) SetMarker(v string) *DescribeSSLPoliciesInput { s.Marker = &v return s } +// SetNames sets the Names field's value. +func (s *DescribeSSLPoliciesInput) SetNames(v []*string) *DescribeSSLPoliciesInput { + s.Names = v + return s +} + // SetPageSize sets the PageSize field's value. -func (s *DescribeListenerCertificatesInput) SetPageSize(v int64) *DescribeListenerCertificatesInput { +func (s *DescribeSSLPoliciesInput) SetPageSize(v int64) *DescribeSSLPoliciesInput { s.PageSize = &v return s } -type DescribeListenerCertificatesOutput struct { +type DescribeSSLPoliciesOutput struct { _ struct{} `type:"structure"` - // Information about the certificates. - Certificates []*Certificate `type:"list"` - // If there are additional results, this is the marker for the next set of results. // Otherwise, this is null. NextMarker *string `type:"string"` + + // Information about the security policies. + SslPolicies []*SslPolicy `type:"list"` } // String returns the string representation. @@ -5655,7 +7582,7 @@ type DescribeListenerCertificatesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenerCertificatesOutput) String() string { +func (s DescribeSSLPoliciesOutput) String() string { return awsutil.Prettify(s) } @@ -5664,37 +7591,30 @@ func (s DescribeListenerCertificatesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenerCertificatesOutput) GoString() string { +func (s DescribeSSLPoliciesOutput) GoString() string { return s.String() } -// SetCertificates sets the Certificates field's value. -func (s *DescribeListenerCertificatesOutput) SetCertificates(v []*Certificate) *DescribeListenerCertificatesOutput { - s.Certificates = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeSSLPoliciesOutput) SetNextMarker(v string) *DescribeSSLPoliciesOutput { + s.NextMarker = &v return s } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeListenerCertificatesOutput) SetNextMarker(v string) *DescribeListenerCertificatesOutput { - s.NextMarker = &v +// SetSslPolicies sets the SslPolicies field's value. +func (s *DescribeSSLPoliciesOutput) SetSslPolicies(v []*SslPolicy) *DescribeSSLPoliciesOutput { + s.SslPolicies = v return s } -type DescribeListenersInput struct { +type DescribeTagsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the listeners. - ListenerArns []*string `type:"list"` - - // The Amazon Resource Name (ARN) of the load balancer. - LoadBalancerArn *string `type:"string"` - - // The marker for the next set of results. (You received this marker from a - // previous call.) - Marker *string `type:"string"` - - // The maximum number of results to return with this call. - PageSize *int64 `min:"1" type:"integer"` + // The Amazon Resource Names (ARN) of the resources. You can specify up to 20 + // resources in a single call. + // + // ResourceArns is a required field + ResourceArns []*string `type:"list" required:"true"` } // String returns the string representation. @@ -5702,7 +7622,7 @@ type DescribeListenersInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenersInput) String() string { +func (s DescribeTagsInput) String() string { return awsutil.Prettify(s) } @@ -5711,15 +7631,15 @@ func (s DescribeListenersInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenersInput) GoString() string { +func (s DescribeTagsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeListenersInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeListenersInput"} - if s.PageSize != nil && *s.PageSize < 1 { - invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) +func (s *DescribeTagsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTagsInput"} + if s.ResourceArns == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArns")) } if invalidParams.Len() > 0 { @@ -5728,39 +7648,17 @@ func (s *DescribeListenersInput) Validate() error { return nil } -// SetListenerArns sets the ListenerArns field's value. -func (s *DescribeListenersInput) SetListenerArns(v []*string) *DescribeListenersInput { - s.ListenerArns = v - return s -} - -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *DescribeListenersInput) SetLoadBalancerArn(v string) *DescribeListenersInput { - s.LoadBalancerArn = &v - return s -} - -// SetMarker sets the Marker field's value. -func (s *DescribeListenersInput) SetMarker(v string) *DescribeListenersInput { - s.Marker = &v - return s -} - -// SetPageSize sets the PageSize field's value. -func (s *DescribeListenersInput) SetPageSize(v int64) *DescribeListenersInput { - s.PageSize = &v +// SetResourceArns sets the ResourceArns field's value. +func (s *DescribeTagsInput) SetResourceArns(v []*string) *DescribeTagsInput { + s.ResourceArns = v return s } -type DescribeListenersOutput struct { +type DescribeTagsOutput struct { _ struct{} `type:"structure"` - // Information about the listeners. - Listeners []*Listener `type:"list"` - - // If there are additional results, this is the marker for the next set of results. - // Otherwise, this is null. - NextMarker *string `type:"string"` + // Information about the tags. + TagDescriptions []*TagDescription `type:"list"` } // String returns the string representation. @@ -5768,7 +7666,7 @@ type DescribeListenersOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenersOutput) String() string { +func (s DescribeTagsOutput) String() string { return awsutil.Prettify(s) } @@ -5777,29 +7675,23 @@ func (s DescribeListenersOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeListenersOutput) GoString() string { +func (s DescribeTagsOutput) GoString() string { return s.String() } -// SetListeners sets the Listeners field's value. -func (s *DescribeListenersOutput) SetListeners(v []*Listener) *DescribeListenersOutput { - s.Listeners = v - return s -} - -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeListenersOutput) SetNextMarker(v string) *DescribeListenersOutput { - s.NextMarker = &v +// SetTagDescriptions sets the TagDescriptions field's value. +func (s *DescribeTagsOutput) SetTagDescriptions(v []*TagDescription) *DescribeTagsOutput { + s.TagDescriptions = v return s } -type DescribeLoadBalancerAttributesInput struct { +type DescribeTargetGroupAttributesInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the load balancer. - // - // LoadBalancerArn is a required field - LoadBalancerArn *string `type:"string" required:"true"` + // The Amazon Resource Name (ARN) of the target group. + // + // TargetGroupArn is a required field + TargetGroupArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -5807,7 +7699,7 @@ type DescribeLoadBalancerAttributesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancerAttributesInput) String() string { +func (s DescribeTargetGroupAttributesInput) String() string { return awsutil.Prettify(s) } @@ -5816,15 +7708,15 @@ func (s DescribeLoadBalancerAttributesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancerAttributesInput) GoString() string { +func (s DescribeTargetGroupAttributesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeLoadBalancerAttributesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeLoadBalancerAttributesInput"} - if s.LoadBalancerArn == nil { - invalidParams.Add(request.NewErrParamRequired("LoadBalancerArn")) +func (s *DescribeTargetGroupAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTargetGroupAttributesInput"} + if s.TargetGroupArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) } if invalidParams.Len() > 0 { @@ -5833,17 +7725,17 @@ func (s *DescribeLoadBalancerAttributesInput) Validate() error { return nil } -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *DescribeLoadBalancerAttributesInput) SetLoadBalancerArn(v string) *DescribeLoadBalancerAttributesInput { - s.LoadBalancerArn = &v +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *DescribeTargetGroupAttributesInput) SetTargetGroupArn(v string) *DescribeTargetGroupAttributesInput { + s.TargetGroupArn = &v return s } -type DescribeLoadBalancerAttributesOutput struct { +type DescribeTargetGroupAttributesOutput struct { _ struct{} `type:"structure"` - // Information about the load balancer attributes. - Attributes []*LoadBalancerAttribute `type:"list"` + // Information about the target group attributes + Attributes []*TargetGroupAttribute `type:"list"` } // String returns the string representation. @@ -5851,7 +7743,7 @@ type DescribeLoadBalancerAttributesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancerAttributesOutput) String() string { +func (s DescribeTargetGroupAttributesOutput) String() string { return awsutil.Prettify(s) } @@ -5860,32 +7752,34 @@ func (s DescribeLoadBalancerAttributesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancerAttributesOutput) GoString() string { +func (s DescribeTargetGroupAttributesOutput) GoString() string { return s.String() } // SetAttributes sets the Attributes field's value. -func (s *DescribeLoadBalancerAttributesOutput) SetAttributes(v []*LoadBalancerAttribute) *DescribeLoadBalancerAttributesOutput { +func (s *DescribeTargetGroupAttributesOutput) SetAttributes(v []*TargetGroupAttribute) *DescribeTargetGroupAttributesOutput { s.Attributes = v return s } -type DescribeLoadBalancersInput struct { +type DescribeTargetGroupsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the load balancers. You can specify up - // to 20 load balancers in a single call. - LoadBalancerArns []*string `type:"list"` + // The Amazon Resource Name (ARN) of the load balancer. + LoadBalancerArn *string `type:"string"` // The marker for the next set of results. (You received this marker from a // previous call.) Marker *string `type:"string"` - // The names of the load balancers. + // The names of the target groups. Names []*string `type:"list"` // The maximum number of results to return with this call. PageSize *int64 `min:"1" type:"integer"` + + // The Amazon Resource Names (ARN) of the target groups. + TargetGroupArns []*string `type:"list"` } // String returns the string representation. @@ -5893,7 +7787,7 @@ type DescribeLoadBalancersInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancersInput) String() string { +func (s DescribeTargetGroupsInput) String() string { return awsutil.Prettify(s) } @@ -5902,13 +7796,13 @@ func (s DescribeLoadBalancersInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancersInput) GoString() string { +func (s DescribeTargetGroupsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeLoadBalancersInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeLoadBalancersInput"} +func (s *DescribeTargetGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTargetGroupsInput"} if s.PageSize != nil && *s.PageSize < 1 { invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } @@ -5919,39 +7813,45 @@ func (s *DescribeLoadBalancersInput) Validate() error { return nil } -// SetLoadBalancerArns sets the LoadBalancerArns field's value. -func (s *DescribeLoadBalancersInput) SetLoadBalancerArns(v []*string) *DescribeLoadBalancersInput { - s.LoadBalancerArns = v +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *DescribeTargetGroupsInput) SetLoadBalancerArn(v string) *DescribeTargetGroupsInput { + s.LoadBalancerArn = &v return s } // SetMarker sets the Marker field's value. -func (s *DescribeLoadBalancersInput) SetMarker(v string) *DescribeLoadBalancersInput { +func (s *DescribeTargetGroupsInput) SetMarker(v string) *DescribeTargetGroupsInput { s.Marker = &v return s } // SetNames sets the Names field's value. -func (s *DescribeLoadBalancersInput) SetNames(v []*string) *DescribeLoadBalancersInput { +func (s *DescribeTargetGroupsInput) SetNames(v []*string) *DescribeTargetGroupsInput { s.Names = v return s } // SetPageSize sets the PageSize field's value. -func (s *DescribeLoadBalancersInput) SetPageSize(v int64) *DescribeLoadBalancersInput { +func (s *DescribeTargetGroupsInput) SetPageSize(v int64) *DescribeTargetGroupsInput { s.PageSize = &v return s } -type DescribeLoadBalancersOutput struct { - _ struct{} `type:"structure"` +// SetTargetGroupArns sets the TargetGroupArns field's value. +func (s *DescribeTargetGroupsInput) SetTargetGroupArns(v []*string) *DescribeTargetGroupsInput { + s.TargetGroupArns = v + return s +} - // Information about the load balancers. - LoadBalancers []*LoadBalancer `type:"list"` +type DescribeTargetGroupsOutput struct { + _ struct{} `type:"structure"` // If there are additional results, this is the marker for the next set of results. // Otherwise, this is null. NextMarker *string `type:"string"` + + // Information about the target groups. + TargetGroups []*TargetGroup `type:"list"` } // String returns the string representation. @@ -5959,7 +7859,7 @@ type DescribeLoadBalancersOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancersOutput) String() string { +func (s DescribeTargetGroupsOutput) String() string { return awsutil.Prettify(s) } @@ -5968,37 +7868,35 @@ func (s DescribeLoadBalancersOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeLoadBalancersOutput) GoString() string { +func (s DescribeTargetGroupsOutput) GoString() string { return s.String() } -// SetLoadBalancers sets the LoadBalancers field's value. -func (s *DescribeLoadBalancersOutput) SetLoadBalancers(v []*LoadBalancer) *DescribeLoadBalancersOutput { - s.LoadBalancers = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeTargetGroupsOutput) SetNextMarker(v string) *DescribeTargetGroupsOutput { + s.NextMarker = &v return s } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeLoadBalancersOutput) SetNextMarker(v string) *DescribeLoadBalancersOutput { - s.NextMarker = &v +// SetTargetGroups sets the TargetGroups field's value. +func (s *DescribeTargetGroupsOutput) SetTargetGroups(v []*TargetGroup) *DescribeTargetGroupsOutput { + s.TargetGroups = v return s } -type DescribeRulesInput struct { +type DescribeTargetHealthInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the listener. - ListenerArn *string `type:"string"` - - // The marker for the next set of results. (You received this marker from a - // previous call.) - Marker *string `type:"string"` + // Used to inclue anomaly detection information. + Include []*string `type:"list" enum:"DescribeTargetHealthInputIncludeEnum"` - // The maximum number of results to return with this call. - PageSize *int64 `min:"1" type:"integer"` + // The Amazon Resource Name (ARN) of the target group. + // + // TargetGroupArn is a required field + TargetGroupArn *string `type:"string" required:"true"` - // The Amazon Resource Names (ARN) of the rules. - RuleArns []*string `type:"list"` + // The targets. + Targets []*TargetDescription `type:"list"` } // String returns the string representation. @@ -6006,7 +7904,7 @@ type DescribeRulesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeRulesInput) String() string { +func (s DescribeTargetHealthInput) String() string { return awsutil.Prettify(s) } @@ -6015,15 +7913,25 @@ func (s DescribeRulesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeRulesInput) GoString() string { +func (s DescribeTargetHealthInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeRulesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeRulesInput"} - if s.PageSize != nil && *s.PageSize < 1 { - invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) +func (s *DescribeTargetHealthInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTargetHealthInput"} + if s.TargetGroupArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) + } + if s.Targets != nil { + for i, v := range s.Targets { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Targets", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -6032,39 +7940,29 @@ func (s *DescribeRulesInput) Validate() error { return nil } -// SetListenerArn sets the ListenerArn field's value. -func (s *DescribeRulesInput) SetListenerArn(v string) *DescribeRulesInput { - s.ListenerArn = &v - return s -} - -// SetMarker sets the Marker field's value. -func (s *DescribeRulesInput) SetMarker(v string) *DescribeRulesInput { - s.Marker = &v +// SetInclude sets the Include field's value. +func (s *DescribeTargetHealthInput) SetInclude(v []*string) *DescribeTargetHealthInput { + s.Include = v return s } -// SetPageSize sets the PageSize field's value. -func (s *DescribeRulesInput) SetPageSize(v int64) *DescribeRulesInput { - s.PageSize = &v +// SetTargetGroupArn sets the TargetGroupArn field's value. +func (s *DescribeTargetHealthInput) SetTargetGroupArn(v string) *DescribeTargetHealthInput { + s.TargetGroupArn = &v return s } -// SetRuleArns sets the RuleArns field's value. -func (s *DescribeRulesInput) SetRuleArns(v []*string) *DescribeRulesInput { - s.RuleArns = v +// SetTargets sets the Targets field's value. +func (s *DescribeTargetHealthInput) SetTargets(v []*TargetDescription) *DescribeTargetHealthInput { + s.Targets = v return s } -type DescribeRulesOutput struct { +type DescribeTargetHealthOutput struct { _ struct{} `type:"structure"` - // If there are additional results, this is the marker for the next set of results. - // Otherwise, this is null. - NextMarker *string `type:"string"` - - // Information about the rules. - Rules []*Rule `type:"list"` + // Information about the health of the targets. + TargetHealthDescriptions []*TargetHealthDescription `type:"list"` } // String returns the string representation. @@ -6072,7 +7970,7 @@ type DescribeRulesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeRulesOutput) String() string { +func (s DescribeTargetHealthOutput) String() string { return awsutil.Prettify(s) } @@ -6081,38 +7979,30 @@ func (s DescribeRulesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeRulesOutput) GoString() string { +func (s DescribeTargetHealthOutput) GoString() string { return s.String() } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeRulesOutput) SetNextMarker(v string) *DescribeRulesOutput { - s.NextMarker = &v - return s -} - -// SetRules sets the Rules field's value. -func (s *DescribeRulesOutput) SetRules(v []*Rule) *DescribeRulesOutput { - s.Rules = v +// SetTargetHealthDescriptions sets the TargetHealthDescriptions field's value. +func (s *DescribeTargetHealthOutput) SetTargetHealthDescriptions(v []*TargetHealthDescription) *DescribeTargetHealthOutput { + s.TargetHealthDescriptions = v return s } -type DescribeSSLPoliciesInput struct { +type DescribeTrustStoreAssociationsInput struct { _ struct{} `type:"structure"` - // The type of load balancer. The default lists the SSL policies for all load - // balancers. - LoadBalancerType *string `type:"string" enum:"LoadBalancerTypeEnum"` - // The marker for the next set of results. (You received this marker from a // previous call.) Marker *string `type:"string"` - // The names of the policies. - Names []*string `type:"list"` - // The maximum number of results to return with this call. PageSize *int64 `min:"1" type:"integer"` + + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -6120,7 +8010,7 @@ type DescribeSSLPoliciesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeSSLPoliciesInput) String() string { +func (s DescribeTrustStoreAssociationsInput) String() string { return awsutil.Prettify(s) } @@ -6129,16 +8019,19 @@ func (s DescribeSSLPoliciesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeSSLPoliciesInput) GoString() string { +func (s DescribeTrustStoreAssociationsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeSSLPoliciesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeSSLPoliciesInput"} +func (s *DescribeTrustStoreAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrustStoreAssociationsInput"} if s.PageSize != nil && *s.PageSize < 1 { invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) + } if invalidParams.Len() > 0 { return invalidParams @@ -6146,39 +8039,33 @@ func (s *DescribeSSLPoliciesInput) Validate() error { return nil } -// SetLoadBalancerType sets the LoadBalancerType field's value. -func (s *DescribeSSLPoliciesInput) SetLoadBalancerType(v string) *DescribeSSLPoliciesInput { - s.LoadBalancerType = &v - return s -} - // SetMarker sets the Marker field's value. -func (s *DescribeSSLPoliciesInput) SetMarker(v string) *DescribeSSLPoliciesInput { +func (s *DescribeTrustStoreAssociationsInput) SetMarker(v string) *DescribeTrustStoreAssociationsInput { s.Marker = &v return s } -// SetNames sets the Names field's value. -func (s *DescribeSSLPoliciesInput) SetNames(v []*string) *DescribeSSLPoliciesInput { - s.Names = v +// SetPageSize sets the PageSize field's value. +func (s *DescribeTrustStoreAssociationsInput) SetPageSize(v int64) *DescribeTrustStoreAssociationsInput { + s.PageSize = &v return s } -// SetPageSize sets the PageSize field's value. -func (s *DescribeSSLPoliciesInput) SetPageSize(v int64) *DescribeSSLPoliciesInput { - s.PageSize = &v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *DescribeTrustStoreAssociationsInput) SetTrustStoreArn(v string) *DescribeTrustStoreAssociationsInput { + s.TrustStoreArn = &v return s } -type DescribeSSLPoliciesOutput struct { +type DescribeTrustStoreAssociationsOutput struct { _ struct{} `type:"structure"` // If there are additional results, this is the marker for the next set of results. // Otherwise, this is null. NextMarker *string `type:"string"` - // Information about the security policies. - SslPolicies []*SslPolicy `type:"list"` + // Information about the resources the trust store is associated to. + TrustStoreAssociations []*TrustStoreAssociation `type:"list"` } // String returns the string representation. @@ -6186,7 +8073,7 @@ type DescribeSSLPoliciesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeSSLPoliciesOutput) String() string { +func (s DescribeTrustStoreAssociationsOutput) String() string { return awsutil.Prettify(s) } @@ -6195,30 +8082,98 @@ func (s DescribeSSLPoliciesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeSSLPoliciesOutput) GoString() string { +func (s DescribeTrustStoreAssociationsOutput) GoString() string { return s.String() } // SetNextMarker sets the NextMarker field's value. -func (s *DescribeSSLPoliciesOutput) SetNextMarker(v string) *DescribeSSLPoliciesOutput { +func (s *DescribeTrustStoreAssociationsOutput) SetNextMarker(v string) *DescribeTrustStoreAssociationsOutput { s.NextMarker = &v return s } -// SetSslPolicies sets the SslPolicies field's value. -func (s *DescribeSSLPoliciesOutput) SetSslPolicies(v []*SslPolicy) *DescribeSSLPoliciesOutput { - s.SslPolicies = v +// SetTrustStoreAssociations sets the TrustStoreAssociations field's value. +func (s *DescribeTrustStoreAssociationsOutput) SetTrustStoreAssociations(v []*TrustStoreAssociation) *DescribeTrustStoreAssociationsOutput { + s.TrustStoreAssociations = v + return s +} + +// Information about the revocations used by a trust store. +type DescribeTrustStoreRevocation struct { + _ struct{} `type:"structure"` + + // The number of revoked certificates. + NumberOfRevokedEntries *int64 `type:"long"` + + // The revocation ID of a revocation file in use. + RevocationId *int64 `type:"long"` + + // The type of revocation file. + RevocationType *string `type:"string" enum:"RevocationType"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeTrustStoreRevocation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeTrustStoreRevocation) GoString() string { + return s.String() +} + +// SetNumberOfRevokedEntries sets the NumberOfRevokedEntries field's value. +func (s *DescribeTrustStoreRevocation) SetNumberOfRevokedEntries(v int64) *DescribeTrustStoreRevocation { + s.NumberOfRevokedEntries = &v + return s +} + +// SetRevocationId sets the RevocationId field's value. +func (s *DescribeTrustStoreRevocation) SetRevocationId(v int64) *DescribeTrustStoreRevocation { + s.RevocationId = &v + return s +} + +// SetRevocationType sets the RevocationType field's value. +func (s *DescribeTrustStoreRevocation) SetRevocationType(v string) *DescribeTrustStoreRevocation { + s.RevocationType = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *DescribeTrustStoreRevocation) SetTrustStoreArn(v string) *DescribeTrustStoreRevocation { + s.TrustStoreArn = &v return s } -type DescribeTagsInput struct { +type DescribeTrustStoreRevocationsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the resources. You can specify up to 20 - // resources in a single call. + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` + + // The revocation IDs of the revocation files you want to describe. + RevocationIds []*int64 `type:"list"` + + // The Amazon Resource Name (ARN) of the trust store. // - // ResourceArns is a required field - ResourceArns []*string `type:"list" required:"true"` + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -6226,7 +8181,7 @@ type DescribeTagsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTagsInput) String() string { +func (s DescribeTrustStoreRevocationsInput) String() string { return awsutil.Prettify(s) } @@ -6235,15 +8190,18 @@ func (s DescribeTagsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTagsInput) GoString() string { +func (s DescribeTrustStoreRevocationsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeTagsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeTagsInput"} - if s.ResourceArns == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceArns")) +func (s *DescribeTrustStoreRevocationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrustStoreRevocationsInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) + } + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -6252,17 +8210,39 @@ func (s *DescribeTagsInput) Validate() error { return nil } -// SetResourceArns sets the ResourceArns field's value. -func (s *DescribeTagsInput) SetResourceArns(v []*string) *DescribeTagsInput { - s.ResourceArns = v +// SetMarker sets the Marker field's value. +func (s *DescribeTrustStoreRevocationsInput) SetMarker(v string) *DescribeTrustStoreRevocationsInput { + s.Marker = &v return s } -type DescribeTagsOutput struct { +// SetPageSize sets the PageSize field's value. +func (s *DescribeTrustStoreRevocationsInput) SetPageSize(v int64) *DescribeTrustStoreRevocationsInput { + s.PageSize = &v + return s +} + +// SetRevocationIds sets the RevocationIds field's value. +func (s *DescribeTrustStoreRevocationsInput) SetRevocationIds(v []*int64) *DescribeTrustStoreRevocationsInput { + s.RevocationIds = v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *DescribeTrustStoreRevocationsInput) SetTrustStoreArn(v string) *DescribeTrustStoreRevocationsInput { + s.TrustStoreArn = &v + return s +} + +type DescribeTrustStoreRevocationsOutput struct { _ struct{} `type:"structure"` - // Information about the tags. - TagDescriptions []*TagDescription `type:"list"` + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` + + // Information about the revocation file in the trust store. + TrustStoreRevocations []*DescribeTrustStoreRevocation `type:"list"` } // String returns the string representation. @@ -6270,7 +8250,7 @@ type DescribeTagsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTagsOutput) String() string { +func (s DescribeTrustStoreRevocationsOutput) String() string { return awsutil.Prettify(s) } @@ -6279,23 +8259,37 @@ func (s DescribeTagsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTagsOutput) GoString() string { +func (s DescribeTrustStoreRevocationsOutput) GoString() string { return s.String() } -// SetTagDescriptions sets the TagDescriptions field's value. -func (s *DescribeTagsOutput) SetTagDescriptions(v []*TagDescription) *DescribeTagsOutput { - s.TagDescriptions = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeTrustStoreRevocationsOutput) SetNextMarker(v string) *DescribeTrustStoreRevocationsOutput { + s.NextMarker = &v return s } -type DescribeTargetGroupAttributesInput struct { +// SetTrustStoreRevocations sets the TrustStoreRevocations field's value. +func (s *DescribeTrustStoreRevocationsOutput) SetTrustStoreRevocations(v []*DescribeTrustStoreRevocation) *DescribeTrustStoreRevocationsOutput { + s.TrustStoreRevocations = v + return s +} + +type DescribeTrustStoresInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the target group. - // - // TargetGroupArn is a required field - TargetGroupArn *string `type:"string" required:"true"` + // The marker for the next set of results. (You received this marker from a + // previous call.) + Marker *string `type:"string"` + + // The names of the trust stores. + Names []*string `type:"list"` + + // The maximum number of results to return with this call. + PageSize *int64 `min:"1" type:"integer"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArns []*string `type:"list"` } // String returns the string representation. @@ -6303,7 +8297,7 @@ type DescribeTargetGroupAttributesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupAttributesInput) String() string { +func (s DescribeTrustStoresInput) String() string { return awsutil.Prettify(s) } @@ -6312,15 +8306,15 @@ func (s DescribeTargetGroupAttributesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupAttributesInput) GoString() string { +func (s DescribeTrustStoresInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeTargetGroupAttributesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeTargetGroupAttributesInput"} - if s.TargetGroupArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) +func (s *DescribeTrustStoresInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrustStoresInput"} + if s.PageSize != nil && *s.PageSize < 1 { + invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) } if invalidParams.Len() > 0 { @@ -6329,17 +8323,39 @@ func (s *DescribeTargetGroupAttributesInput) Validate() error { return nil } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *DescribeTargetGroupAttributesInput) SetTargetGroupArn(v string) *DescribeTargetGroupAttributesInput { - s.TargetGroupArn = &v +// SetMarker sets the Marker field's value. +func (s *DescribeTrustStoresInput) SetMarker(v string) *DescribeTrustStoresInput { + s.Marker = &v return s } -type DescribeTargetGroupAttributesOutput struct { +// SetNames sets the Names field's value. +func (s *DescribeTrustStoresInput) SetNames(v []*string) *DescribeTrustStoresInput { + s.Names = v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *DescribeTrustStoresInput) SetPageSize(v int64) *DescribeTrustStoresInput { + s.PageSize = &v + return s +} + +// SetTrustStoreArns sets the TrustStoreArns field's value. +func (s *DescribeTrustStoresInput) SetTrustStoreArns(v []*string) *DescribeTrustStoresInput { + s.TrustStoreArns = v + return s +} + +type DescribeTrustStoresOutput struct { _ struct{} `type:"structure"` - // Information about the target group attributes - Attributes []*TargetGroupAttribute `type:"list"` + // If there are additional results, this is the marker for the next set of results. + // Otherwise, this is null. + NextMarker *string `type:"string"` + + // Information about the trust stores. + TrustStores []*TrustStore `type:"list"` } // String returns the string representation. @@ -6347,7 +8363,7 @@ type DescribeTargetGroupAttributesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupAttributesOutput) String() string { +func (s DescribeTrustStoresOutput) String() string { return awsutil.Prettify(s) } @@ -6356,34 +8372,39 @@ func (s DescribeTargetGroupAttributesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupAttributesOutput) GoString() string { +func (s DescribeTrustStoresOutput) GoString() string { return s.String() } -// SetAttributes sets the Attributes field's value. -func (s *DescribeTargetGroupAttributesOutput) SetAttributes(v []*TargetGroupAttribute) *DescribeTargetGroupAttributesOutput { - s.Attributes = v +// SetNextMarker sets the NextMarker field's value. +func (s *DescribeTrustStoresOutput) SetNextMarker(v string) *DescribeTrustStoresOutput { + s.NextMarker = &v return s } -type DescribeTargetGroupsInput struct { - _ struct{} `type:"structure"` - - // The Amazon Resource Name (ARN) of the load balancer. - LoadBalancerArn *string `type:"string"` +// SetTrustStores sets the TrustStores field's value. +func (s *DescribeTrustStoresOutput) SetTrustStores(v []*TrustStore) *DescribeTrustStoresOutput { + s.TrustStores = v + return s +} - // The marker for the next set of results. (You received this marker from a - // previous call.) - Marker *string `type:"string"` +// Information about an action that returns a custom HTTP response. +type FixedResponseActionConfig struct { + _ struct{} `type:"structure"` - // The names of the target groups. - Names []*string `type:"list"` + // The content type. + // + // Valid Values: text/plain | text/css | text/html | application/javascript + // | application/json + ContentType *string `type:"string"` - // The maximum number of results to return with this call. - PageSize *int64 `min:"1" type:"integer"` + // The message. + MessageBody *string `type:"string"` - // The Amazon Resource Names (ARN) of the target groups. - TargetGroupArns []*string `type:"list"` + // The HTTP response code (2XX, 4XX, or 5XX). + // + // StatusCode is a required field + StatusCode *string `type:"string" required:"true"` } // String returns the string representation. @@ -6391,7 +8412,7 @@ type DescribeTargetGroupsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupsInput) String() string { +func (s FixedResponseActionConfig) String() string { return awsutil.Prettify(s) } @@ -6400,15 +8421,15 @@ func (s DescribeTargetGroupsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupsInput) GoString() string { +func (s FixedResponseActionConfig) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeTargetGroupsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeTargetGroupsInput"} - if s.PageSize != nil && *s.PageSize < 1 { - invalidParams.Add(request.NewErrParamMinValue("PageSize", 1)) +func (s *FixedResponseActionConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "FixedResponseActionConfig"} + if s.StatusCode == nil { + invalidParams.Add(request.NewErrParamRequired("StatusCode")) } if invalidParams.Len() > 0 { @@ -6417,45 +8438,34 @@ func (s *DescribeTargetGroupsInput) Validate() error { return nil } -// SetLoadBalancerArn sets the LoadBalancerArn field's value. -func (s *DescribeTargetGroupsInput) SetLoadBalancerArn(v string) *DescribeTargetGroupsInput { - s.LoadBalancerArn = &v - return s -} - -// SetMarker sets the Marker field's value. -func (s *DescribeTargetGroupsInput) SetMarker(v string) *DescribeTargetGroupsInput { - s.Marker = &v - return s -} - -// SetNames sets the Names field's value. -func (s *DescribeTargetGroupsInput) SetNames(v []*string) *DescribeTargetGroupsInput { - s.Names = v +// SetContentType sets the ContentType field's value. +func (s *FixedResponseActionConfig) SetContentType(v string) *FixedResponseActionConfig { + s.ContentType = &v return s } -// SetPageSize sets the PageSize field's value. -func (s *DescribeTargetGroupsInput) SetPageSize(v int64) *DescribeTargetGroupsInput { - s.PageSize = &v +// SetMessageBody sets the MessageBody field's value. +func (s *FixedResponseActionConfig) SetMessageBody(v string) *FixedResponseActionConfig { + s.MessageBody = &v return s } -// SetTargetGroupArns sets the TargetGroupArns field's value. -func (s *DescribeTargetGroupsInput) SetTargetGroupArns(v []*string) *DescribeTargetGroupsInput { - s.TargetGroupArns = v +// SetStatusCode sets the StatusCode field's value. +func (s *FixedResponseActionConfig) SetStatusCode(v string) *FixedResponseActionConfig { + s.StatusCode = &v return s } -type DescribeTargetGroupsOutput struct { +// Information about a forward action. +type ForwardActionConfig struct { _ struct{} `type:"structure"` - // If there are additional results, this is the marker for the next set of results. - // Otherwise, this is null. - NextMarker *string `type:"string"` + // The target group stickiness for the rule. + TargetGroupStickinessConfig *TargetGroupStickinessConfig `type:"structure"` - // Information about the target groups. - TargetGroups []*TargetGroup `type:"list"` + // The target groups. For Network Load Balancers, you can specify a single target + // group. + TargetGroups []*TargetGroupTuple `type:"list"` } // String returns the string representation. @@ -6463,7 +8473,7 @@ type DescribeTargetGroupsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupsOutput) String() string { +func (s ForwardActionConfig) String() string { return awsutil.Prettify(s) } @@ -6472,32 +8482,29 @@ func (s DescribeTargetGroupsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetGroupsOutput) GoString() string { +func (s ForwardActionConfig) GoString() string { return s.String() } -// SetNextMarker sets the NextMarker field's value. -func (s *DescribeTargetGroupsOutput) SetNextMarker(v string) *DescribeTargetGroupsOutput { - s.NextMarker = &v +// SetTargetGroupStickinessConfig sets the TargetGroupStickinessConfig field's value. +func (s *ForwardActionConfig) SetTargetGroupStickinessConfig(v *TargetGroupStickinessConfig) *ForwardActionConfig { + s.TargetGroupStickinessConfig = v return s } // SetTargetGroups sets the TargetGroups field's value. -func (s *DescribeTargetGroupsOutput) SetTargetGroups(v []*TargetGroup) *DescribeTargetGroupsOutput { +func (s *ForwardActionConfig) SetTargetGroups(v []*TargetGroupTuple) *ForwardActionConfig { s.TargetGroups = v return s } -type DescribeTargetHealthInput struct { +type GetTrustStoreCaCertificatesBundleInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the target group. + // The Amazon Resource Name (ARN) of the trust store. // - // TargetGroupArn is a required field - TargetGroupArn *string `type:"string" required:"true"` - - // The targets. - Targets []*TargetDescription `type:"list"` + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -6505,7 +8512,7 @@ type DescribeTargetHealthInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetHealthInput) String() string { +func (s GetTrustStoreCaCertificatesBundleInput) String() string { return awsutil.Prettify(s) } @@ -6514,25 +8521,15 @@ func (s DescribeTargetHealthInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetHealthInput) GoString() string { +func (s GetTrustStoreCaCertificatesBundleInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeTargetHealthInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeTargetHealthInput"} - if s.TargetGroupArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetGroupArn")) - } - if s.Targets != nil { - for i, v := range s.Targets { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Targets", i), err.(request.ErrInvalidParams)) - } - } +func (s *GetTrustStoreCaCertificatesBundleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetTrustStoreCaCertificatesBundleInput"} + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -6541,23 +8538,17 @@ func (s *DescribeTargetHealthInput) Validate() error { return nil } -// SetTargetGroupArn sets the TargetGroupArn field's value. -func (s *DescribeTargetHealthInput) SetTargetGroupArn(v string) *DescribeTargetHealthInput { - s.TargetGroupArn = &v - return s -} - -// SetTargets sets the Targets field's value. -func (s *DescribeTargetHealthInput) SetTargets(v []*TargetDescription) *DescribeTargetHealthInput { - s.Targets = v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *GetTrustStoreCaCertificatesBundleInput) SetTrustStoreArn(v string) *GetTrustStoreCaCertificatesBundleInput { + s.TrustStoreArn = &v return s } -type DescribeTargetHealthOutput struct { +type GetTrustStoreCaCertificatesBundleOutput struct { _ struct{} `type:"structure"` - // Information about the health of the targets. - TargetHealthDescriptions []*TargetHealthDescription `type:"list"` + // The ca certificate bundles Amazon S3 URI. + Location *string `type:"string"` } // String returns the string representation. @@ -6565,7 +8556,7 @@ type DescribeTargetHealthOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetHealthOutput) String() string { +func (s GetTrustStoreCaCertificatesBundleOutput) String() string { return awsutil.Prettify(s) } @@ -6574,33 +8565,28 @@ func (s DescribeTargetHealthOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeTargetHealthOutput) GoString() string { +func (s GetTrustStoreCaCertificatesBundleOutput) GoString() string { return s.String() } -// SetTargetHealthDescriptions sets the TargetHealthDescriptions field's value. -func (s *DescribeTargetHealthOutput) SetTargetHealthDescriptions(v []*TargetHealthDescription) *DescribeTargetHealthOutput { - s.TargetHealthDescriptions = v +// SetLocation sets the Location field's value. +func (s *GetTrustStoreCaCertificatesBundleOutput) SetLocation(v string) *GetTrustStoreCaCertificatesBundleOutput { + s.Location = &v return s } -// Information about an action that returns a custom HTTP response. -type FixedResponseActionConfig struct { - _ struct{} `type:"structure"` - - // The content type. - // - // Valid Values: text/plain | text/css | text/html | application/javascript - // | application/json - ContentType *string `type:"string"` - - // The message. - MessageBody *string `type:"string"` +type GetTrustStoreRevocationContentInput struct { + _ struct{} `type:"structure"` - // The HTTP response code (2XX, 4XX, or 5XX). + // The revocation ID of the revocation file. // - // StatusCode is a required field - StatusCode *string `type:"string" required:"true"` + // RevocationId is a required field + RevocationId *int64 `type:"long" required:"true"` + + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -6608,7 +8594,7 @@ type FixedResponseActionConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s FixedResponseActionConfig) String() string { +func (s GetTrustStoreRevocationContentInput) String() string { return awsutil.Prettify(s) } @@ -6617,15 +8603,18 @@ func (s FixedResponseActionConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s FixedResponseActionConfig) GoString() string { +func (s GetTrustStoreRevocationContentInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *FixedResponseActionConfig) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "FixedResponseActionConfig"} - if s.StatusCode == nil { - invalidParams.Add(request.NewErrParamRequired("StatusCode")) +func (s *GetTrustStoreRevocationContentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetTrustStoreRevocationContentInput"} + if s.RevocationId == nil { + invalidParams.Add(request.NewErrParamRequired("RevocationId")) + } + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -6634,34 +8623,23 @@ func (s *FixedResponseActionConfig) Validate() error { return nil } -// SetContentType sets the ContentType field's value. -func (s *FixedResponseActionConfig) SetContentType(v string) *FixedResponseActionConfig { - s.ContentType = &v - return s -} - -// SetMessageBody sets the MessageBody field's value. -func (s *FixedResponseActionConfig) SetMessageBody(v string) *FixedResponseActionConfig { - s.MessageBody = &v +// SetRevocationId sets the RevocationId field's value. +func (s *GetTrustStoreRevocationContentInput) SetRevocationId(v int64) *GetTrustStoreRevocationContentInput { + s.RevocationId = &v return s } -// SetStatusCode sets the StatusCode field's value. -func (s *FixedResponseActionConfig) SetStatusCode(v string) *FixedResponseActionConfig { - s.StatusCode = &v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *GetTrustStoreRevocationContentInput) SetTrustStoreArn(v string) *GetTrustStoreRevocationContentInput { + s.TrustStoreArn = &v return s } -// Information about a forward action. -type ForwardActionConfig struct { +type GetTrustStoreRevocationContentOutput struct { _ struct{} `type:"structure"` - // The target group stickiness for the rule. - TargetGroupStickinessConfig *TargetGroupStickinessConfig `type:"structure"` - - // The target groups. For Network Load Balancers, you can specify a single target - // group. - TargetGroups []*TargetGroupTuple `type:"list"` + // The revocation files Amazon S3 URI. + Location *string `type:"string"` } // String returns the string representation. @@ -6669,7 +8647,7 @@ type ForwardActionConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ForwardActionConfig) String() string { +func (s GetTrustStoreRevocationContentOutput) String() string { return awsutil.Prettify(s) } @@ -6678,19 +8656,13 @@ func (s ForwardActionConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ForwardActionConfig) GoString() string { +func (s GetTrustStoreRevocationContentOutput) GoString() string { return s.String() } -// SetTargetGroupStickinessConfig sets the TargetGroupStickinessConfig field's value. -func (s *ForwardActionConfig) SetTargetGroupStickinessConfig(v *TargetGroupStickinessConfig) *ForwardActionConfig { - s.TargetGroupStickinessConfig = v - return s -} - -// SetTargetGroups sets the TargetGroups field's value. -func (s *ForwardActionConfig) SetTargetGroups(v []*TargetGroupTuple) *ForwardActionConfig { - s.TargetGroups = v +// SetLocation sets the Location field's value. +func (s *GetTrustStoreRevocationContentOutput) SetLocation(v string) *GetTrustStoreRevocationContentOutput { + s.Location = &v return s } @@ -6836,6 +8808,14 @@ func (s *HttpRequestMethodConditionConfig) SetValues(v []*string) *HttpRequestMe // Information about an Elastic Load Balancing resource limit for your Amazon // Web Services account. +// +// For more information, see the following: +// +// - Quotas for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) +// +// - Quotas for your Network Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html) +// +// - Quotas for your Gateway Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html) type Limit struct { _ struct{} `type:"structure"` @@ -6932,6 +8912,9 @@ type Listener struct { // The Amazon Resource Name (ARN) of the load balancer. LoadBalancerArn *string `type:"string"` + // The mutual authentication configuration information. + MutualAuthentication *MutualAuthenticationAttributes `type:"structure"` + // The port on which the load balancer is listening. Port *int64 `min:"1" type:"integer"` @@ -6991,6 +8974,12 @@ func (s *Listener) SetLoadBalancerArn(v string) *Listener { return s } +// SetMutualAuthentication sets the MutualAuthentication field's value. +func (s *Listener) SetMutualAuthentication(v *MutualAuthenticationAttributes) *Listener { + s.MutualAuthentication = v + return s +} + // SetPort sets the Port field's value. func (s *Listener) SetPort(v int64) *Listener { s.Port = &v @@ -7029,6 +9018,10 @@ type LoadBalancer struct { // The public DNS name of the load balancer. DNSName *string `type:"string"` + // Indicates whether to evaluate inbound security group rules for traffic sent + // to a Network Load Balancer through Amazon Web Services PrivateLink. + EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic *string `type:"string"` + // The type of IP addresses used by the subnets for your load balancer. The // possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and // IPv6 addresses). @@ -7112,6 +9105,12 @@ func (s *LoadBalancer) SetDNSName(v string) *LoadBalancer { return s } +// SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic sets the EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic field's value. +func (s *LoadBalancer) SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(v string) *LoadBalancer { + s.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = &v + return s +} + // SetIpAddressType sets the IpAddressType field's value. func (s *LoadBalancer) SetIpAddressType(v string) *LoadBalancer { s.IpAddressType = &v @@ -7260,6 +9259,17 @@ type LoadBalancerAttribute struct { // * idle_timeout.timeout_seconds - The idle timeout value, in seconds. The // valid range is 1-4000 seconds. The default is 60 seconds. // + // * connection_logs.s3.enabled - Indicates whether connection logs are enabled. + // The value is true or false. The default is false. + // + // * connection_logs.s3.bucket - The name of the S3 bucket for the connection + // logs. This attribute is required if connection logs are enabled. The bucket + // must exist in the same region as the load balancer and have a bucket policy + // that grants Elastic Load Balancing permissions to write to the bucket. + // + // * connection_logs.s3.prefix - The prefix for the location in the S3 bucket + // for the connection logs. + // // * routing.http.desync_mitigation_mode - Determines how the load balancer // handles requests that might pose a security risk to your application. // The possible values are monitor, defensive, and strictest. The default @@ -7310,6 +9320,14 @@ type LoadBalancerAttribute struct { // balancer to route requests to targets if it is unable to forward the request // to Amazon Web Services WAF. The possible values are true and false. The // default is false. + // + // The following attributes are supported by only Network Load Balancers: + // + // * dns_record.client_routing_policy - Indicates how traffic is distributed + // among the load balancer Availability Zones. The possible values are availability_zone_affinity + // with 100 percent zonal affinity, partial_availability_zone_affinity with + // 85 percent zonal affinity, and any_availability_zone with 0 percent zonal + // affinity. Key *string `type:"string"` // The value of the attribute. @@ -7480,6 +9498,9 @@ type ModifyListenerInput struct { // ListenerArn is a required field ListenerArn *string `type:"string" required:"true"` + // The mutual authentication configuration information. + MutualAuthentication *MutualAuthenticationAttributes `type:"structure"` + // The port for connections from clients to the load balancer. You cannot specify // a port for a Gateway Load Balancer. Port *int64 `min:"1" type:"integer"` @@ -7568,6 +9589,12 @@ func (s *ModifyListenerInput) SetListenerArn(v string) *ModifyListenerInput { return s } +// SetMutualAuthentication sets the MutualAuthentication field's value. +func (s *ModifyListenerInput) SetMutualAuthentication(v *MutualAuthenticationAttributes) *ModifyListenerInput { + s.MutualAuthentication = v + return s +} + // SetPort sets the Port field's value. func (s *ModifyListenerInput) SetPort(v int64) *ModifyListenerInput { s.Port = &v @@ -8096,6 +10123,172 @@ func (s *ModifyTargetGroupOutput) SetTargetGroups(v []*TargetGroup) *ModifyTarge return s } +type ModifyTrustStoreInput struct { + _ struct{} `type:"structure"` + + // The Amazon S3 bucket for the ca certificates bundle. + // + // CaCertificatesBundleS3Bucket is a required field + CaCertificatesBundleS3Bucket *string `type:"string" required:"true"` + + // The Amazon S3 path for the ca certificates bundle. + // + // CaCertificatesBundleS3Key is a required field + CaCertificatesBundleS3Key *string `type:"string" required:"true"` + + // The Amazon S3 object version for the ca certificates bundle. If undefined + // the current version is used. + CaCertificatesBundleS3ObjectVersion *string `type:"string"` + + // The Amazon Resource Name (ARN) of the trust store. + // + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTrustStoreInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTrustStoreInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyTrustStoreInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyTrustStoreInput"} + if s.CaCertificatesBundleS3Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("CaCertificatesBundleS3Bucket")) + } + if s.CaCertificatesBundleS3Key == nil { + invalidParams.Add(request.NewErrParamRequired("CaCertificatesBundleS3Key")) + } + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCaCertificatesBundleS3Bucket sets the CaCertificatesBundleS3Bucket field's value. +func (s *ModifyTrustStoreInput) SetCaCertificatesBundleS3Bucket(v string) *ModifyTrustStoreInput { + s.CaCertificatesBundleS3Bucket = &v + return s +} + +// SetCaCertificatesBundleS3Key sets the CaCertificatesBundleS3Key field's value. +func (s *ModifyTrustStoreInput) SetCaCertificatesBundleS3Key(v string) *ModifyTrustStoreInput { + s.CaCertificatesBundleS3Key = &v + return s +} + +// SetCaCertificatesBundleS3ObjectVersion sets the CaCertificatesBundleS3ObjectVersion field's value. +func (s *ModifyTrustStoreInput) SetCaCertificatesBundleS3ObjectVersion(v string) *ModifyTrustStoreInput { + s.CaCertificatesBundleS3ObjectVersion = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *ModifyTrustStoreInput) SetTrustStoreArn(v string) *ModifyTrustStoreInput { + s.TrustStoreArn = &v + return s +} + +type ModifyTrustStoreOutput struct { + _ struct{} `type:"structure"` + + // Information about the modified trust store. + TrustStores []*TrustStore `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTrustStoreOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTrustStoreOutput) GoString() string { + return s.String() +} + +// SetTrustStores sets the TrustStores field's value. +func (s *ModifyTrustStoreOutput) SetTrustStores(v []*TrustStore) *ModifyTrustStoreOutput { + s.TrustStores = v + return s +} + +// Information about the mutual authentication attributes of a listener. +type MutualAuthenticationAttributes struct { + _ struct{} `type:"structure"` + + // Indicates whether expired client certificates are ignored. + IgnoreClientCertificateExpiry *bool `type:"boolean"` + + // The client certificate handling method. Options are off, passthrough or verify. + // The default value is off. + Mode *string `type:"string"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MutualAuthenticationAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MutualAuthenticationAttributes) GoString() string { + return s.String() +} + +// SetIgnoreClientCertificateExpiry sets the IgnoreClientCertificateExpiry field's value. +func (s *MutualAuthenticationAttributes) SetIgnoreClientCertificateExpiry(v bool) *MutualAuthenticationAttributes { + s.IgnoreClientCertificateExpiry = &v + return s +} + +// SetMode sets the Mode field's value. +func (s *MutualAuthenticationAttributes) SetMode(v string) *MutualAuthenticationAttributes { + s.Mode = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *MutualAuthenticationAttributes) SetTrustStoreArn(v string) *MutualAuthenticationAttributes { + s.TrustStoreArn = &v + return s +} + // Information about a path pattern condition. type PathPatternConditionConfig struct { _ struct{} `type:"structure"` @@ -8488,19 +10681,101 @@ func (s *RemoveListenerCertificatesInput) Validate() error { return nil } -// SetCertificates sets the Certificates field's value. -func (s *RemoveListenerCertificatesInput) SetCertificates(v []*Certificate) *RemoveListenerCertificatesInput { - s.Certificates = v +// SetCertificates sets the Certificates field's value. +func (s *RemoveListenerCertificatesInput) SetCertificates(v []*Certificate) *RemoveListenerCertificatesInput { + s.Certificates = v + return s +} + +// SetListenerArn sets the ListenerArn field's value. +func (s *RemoveListenerCertificatesInput) SetListenerArn(v string) *RemoveListenerCertificatesInput { + s.ListenerArn = &v + return s +} + +type RemoveListenerCertificatesOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveListenerCertificatesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveListenerCertificatesOutput) GoString() string { + return s.String() +} + +type RemoveTagsInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the resource. + // + // ResourceArns is a required field + ResourceArns []*string `type:"list" required:"true"` + + // The tag keys for the tags to remove. + // + // TagKeys is a required field + TagKeys []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveTagsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveTagsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RemoveTagsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RemoveTagsInput"} + if s.ResourceArns == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArns")) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArns sets the ResourceArns field's value. +func (s *RemoveTagsInput) SetResourceArns(v []*string) *RemoveTagsInput { + s.ResourceArns = v return s } -// SetListenerArn sets the ListenerArn field's value. -func (s *RemoveListenerCertificatesInput) SetListenerArn(v string) *RemoveListenerCertificatesInput { - s.ListenerArn = &v +// SetTagKeys sets the TagKeys field's value. +func (s *RemoveTagsInput) SetTagKeys(v []*string) *RemoveTagsInput { + s.TagKeys = v return s } -type RemoveListenerCertificatesOutput struct { +type RemoveTagsOutput struct { _ struct{} `type:"structure"` } @@ -8509,7 +10784,7 @@ type RemoveListenerCertificatesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveListenerCertificatesOutput) String() string { +func (s RemoveTagsOutput) String() string { return awsutil.Prettify(s) } @@ -8518,22 +10793,22 @@ func (s RemoveListenerCertificatesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveListenerCertificatesOutput) GoString() string { +func (s RemoveTagsOutput) GoString() string { return s.String() } -type RemoveTagsInput struct { +type RemoveTrustStoreRevocationsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the resource. + // The revocation IDs of the revocation files you want to remove. // - // ResourceArns is a required field - ResourceArns []*string `type:"list" required:"true"` + // RevocationIds is a required field + RevocationIds []*int64 `type:"list" required:"true"` - // The tag keys for the tags to remove. + // The Amazon Resource Name (ARN) of the trust store. // - // TagKeys is a required field - TagKeys []*string `type:"list" required:"true"` + // TrustStoreArn is a required field + TrustStoreArn *string `type:"string" required:"true"` } // String returns the string representation. @@ -8541,7 +10816,7 @@ type RemoveTagsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveTagsInput) String() string { +func (s RemoveTrustStoreRevocationsInput) String() string { return awsutil.Prettify(s) } @@ -8550,18 +10825,18 @@ func (s RemoveTagsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveTagsInput) GoString() string { +func (s RemoveTrustStoreRevocationsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *RemoveTagsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "RemoveTagsInput"} - if s.ResourceArns == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceArns")) +func (s *RemoveTrustStoreRevocationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RemoveTrustStoreRevocationsInput"} + if s.RevocationIds == nil { + invalidParams.Add(request.NewErrParamRequired("RevocationIds")) } - if s.TagKeys == nil { - invalidParams.Add(request.NewErrParamRequired("TagKeys")) + if s.TrustStoreArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustStoreArn")) } if invalidParams.Len() > 0 { @@ -8570,19 +10845,19 @@ func (s *RemoveTagsInput) Validate() error { return nil } -// SetResourceArns sets the ResourceArns field's value. -func (s *RemoveTagsInput) SetResourceArns(v []*string) *RemoveTagsInput { - s.ResourceArns = v +// SetRevocationIds sets the RevocationIds field's value. +func (s *RemoveTrustStoreRevocationsInput) SetRevocationIds(v []*int64) *RemoveTrustStoreRevocationsInput { + s.RevocationIds = v return s } -// SetTagKeys sets the TagKeys field's value. -func (s *RemoveTagsInput) SetTagKeys(v []*string) *RemoveTagsInput { - s.TagKeys = v +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *RemoveTrustStoreRevocationsInput) SetTrustStoreArn(v string) *RemoveTrustStoreRevocationsInput { + s.TrustStoreArn = &v return s } -type RemoveTagsOutput struct { +type RemoveTrustStoreRevocationsOutput struct { _ struct{} `type:"structure"` } @@ -8591,7 +10866,7 @@ type RemoveTagsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveTagsOutput) String() string { +func (s RemoveTrustStoreRevocationsOutput) String() string { return awsutil.Prettify(s) } @@ -8600,10 +10875,69 @@ func (s RemoveTagsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s RemoveTagsOutput) GoString() string { +func (s RemoveTrustStoreRevocationsOutput) GoString() string { + return s.String() +} + +// Information about a revocation file. +type RevocationContent struct { + _ struct{} `type:"structure"` + + // The type of revocation file. + RevocationType *string `type:"string" enum:"RevocationType"` + + // The Amazon S3 bucket for the revocation file. + S3Bucket *string `type:"string"` + + // The Amazon S3 path for the revocation file. + S3Key *string `type:"string"` + + // The Amazon S3 object version of the revocation file. + S3ObjectVersion *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RevocationContent) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RevocationContent) GoString() string { return s.String() } +// SetRevocationType sets the RevocationType field's value. +func (s *RevocationContent) SetRevocationType(v string) *RevocationContent { + s.RevocationType = &v + return s +} + +// SetS3Bucket sets the S3Bucket field's value. +func (s *RevocationContent) SetS3Bucket(v string) *RevocationContent { + s.S3Bucket = &v + return s +} + +// SetS3Key sets the S3Key field's value. +func (s *RevocationContent) SetS3Key(v string) *RevocationContent { + s.S3Key = &v + return s +} + +// SetS3ObjectVersion sets the S3ObjectVersion field's value. +func (s *RevocationContent) SetS3ObjectVersion(v string) *RevocationContent { + s.S3ObjectVersion = &v + return s +} + // Information about a rule. type Rule struct { _ struct{} `type:"structure"` @@ -8683,6 +11017,8 @@ func (s *Rule) SetRuleArn(v string) *Rule { // can also optionally include one or more of each of the following conditions: // http-header and query-string. Note that the value for a condition cannot // be empty. +// +// For more information, see Quotas for your Application Load Balancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html). type RuleCondition struct { _ struct{} `type:"structure"` @@ -9056,6 +11392,11 @@ func (s *SetRulePrioritiesOutput) SetRules(v []*Rule) *SetRulePrioritiesOutput { type SetSecurityGroupsInput struct { _ struct{} `type:"structure"` + // Indicates whether to evaluate inbound security group rules for traffic sent + // to a Network Load Balancer through Amazon Web Services PrivateLink. The default + // is on. + EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic *string `type:"string" enum:"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum"` + // The Amazon Resource Name (ARN) of the load balancer. // // LoadBalancerArn is a required field @@ -9101,6 +11442,12 @@ func (s *SetSecurityGroupsInput) Validate() error { return nil } +// SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic sets the EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic field's value. +func (s *SetSecurityGroupsInput) SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(v string) *SetSecurityGroupsInput { + s.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = &v + return s +} + // SetLoadBalancerArn sets the LoadBalancerArn field's value. func (s *SetSecurityGroupsInput) SetLoadBalancerArn(v string) *SetSecurityGroupsInput { s.LoadBalancerArn = &v @@ -9116,6 +11463,10 @@ func (s *SetSecurityGroupsInput) SetSecurityGroups(v []*string) *SetSecurityGrou type SetSecurityGroupsOutput struct { _ struct{} `type:"structure"` + // Indicates whether to evaluate inbound security group rules for traffic sent + // to a Network Load Balancer through Amazon Web Services PrivateLink. + EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic *string `type:"string" enum:"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum"` + // The IDs of the security groups associated with the load balancer. SecurityGroupIds []*string `type:"list"` } @@ -9138,6 +11489,12 @@ func (s SetSecurityGroupsOutput) GoString() string { return s.String() } +// SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic sets the EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic field's value. +func (s *SetSecurityGroupsOutput) SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(v string) *SetSecurityGroupsOutput { + s.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = &v + return s +} + // SetSecurityGroupIds sets the SecurityGroupIds field's value. func (s *SetSecurityGroupsOutput) SetSecurityGroupIds(v []*string) *SetSecurityGroupsOutput { s.SecurityGroupIds = v @@ -9150,7 +11507,11 @@ type SetSubnetsInput struct { // [Network Load Balancers] The type of IP addresses used by the subnets for // your load balancer. The possible values are ipv4 (for IPv4 addresses) and // dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for - // a load balancer with a UDP or TCP_UDP listener. . + // a load balancer with a UDP or TCP_UDP listener. + // + // [Gateway Load Balancers] The type of IP addresses used by the subnets for + // your load balancer. The possible values are ipv4 (for IPv4 addresses) and + // dualstack (for IPv4 and IPv6 addresses). IpAddressType *string `type:"string" enum:"IpAddressType"` // The Amazon Resource Name (ARN) of the load balancer. @@ -9175,6 +11536,9 @@ type SetSubnetsInput struct { // you can specify one private IP address per subnet from the IPv4 range of // the subnet. For internet-facing load balancer, you can specify one IPv6 address // per subnet. + // + // [Gateway Load Balancers] You can specify subnets from one or more Availability + // Zones. SubnetMappings []*SubnetMapping `type:"list"` // The IDs of the public subnets. You can specify only one subnet per Availability @@ -9190,6 +11554,9 @@ type SetSubnetsInput struct { // // [Network Load Balancers] You can specify subnets from one or more Availability // Zones. + // + // [Gateway Load Balancers] You can specify subnets from one or more Availability + // Zones. Subnets []*string `type:"list"` } @@ -9255,6 +11622,8 @@ type SetSubnetsOutput struct { AvailabilityZones []*AvailabilityZone `type:"list"` // [Network Load Balancers] The IP address type. + // + // [Gateway Load Balancers] The IP address type. IpAddressType *string `type:"string" enum:"IpAddressType"` } @@ -9590,7 +11959,8 @@ type TargetDescription struct { // The port on which the target is listening. If the target group protocol is // GENEVE, the supported port is 6081. If the target type is alb, the targeted // Application Load Balancer must have at least one listener whose port matches - // the target group port. Not used if the target is a Lambda function. + // the target group port. This parameter is not used if the target is a Lambda + // function. Port *int64 `min:"1" type:"integer"` } @@ -9680,16 +12050,16 @@ type TargetGroup struct { // type defaults to ipv4. IpAddressType *string `type:"string" enum:"TargetGroupIpAddressTypeEnum"` - // The Amazon Resource Names (ARN) of the load balancers that route traffic - // to this target group. + // The Amazon Resource Name (ARN) of the load balancer that routes traffic to + // this target group. You can use each target group with only one load balancer. LoadBalancerArns []*string `type:"list"` // The HTTP or gRPC codes to use when checking for a successful response from // a target. Matcher *Matcher `type:"structure"` - // The port on which the targets are listening. Not used if the target is a - // Lambda function. + // The port on which the targets are listening. This parameter is not used if + // the target is a Lambda function. Port *int64 `min:"1" type:"integer"` // The protocol to use for routing traffic to the targets. @@ -9904,7 +12274,12 @@ type TargetGroupAttribute struct { // // * load_balancing.algorithm.type - The load balancing algorithm determines // how the load balancer selects targets when routing requests. The value - // is round_robin or least_outstanding_requests. The default is round_robin. + // is round_robin, least_outstanding_requests, or weighted_random. The default + // is round_robin. + // + // * load_balancing.algorithm.anomaly_mitigation - Only available when load_balancing.algorithm.type + // is weighted_random. Indicates whether anomaly mitigation is enabled. The + // value is on or off. The default is off. // // * slow_start.duration_seconds - The time period, in seconds, during which // a newly registered target receives an increasing share of the traffic @@ -9943,7 +12318,8 @@ type TargetGroupAttribute struct { // // * deregistration_delay.connection_termination.enabled - Indicates whether // the load balancer terminates connections at the end of the deregistration - // timeout. The value is true or false. The default is false. + // timeout. The value is true or false. For new UDP/TCP_UDP target groups + // the default is true. Otherwise, the default is false. // // * preserve_client_ip.enabled - Indicates whether client IP preservation // is enabled. The value is true or false. The default is disabled if the @@ -9954,6 +12330,10 @@ type TargetGroupAttribute struct { // * proxy_protocol_v2.enabled - Indicates whether Proxy Protocol version // 2 is enabled. The value is true or false. The default is false. // + // * target_health_state.unhealthy.connection_termination.enabled - Indicates + // whether the load balancer terminates connections to unhealthy targets. + // The value is true or false. The default is true. + // // The following attributes are supported only by Gateway Load Balancers: // // * target_failover.on_deregistration - Indicates how the Gateway Load Balancer @@ -10200,6 +12580,13 @@ func (s *TargetHealth) SetState(v string) *TargetHealth { type TargetHealthDescription struct { _ struct{} `type:"structure"` + // The anomaly detection result for the target. + // + // If no anomalies were detected, the result is normal. + // + // If anomalies were detected, the result is anomalous. + AnomalyDetection *AnomalyDetection `type:"structure"` + // The port to use to connect with the target. HealthCheckPort *string `type:"string"` @@ -10228,6 +12615,12 @@ func (s TargetHealthDescription) GoString() string { return s.String() } +// SetAnomalyDetection sets the AnomalyDetection field's value. +func (s *TargetHealthDescription) SetAnomalyDetection(v *AnomalyDetection) *TargetHealthDescription { + s.AnomalyDetection = v + return s +} + // SetHealthCheckPort sets the HealthCheckPort field's value. func (s *TargetHealthDescription) SetHealthCheckPort(v string) *TargetHealthDescription { s.HealthCheckPort = &v @@ -10246,6 +12639,165 @@ func (s *TargetHealthDescription) SetTargetHealth(v *TargetHealth) *TargetHealth return s } +// Information about a trust store. +type TrustStore struct { + _ struct{} `type:"structure"` + + // The name of the trust store. + Name *string `min:"1" type:"string"` + + // The number of ca certificates in the trust store. + NumberOfCaCertificates *int64 `type:"integer"` + + // The current status of the trust store. + Status *string `type:"string" enum:"TrustStoreStatus"` + + // The number of revoked certificates in the trust store. + TotalRevokedEntries *int64 `type:"long"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStore) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStore) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *TrustStore) SetName(v string) *TrustStore { + s.Name = &v + return s +} + +// SetNumberOfCaCertificates sets the NumberOfCaCertificates field's value. +func (s *TrustStore) SetNumberOfCaCertificates(v int64) *TrustStore { + s.NumberOfCaCertificates = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *TrustStore) SetStatus(v string) *TrustStore { + s.Status = &v + return s +} + +// SetTotalRevokedEntries sets the TotalRevokedEntries field's value. +func (s *TrustStore) SetTotalRevokedEntries(v int64) *TrustStore { + s.TotalRevokedEntries = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *TrustStore) SetTrustStoreArn(v string) *TrustStore { + s.TrustStoreArn = &v + return s +} + +// Information about the resources a trust store is associated with. +type TrustStoreAssociation struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the resource. + ResourceArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStoreAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStoreAssociation) GoString() string { + return s.String() +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *TrustStoreAssociation) SetResourceArn(v string) *TrustStoreAssociation { + s.ResourceArn = &v + return s +} + +// Information about a revocation file in use by a trust store. +type TrustStoreRevocation struct { + _ struct{} `type:"structure"` + + // The number of revoked certificates. + NumberOfRevokedEntries *int64 `type:"long"` + + // The revocation ID of the revocation file. + RevocationId *int64 `type:"long"` + + // The type of revocation file. + RevocationType *string `type:"string" enum:"RevocationType"` + + // The Amazon Resource Name (ARN) of the trust store. + TrustStoreArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStoreRevocation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustStoreRevocation) GoString() string { + return s.String() +} + +// SetNumberOfRevokedEntries sets the NumberOfRevokedEntries field's value. +func (s *TrustStoreRevocation) SetNumberOfRevokedEntries(v int64) *TrustStoreRevocation { + s.NumberOfRevokedEntries = &v + return s +} + +// SetRevocationId sets the RevocationId field's value. +func (s *TrustStoreRevocation) SetRevocationId(v int64) *TrustStoreRevocation { + s.RevocationId = &v + return s +} + +// SetRevocationType sets the RevocationType field's value. +func (s *TrustStoreRevocation) SetRevocationType(v string) *TrustStoreRevocation { + s.RevocationType = &v + return s +} + +// SetTrustStoreArn sets the TrustStoreArn field's value. +func (s *TrustStoreRevocation) SetTrustStoreArn(v string) *TrustStoreRevocation { + s.TrustStoreArn = &v + return s +} + const ( // ActionTypeEnumForward is a ActionTypeEnum enum value ActionTypeEnumForward = "forward" @@ -10274,6 +12826,22 @@ func ActionTypeEnum_Values() []string { } } +const ( + // AnomalyResultEnumAnomalous is a AnomalyResultEnum enum value + AnomalyResultEnumAnomalous = "anomalous" + + // AnomalyResultEnumNormal is a AnomalyResultEnum enum value + AnomalyResultEnumNormal = "normal" +) + +// AnomalyResultEnum_Values returns all elements of the AnomalyResultEnum enum +func AnomalyResultEnum_Values() []string { + return []string{ + AnomalyResultEnumAnomalous, + AnomalyResultEnumNormal, + } +} + const ( // AuthenticateCognitoActionConditionalBehaviorEnumDeny is a AuthenticateCognitoActionConditionalBehaviorEnum enum value AuthenticateCognitoActionConditionalBehaviorEnumDeny = "deny" @@ -10314,6 +12882,38 @@ func AuthenticateOidcActionConditionalBehaviorEnum_Values() []string { } } +const ( + // DescribeTargetHealthInputIncludeEnumAnomalyDetection is a DescribeTargetHealthInputIncludeEnum enum value + DescribeTargetHealthInputIncludeEnumAnomalyDetection = "AnomalyDetection" + + // DescribeTargetHealthInputIncludeEnumAll is a DescribeTargetHealthInputIncludeEnum enum value + DescribeTargetHealthInputIncludeEnumAll = "All" +) + +// DescribeTargetHealthInputIncludeEnum_Values returns all elements of the DescribeTargetHealthInputIncludeEnum enum +func DescribeTargetHealthInputIncludeEnum_Values() []string { + return []string{ + DescribeTargetHealthInputIncludeEnumAnomalyDetection, + DescribeTargetHealthInputIncludeEnumAll, + } +} + +const ( + // EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOn is a EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum enum value + EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOn = "on" + + // EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOff is a EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum enum value + EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOff = "off" +) + +// EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum_Values returns all elements of the EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum enum +func EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum_Values() []string { + return []string{ + EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOn, + EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnumOff, + } +} + const ( // IpAddressTypeIpv4 is a IpAddressType enum value IpAddressTypeIpv4 = "ipv4" @@ -10390,6 +12990,22 @@ func LoadBalancerTypeEnum_Values() []string { } } +const ( + // MitigationInEffectEnumYes is a MitigationInEffectEnum enum value + MitigationInEffectEnumYes = "yes" + + // MitigationInEffectEnumNo is a MitigationInEffectEnum enum value + MitigationInEffectEnumNo = "no" +) + +// MitigationInEffectEnum_Values returns all elements of the MitigationInEffectEnum enum +func MitigationInEffectEnum_Values() []string { + return []string{ + MitigationInEffectEnumYes, + MitigationInEffectEnumNo, + } +} + const ( // ProtocolEnumHttp is a ProtocolEnum enum value ProtocolEnumHttp = "HTTP" @@ -10442,6 +13058,18 @@ func RedirectActionStatusCodeEnum_Values() []string { } } +const ( + // RevocationTypeCrl is a RevocationType enum value + RevocationTypeCrl = "CRL" +) + +// RevocationType_Values returns all elements of the RevocationType enum +func RevocationType_Values() []string { + return []string{ + RevocationTypeCrl, + } +} + const ( // TargetGroupIpAddressTypeEnumIpv4 is a TargetGroupIpAddressTypeEnum enum value TargetGroupIpAddressTypeEnumIpv4 = "ipv4" @@ -10569,3 +13197,19 @@ func TargetTypeEnum_Values() []string { TargetTypeEnumAlb, } } + +const ( + // TrustStoreStatusActive is a TrustStoreStatus enum value + TrustStoreStatusActive = "ACTIVE" + + // TrustStoreStatusCreating is a TrustStoreStatus enum value + TrustStoreStatusCreating = "CREATING" +) + +// TrustStoreStatus_Values returns all elements of the TrustStoreStatus enum +func TrustStoreStatus_Values() []string { + return []string{ + TrustStoreStatusActive, + TrustStoreStatusCreating, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go index a80cdb1f530b8..90aefdc62b84c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go @@ -68,6 +68,10 @@ type ELBV2API interface { AddTagsWithContext(aws.Context, *elbv2.AddTagsInput, ...request.Option) (*elbv2.AddTagsOutput, error) AddTagsRequest(*elbv2.AddTagsInput) (*request.Request, *elbv2.AddTagsOutput) + AddTrustStoreRevocations(*elbv2.AddTrustStoreRevocationsInput) (*elbv2.AddTrustStoreRevocationsOutput, error) + AddTrustStoreRevocationsWithContext(aws.Context, *elbv2.AddTrustStoreRevocationsInput, ...request.Option) (*elbv2.AddTrustStoreRevocationsOutput, error) + AddTrustStoreRevocationsRequest(*elbv2.AddTrustStoreRevocationsInput) (*request.Request, *elbv2.AddTrustStoreRevocationsOutput) + CreateListener(*elbv2.CreateListenerInput) (*elbv2.CreateListenerOutput, error) CreateListenerWithContext(aws.Context, *elbv2.CreateListenerInput, ...request.Option) (*elbv2.CreateListenerOutput, error) CreateListenerRequest(*elbv2.CreateListenerInput) (*request.Request, *elbv2.CreateListenerOutput) @@ -84,6 +88,10 @@ type ELBV2API interface { CreateTargetGroupWithContext(aws.Context, *elbv2.CreateTargetGroupInput, ...request.Option) (*elbv2.CreateTargetGroupOutput, error) CreateTargetGroupRequest(*elbv2.CreateTargetGroupInput) (*request.Request, *elbv2.CreateTargetGroupOutput) + CreateTrustStore(*elbv2.CreateTrustStoreInput) (*elbv2.CreateTrustStoreOutput, error) + CreateTrustStoreWithContext(aws.Context, *elbv2.CreateTrustStoreInput, ...request.Option) (*elbv2.CreateTrustStoreOutput, error) + CreateTrustStoreRequest(*elbv2.CreateTrustStoreInput) (*request.Request, *elbv2.CreateTrustStoreOutput) + DeleteListener(*elbv2.DeleteListenerInput) (*elbv2.DeleteListenerOutput, error) DeleteListenerWithContext(aws.Context, *elbv2.DeleteListenerInput, ...request.Option) (*elbv2.DeleteListenerOutput, error) DeleteListenerRequest(*elbv2.DeleteListenerInput) (*request.Request, *elbv2.DeleteListenerOutput) @@ -100,6 +108,10 @@ type ELBV2API interface { DeleteTargetGroupWithContext(aws.Context, *elbv2.DeleteTargetGroupInput, ...request.Option) (*elbv2.DeleteTargetGroupOutput, error) DeleteTargetGroupRequest(*elbv2.DeleteTargetGroupInput) (*request.Request, *elbv2.DeleteTargetGroupOutput) + DeleteTrustStore(*elbv2.DeleteTrustStoreInput) (*elbv2.DeleteTrustStoreOutput, error) + DeleteTrustStoreWithContext(aws.Context, *elbv2.DeleteTrustStoreInput, ...request.Option) (*elbv2.DeleteTrustStoreOutput, error) + DeleteTrustStoreRequest(*elbv2.DeleteTrustStoreInput) (*request.Request, *elbv2.DeleteTrustStoreOutput) + DeregisterTargets(*elbv2.DeregisterTargetsInput) (*elbv2.DeregisterTargetsOutput, error) DeregisterTargetsWithContext(aws.Context, *elbv2.DeregisterTargetsInput, ...request.Option) (*elbv2.DeregisterTargetsOutput, error) DeregisterTargetsRequest(*elbv2.DeregisterTargetsInput) (*request.Request, *elbv2.DeregisterTargetsOutput) @@ -157,6 +169,35 @@ type ELBV2API interface { DescribeTargetHealthWithContext(aws.Context, *elbv2.DescribeTargetHealthInput, ...request.Option) (*elbv2.DescribeTargetHealthOutput, error) DescribeTargetHealthRequest(*elbv2.DescribeTargetHealthInput) (*request.Request, *elbv2.DescribeTargetHealthOutput) + DescribeTrustStoreAssociations(*elbv2.DescribeTrustStoreAssociationsInput) (*elbv2.DescribeTrustStoreAssociationsOutput, error) + DescribeTrustStoreAssociationsWithContext(aws.Context, *elbv2.DescribeTrustStoreAssociationsInput, ...request.Option) (*elbv2.DescribeTrustStoreAssociationsOutput, error) + DescribeTrustStoreAssociationsRequest(*elbv2.DescribeTrustStoreAssociationsInput) (*request.Request, *elbv2.DescribeTrustStoreAssociationsOutput) + + DescribeTrustStoreAssociationsPages(*elbv2.DescribeTrustStoreAssociationsInput, func(*elbv2.DescribeTrustStoreAssociationsOutput, bool) bool) error + DescribeTrustStoreAssociationsPagesWithContext(aws.Context, *elbv2.DescribeTrustStoreAssociationsInput, func(*elbv2.DescribeTrustStoreAssociationsOutput, bool) bool, ...request.Option) error + + DescribeTrustStoreRevocations(*elbv2.DescribeTrustStoreRevocationsInput) (*elbv2.DescribeTrustStoreRevocationsOutput, error) + DescribeTrustStoreRevocationsWithContext(aws.Context, *elbv2.DescribeTrustStoreRevocationsInput, ...request.Option) (*elbv2.DescribeTrustStoreRevocationsOutput, error) + DescribeTrustStoreRevocationsRequest(*elbv2.DescribeTrustStoreRevocationsInput) (*request.Request, *elbv2.DescribeTrustStoreRevocationsOutput) + + DescribeTrustStoreRevocationsPages(*elbv2.DescribeTrustStoreRevocationsInput, func(*elbv2.DescribeTrustStoreRevocationsOutput, bool) bool) error + DescribeTrustStoreRevocationsPagesWithContext(aws.Context, *elbv2.DescribeTrustStoreRevocationsInput, func(*elbv2.DescribeTrustStoreRevocationsOutput, bool) bool, ...request.Option) error + + DescribeTrustStores(*elbv2.DescribeTrustStoresInput) (*elbv2.DescribeTrustStoresOutput, error) + DescribeTrustStoresWithContext(aws.Context, *elbv2.DescribeTrustStoresInput, ...request.Option) (*elbv2.DescribeTrustStoresOutput, error) + DescribeTrustStoresRequest(*elbv2.DescribeTrustStoresInput) (*request.Request, *elbv2.DescribeTrustStoresOutput) + + DescribeTrustStoresPages(*elbv2.DescribeTrustStoresInput, func(*elbv2.DescribeTrustStoresOutput, bool) bool) error + DescribeTrustStoresPagesWithContext(aws.Context, *elbv2.DescribeTrustStoresInput, func(*elbv2.DescribeTrustStoresOutput, bool) bool, ...request.Option) error + + GetTrustStoreCaCertificatesBundle(*elbv2.GetTrustStoreCaCertificatesBundleInput) (*elbv2.GetTrustStoreCaCertificatesBundleOutput, error) + GetTrustStoreCaCertificatesBundleWithContext(aws.Context, *elbv2.GetTrustStoreCaCertificatesBundleInput, ...request.Option) (*elbv2.GetTrustStoreCaCertificatesBundleOutput, error) + GetTrustStoreCaCertificatesBundleRequest(*elbv2.GetTrustStoreCaCertificatesBundleInput) (*request.Request, *elbv2.GetTrustStoreCaCertificatesBundleOutput) + + GetTrustStoreRevocationContent(*elbv2.GetTrustStoreRevocationContentInput) (*elbv2.GetTrustStoreRevocationContentOutput, error) + GetTrustStoreRevocationContentWithContext(aws.Context, *elbv2.GetTrustStoreRevocationContentInput, ...request.Option) (*elbv2.GetTrustStoreRevocationContentOutput, error) + GetTrustStoreRevocationContentRequest(*elbv2.GetTrustStoreRevocationContentInput) (*request.Request, *elbv2.GetTrustStoreRevocationContentOutput) + ModifyListener(*elbv2.ModifyListenerInput) (*elbv2.ModifyListenerOutput, error) ModifyListenerWithContext(aws.Context, *elbv2.ModifyListenerInput, ...request.Option) (*elbv2.ModifyListenerOutput, error) ModifyListenerRequest(*elbv2.ModifyListenerInput) (*request.Request, *elbv2.ModifyListenerOutput) @@ -177,6 +218,10 @@ type ELBV2API interface { ModifyTargetGroupAttributesWithContext(aws.Context, *elbv2.ModifyTargetGroupAttributesInput, ...request.Option) (*elbv2.ModifyTargetGroupAttributesOutput, error) ModifyTargetGroupAttributesRequest(*elbv2.ModifyTargetGroupAttributesInput) (*request.Request, *elbv2.ModifyTargetGroupAttributesOutput) + ModifyTrustStore(*elbv2.ModifyTrustStoreInput) (*elbv2.ModifyTrustStoreOutput, error) + ModifyTrustStoreWithContext(aws.Context, *elbv2.ModifyTrustStoreInput, ...request.Option) (*elbv2.ModifyTrustStoreOutput, error) + ModifyTrustStoreRequest(*elbv2.ModifyTrustStoreInput) (*request.Request, *elbv2.ModifyTrustStoreOutput) + RegisterTargets(*elbv2.RegisterTargetsInput) (*elbv2.RegisterTargetsOutput, error) RegisterTargetsWithContext(aws.Context, *elbv2.RegisterTargetsInput, ...request.Option) (*elbv2.RegisterTargetsOutput, error) RegisterTargetsRequest(*elbv2.RegisterTargetsInput) (*request.Request, *elbv2.RegisterTargetsOutput) @@ -189,6 +234,10 @@ type ELBV2API interface { RemoveTagsWithContext(aws.Context, *elbv2.RemoveTagsInput, ...request.Option) (*elbv2.RemoveTagsOutput, error) RemoveTagsRequest(*elbv2.RemoveTagsInput) (*request.Request, *elbv2.RemoveTagsOutput) + RemoveTrustStoreRevocations(*elbv2.RemoveTrustStoreRevocationsInput) (*elbv2.RemoveTrustStoreRevocationsOutput, error) + RemoveTrustStoreRevocationsWithContext(aws.Context, *elbv2.RemoveTrustStoreRevocationsInput, ...request.Option) (*elbv2.RemoveTrustStoreRevocationsOutput, error) + RemoveTrustStoreRevocationsRequest(*elbv2.RemoveTrustStoreRevocationsInput) (*request.Request, *elbv2.RemoveTrustStoreRevocationsOutput) + SetIpAddressType(*elbv2.SetIpAddressTypeInput) (*elbv2.SetIpAddressTypeOutput, error) SetIpAddressTypeWithContext(aws.Context, *elbv2.SetIpAddressTypeInput, ...request.Option) (*elbv2.SetIpAddressTypeOutput, error) SetIpAddressTypeRequest(*elbv2.SetIpAddressTypeInput) (*request.Request, *elbv2.SetIpAddressTypeOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go index 7ac5a2ff964b1..2b8ccd93ed5ec 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go @@ -22,6 +22,12 @@ const ( // The specified Availability Zone is not supported. ErrCodeAvailabilityZoneNotSupportedException = "AvailabilityZoneNotSupported" + // ErrCodeCaCertificatesBundleNotFoundException for service response error code + // "CaCertificatesBundleNotFound". + // + // The specified ca certificate bundle does not exist. + ErrCodeCaCertificatesBundleNotFoundException = "CaCertificatesBundleNotFound" + // ErrCodeCertificateNotFoundException for service response error code // "CertificateNotFound". // @@ -52,6 +58,12 @@ const ( // A target group with the specified name already exists. ErrCodeDuplicateTargetGroupNameException = "DuplicateTargetGroupName" + // ErrCodeDuplicateTrustStoreNameException for service response error code + // "DuplicateTrustStoreName". + // + // A trust store with the specified name already exists. + ErrCodeDuplicateTrustStoreNameException = "DuplicateTrustStoreName" + // ErrCodeHealthUnavailableException for service response error code // "HealthUnavailable". // @@ -65,6 +77,12 @@ const ( // The specified configuration is not valid with this protocol. ErrCodeIncompatibleProtocolsException = "IncompatibleProtocols" + // ErrCodeInvalidCaCertificatesBundleException for service response error code + // "InvalidCaCertificatesBundle". + // + // The specified ca certificate bundle is in an invalid format, or corrupt. + ErrCodeInvalidCaCertificatesBundleException = "InvalidCaCertificatesBundle" + // ErrCodeInvalidConfigurationRequestException for service response error code // "InvalidConfigurationRequest". // @@ -77,6 +95,12 @@ const ( // The requested action is not valid. ErrCodeInvalidLoadBalancerActionException = "InvalidLoadBalancerAction" + // ErrCodeInvalidRevocationContentException for service response error code + // "InvalidRevocationContent". + // + // The provided revocation file is an invalid format, or uses an incorrect algorithm. + ErrCodeInvalidRevocationContentException = "InvalidRevocationContent" + // ErrCodeInvalidSchemeException for service response error code // "InvalidScheme". // @@ -132,6 +156,18 @@ const ( // A specified resource is in use. ErrCodeResourceInUseException = "ResourceInUse" + // ErrCodeRevocationContentNotFoundException for service response error code + // "RevocationContentNotFound". + // + // The specified revocation file does not exist. + ErrCodeRevocationContentNotFoundException = "RevocationContentNotFound" + + // ErrCodeRevocationIdNotFoundException for service response error code + // "RevocationIdNotFound". + // + // The specified revocation ID does not exist. + ErrCodeRevocationIdNotFoundException = "RevocationIdNotFound" + // ErrCodeRuleNotFoundException for service response error code // "RuleNotFound". // @@ -203,7 +239,7 @@ const ( // ErrCodeTooManyTagsException for service response error code // "TooManyTags". // - // You've reached the limit on the number of tags per load balancer. + // You've reached the limit on the number of tags for this resource. ErrCodeTooManyTagsException = "TooManyTags" // ErrCodeTooManyTargetGroupsException for service response error code @@ -219,6 +255,19 @@ const ( // You've reached the limit on the number of targets. ErrCodeTooManyTargetsException = "TooManyTargets" + // ErrCodeTooManyTrustStoreRevocationEntriesException for service response error code + // "TooManyTrustStoreRevocationEntries". + // + // The specified trust store has too many revocation entries. + ErrCodeTooManyTrustStoreRevocationEntriesException = "TooManyTrustStoreRevocationEntries" + + // ErrCodeTooManyTrustStoresException for service response error code + // "TooManyTrustStores". + // + // You've reached the limit on the number of trust stores for your Amazon Web + // Services account. + ErrCodeTooManyTrustStoresException = "TooManyTrustStores" + // ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException for service response error code // "TooManyUniqueTargetGroupsPerLoadBalancer". // @@ -227,6 +276,24 @@ const ( // load balancer, it is counted as only one use. ErrCodeTooManyUniqueTargetGroupsPerLoadBalancerException = "TooManyUniqueTargetGroupsPerLoadBalancer" + // ErrCodeTrustStoreInUseException for service response error code + // "TrustStoreInUse". + // + // The specified trust store is currently in use. + ErrCodeTrustStoreInUseException = "TrustStoreInUse" + + // ErrCodeTrustStoreNotFoundException for service response error code + // "TrustStoreNotFound". + // + // The specified trust store does not exist. + ErrCodeTrustStoreNotFoundException = "TrustStoreNotFound" + + // ErrCodeTrustStoreNotReadyException for service response error code + // "TrustStoreNotReady". + // + // The specified trust store is not active. + ErrCodeTrustStoreNotReadyException = "TrustStoreNotReady" + // ErrCodeUnsupportedProtocolException for service response error code // "UnsupportedProtocol". // diff --git a/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go b/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go index 7928047d43347..76837f66f6f97 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go @@ -241,6 +241,12 @@ func (c *EventBridge) CreateApiDestinationRequest(input *CreateApiDestinationInp // Creates an API destination, which is an HTTP invocation endpoint configured // as a target for events. // +// API destinations do not support private destinations, such as interface VPC +// endpoints. +// +// For more information, see API destinations (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html) +// in the EventBridge User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -727,13 +733,21 @@ func (c *EventBridge) CreatePartnerEventSourceRequest(input *CreatePartnerEventS // // partner_name/event_namespace/event_name // -// partner_name is determined during partner registration and identifies the -// partner to Amazon Web Services customers. event_namespace is determined by -// the partner and is a way for the partner to categorize their events. event_name -// is determined by the partner, and should uniquely identify an event-generating -// resource within the partner system. The combination of event_namespace and -// event_name should help Amazon Web Services customers decide whether to create -// an event bus to receive these events. +// - partner_name is determined during partner registration, and identifies +// the partner to Amazon Web Services customers. +// +// - event_namespace is determined by the partner, and is a way for the partner +// to categorize their events. +// +// - event_name is determined by the partner, and should uniquely identify +// an event-generating resource within the partner system. The event_name +// must be unique across all Amazon Web Services customers. This is because +// the event source is a shared resource between the partner and customer +// accounts, and each partner event source unique in the partner account. +// +// The combination of event_namespace and event_name should help Amazon Web +// Services customers decide whether to create an event bus to receive these +// events. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1893,7 +1907,7 @@ func (c *EventBridge) DescribeEndpointRequest(input *DescribeEndpointInput) (req // Get the information about an existing global endpoint. For more information // about global endpoints, see Making applications Regional-fault tolerant with // global endpoints and event replication (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-global-endpoints.html) -// in the Amazon EventBridge User Guide.. +// in the Amazon EventBridge User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2854,7 +2868,7 @@ func (c *EventBridge) ListEndpointsRequest(input *ListEndpointsInput) (req *requ // List the global endpoints associated with this account. For more information // about global endpoints, see Making applications Regional-fault tolerant with // global endpoints and event replication (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-global-endpoints.html) -// in the Amazon EventBridge User Guide.. +// in the Amazon EventBridge User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3348,6 +3362,8 @@ func (c *EventBridge) ListRuleNamesByTargetRequest(input *ListRuleNamesByTargetI // Lists the rules for the specified target. You can see which of the rules // in Amazon EventBridge can invoke a specific target in your account. // +// The maximum number of results per page for requests is 100. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3431,6 +3447,8 @@ func (c *EventBridge) ListRulesRequest(input *ListRulesInput) (req *request.Requ // Lists your Amazon EventBridge rules. You can either list all the rules or // you can provide a prefix to match to the rule names. // +// The maximum number of results per page for requests is 100. +// // ListRules does not list the targets of a rule. To see the targets associated // with a rule, use ListTargetsByRule (https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_ListTargetsByRule.html). // @@ -3599,6 +3617,8 @@ func (c *EventBridge) ListTargetsByRuleRequest(input *ListTargetsByRuleInput) (r // // Lists the targets assigned to the specified rule. // +// The maximum number of results per page for requests is 100. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3682,6 +3702,15 @@ func (c *EventBridge) PutEventsRequest(input *PutEventsInput) (req *request.Requ // Sends custom events to Amazon EventBridge so that they can be matched to // rules. // +// The maximum size for a PutEvents event entry is 256 KB. Entry size is calculated +// including the event and any necessary characters and keys of the JSON representation +// of the event. To learn more, see Calculating PutEvents event entry size (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-putevent-size.html) +// in the Amazon EventBridge User Guide +// +// PutEvents accepts the data in JSON format. For the JSON number (integer) +// data type, the constraints are: a minimum value of -9,223,372,036,854,775,808 +// and a maximum value of 9,223,372,036,854,775,807. +// // PutEvents will only process nested JSON up to 1100 levels deep. // // This AWS SDK does not support calling multi-region endpoints with SigV4a authentication. @@ -3765,6 +3794,10 @@ func (c *EventBridge) PutPartnerEventsRequest(input *PutPartnerEventsInput) (req // This is used by SaaS partners to write events to a customer's partner event // bus. Amazon Web Services customers do not use this operation. // +// For information on calculating event batch size, see Calculating EventBridge +// PutEvents event entry size (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-putevent-size.html) +// in the EventBridge User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4117,72 +4150,24 @@ func (c *EventBridge) PutTargetsRequest(input *PutTargetsInput) (req *request.Re // // Targets are the resources that are invoked when a rule is triggered. // -// Each rule can have up to five (5) targets associated with it at one time. -// -// You can configure the following as targets for Events: -// -// - API destination (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html) -// -// - API Gateway (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-gateway-target.html) -// -// - Batch job queue -// -// - CloudWatch group -// -// - CodeBuild project -// -// - CodePipeline -// -// - EC2 CreateSnapshot API call -// -// - EC2 Image Builder -// -// - EC2 RebootInstances API call -// -// - EC2 StopInstances API call -// -// - EC2 TerminateInstances API call -// -// - ECS task -// -// - Event bus in a different account or Region (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cross-account.html) -// -// - Event bus in the same account and Region (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-bus-to-bus.html) -// -// - Firehose delivery stream -// -// - Glue workflow -// -// - Incident Manager response plan (https://docs.aws.amazon.com/incident-manager/latest/userguide/incident-creation.html#incident-tracking-auto-eventbridge) -// -// - Inspector assessment template +// The maximum number of entries per request is 10. // -// - Kinesis stream -// -// - Lambda function -// -// - Redshift cluster -// -// - Redshift Serverless workgroup -// -// - SageMaker Pipeline -// -// - SNS topic +// Each rule can have up to five (5) targets associated with it at one time. // -// - SQS queue +// For a list of services you can configure as targets for events, see EventBridge +// targets (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-targets.html) +// in the Amazon EventBridge User Guide. // -// - Step Functions state machine +// Creating rules with built-in targets is supported only in the Amazon Web +// Services Management Console. The built-in targets are: // -// - Systems Manager Automation +// - Amazon EBS CreateSnapshot API call // -// - Systems Manager OpsItem +// - Amazon EC2 RebootInstances API call // -// - Systems Manager Run Command +// - Amazon EC2 StopInstances API call // -// Creating rules with built-in targets is supported only in the Amazon Web -// Services Management Console. The built-in targets are EC2 CreateSnapshot -// API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 -// TerminateInstances API call. +// - Amazon EC2 TerminateInstances API call // // For some target types, PutTargets provides target-specific parameters. If // the target is a Kinesis data stream, you can optionally specify which shard @@ -4191,11 +4176,16 @@ func (c *EventBridge) PutTargetsRequest(input *PutTargetsInput) (req *request.Re // field. // // To be able to make API calls against the resources that you own, Amazon EventBridge -// needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge -// relies on resource-based policies. For EC2 instances, Kinesis Data Streams, -// Step Functions state machines and API Gateway APIs, EventBridge relies on -// IAM roles that you specify in the RoleARN argument in PutTargets. For more -// information, see Authentication and Access Control (https://docs.aws.amazon.com/eventbridge/latest/userguide/auth-and-access-control-eventbridge.html) +// needs the appropriate permissions: +// +// - For Lambda and Amazon SNS resources, EventBridge relies on resource-based +// policies. +// +// - For EC2 instances, Kinesis Data Streams, Step Functions state machines +// and API Gateway APIs, EventBridge relies on IAM roles that you specify +// in the RoleARN argument in PutTargets. +// +// For more information, see Authentication and Access Control (https://docs.aws.amazon.com/eventbridge/latest/userguide/auth-and-access-control-eventbridge.html) // in the Amazon EventBridge User Guide. // // If another Amazon Web Services account is in the same region and has granted @@ -4218,6 +4208,10 @@ func (c *EventBridge) PutTargetsRequest(input *PutTargetsInput) (req *request.Re // Receiving Events Between Amazon Web Services Accounts (https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-cross-account-event-delivery.html) // in the Amazon EventBridge User Guide. // +// If you have an IAM role on a cross-account event bus target, a PutTargets +// call without a role on the same target (same Id and Arn) will not remove +// the role. +// // For more information about enabling cross-account events, see PutPermission // (https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_PutPermission.html). // @@ -4456,6 +4450,8 @@ func (c *EventBridge) RemoveTargetsRequest(input *RemoveTargetsInput) (req *requ // entry in FailedEntries provides the ID of the failed target and the error // code. // +// The maximum number of entries per request is 10. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5212,7 +5208,7 @@ func (c *EventBridge) UpdateEndpointRequest(input *UpdateEndpointInput) (req *re // Update an existing endpoint. For more information about global endpoints, // see Making applications Regional-fault tolerant with global endpoints and // event replication (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-global-endpoints.html) -// in the Amazon EventBridge User Guide.. +// in the Amazon EventBridge User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5429,6 +5425,60 @@ func (s *ApiDestination) SetName(v string) *ApiDestination { return s } +// Contains the GraphQL operation to be parsed and executed, if the event target +// is an AppSync API. +type AppSyncParameters struct { + _ struct{} `type:"structure"` + + // The GraphQL operation; that is, the query, mutation, or subscription to be + // parsed and executed by the GraphQL service. + // + // For more information, see Operations (https://docs.aws.amazon.com/appsync/latest/devguide/graphql-architecture.html#graphql-operations) + // in the AppSync User Guide. + // + // GraphQLOperation is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AppSyncParameters's + // String and GoString methods. + GraphQLOperation *string `min:"1" type:"string" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AppSyncParameters) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AppSyncParameters) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AppSyncParameters) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AppSyncParameters"} + if s.GraphQLOperation != nil && len(*s.GraphQLOperation) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GraphQLOperation", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGraphQLOperation sets the GraphQLOperation field's value. +func (s *AppSyncParameters) SetGraphQLOperation(v string) *AppSyncParameters { + s.GraphQLOperation = &v + return s +} + // An Archive object that contains details about an archive. type Archive struct { _ struct{} `type:"structure"` @@ -6311,7 +6361,11 @@ type ConnectionBodyParameter struct { Key *string `type:"string"` // The value associated with the key. - Value *string `type:"string"` + // + // Value is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ConnectionBodyParameter's + // String and GoString methods. + Value *string `type:"string" sensitive:"true"` } // String returns the string representation. @@ -6362,7 +6416,11 @@ type ConnectionHeaderParameter struct { Key *string `type:"string"` // The value associated with the key. - Value *string `type:"string"` + // + // Value is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ConnectionHeaderParameter's + // String and GoString methods. + Value *string `type:"string" sensitive:"true"` } // String returns the string representation. @@ -6559,7 +6617,11 @@ type ConnectionQueryStringParameter struct { Key *string `type:"string"` // The value associated with the key for the query string parameter. - Value *string `type:"string"` + // + // Value is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ConnectionQueryStringParameter's + // String and GoString methods. + Value *string `type:"string" sensitive:"true"` } // String returns the string representation. @@ -6939,8 +7001,12 @@ type CreateConnectionApiKeyAuthRequestParameters struct { // The value for the API key to use for authorization. // + // ApiKeyValue is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateConnectionApiKeyAuthRequestParameters's + // String and GoString methods. + // // ApiKeyValue is a required field - ApiKeyValue *string `min:"1" type:"string" required:"true"` + ApiKeyValue *string `min:"1" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -7091,8 +7157,12 @@ type CreateConnectionBasicAuthRequestParameters struct { // The password associated with the user name to use for Basic authorization. // + // Password is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateConnectionBasicAuthRequestParameters's + // String and GoString methods. + // // Password is a required field - Password *string `min:"1" type:"string" required:"true"` + Password *string `min:"1" type:"string" required:"true" sensitive:"true"` // The user name to use for Basic authorization. // @@ -7258,8 +7328,12 @@ type CreateConnectionOAuthClientRequestParameters struct { // The client secret associated with the client ID to use for OAuth authorization // for the connection. // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateConnectionOAuthClientRequestParameters's + // String and GoString methods. + // // ClientSecret is a required field - ClientSecret *string `min:"1" type:"string" required:"true"` + ClientSecret *string `min:"1" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -13645,21 +13719,34 @@ type PutEventsRequestEntry struct { _ struct{} `type:"structure"` // A valid JSON object. There is no other schema imposed. The JSON object may - // contain fields and nested subobjects. + // contain fields and nested sub-objects. + // + // Detail, DetailType, and Source are required for EventBridge to successfully + // send an event to an event bus. If you include event entries in a request + // that do not include each of those properties, EventBridge fails that entry. + // If you submit a request in which none of the entries have each of these properties, + // EventBridge fails the entire request. Detail *string `type:"string"` // Free-form string, with a maximum of 128 characters, used to decide what fields // to expect in the event detail. + // + // Detail, DetailType, and Source are required for EventBridge to successfully + // send an event to an event bus. If you include event entries in a request + // that do not include each of those properties, EventBridge fails that entry. + // If you submit a request in which none of the entries have each of these properties, + // EventBridge fails the entire request. DetailType *string `type:"string"` // The name or ARN of the event bus to receive the event. Only the rules that // are associated with this event bus are used to match the event. If you omit // this, the default event bus is used. // - // If you're using a global endpoint with a custom bus, you must enter the name, - // not the ARN, of the event bus in either the primary or secondary Region here - // and the corresponding event bus in the other Region will be determined based - // on the endpoint referenced by the EndpointId. + // If you're using a global endpoint with a custom bus, you can enter either + // the name or Amazon Resource Name (ARN) of the event bus in either the primary + // or secondary Region here. EventBridge then determines the corresponding event + // bus in the other Region based on the endpoint referenced by the EndpointId. + // Specifying the event bus ARN is preferred. EventBusName *string `min:"1" type:"string"` // Amazon Web Services resources, identified by Amazon Resource Name (ARN), @@ -13667,6 +13754,12 @@ type PutEventsRequestEntry struct { Resources []*string `type:"list"` // The source of the event. + // + // Detail, DetailType, and Source are required for EventBridge to successfully + // send an event to an event bus. If you include event entries in a request + // that do not include each of those properties, EventBridge fails that entry. + // If you submit a request in which none of the entries have each of these properties, + // EventBridge fails the entire request. Source *string `type:"string"` // The time stamp of the event, per RFC3339 (https://www.rfc-editor.org/rfc/rfc3339.txt). @@ -13758,12 +13851,46 @@ func (s *PutEventsRequestEntry) SetTraceHeader(v string) *PutEventsRequestEntry return s } -// Represents an event that failed to be submitted. For information about the -// errors that are common to all actions, see Common Errors (https://docs.aws.amazon.com/eventbridge/latest/APIReference/CommonErrors.html). +// Represents the results of an event submitted to an event bus. +// +// If the submission was successful, the entry has the event ID in it. Otherwise, +// you can use the error code and error message to identify the problem with +// the entry. +// +// For information about the errors that are common to all actions, see Common +// Errors (https://docs.aws.amazon.com/eventbridge/latest/APIReference/CommonErrors.html). type PutEventsResultEntry struct { _ struct{} `type:"structure"` // The error code that indicates why the event submission failed. + // + // Retryable errors include: + // + // * InternalFailure (https://docs.aws.amazon.com/eventbridge/latest/APIReference/CommonErrors.html) + // The request processing has failed because of an unknown error, exception + // or failure. + // + // * ThrottlingException (https://docs.aws.amazon.com/eventbridge/latest/APIReference/CommonErrors.html) + // The request was denied due to request throttling. + // + // Non-retryable errors include: + // + // * AccessDeniedException (https://docs.aws.amazon.com/eventbridge/latest/APIReference/CommonErrors.html) + // You do not have sufficient access to perform this action. + // + // * InvalidAccountIdException The account ID provided is not valid. + // + // * InvalidArgument A specified parameter is not valid. + // + // * MalformedDetail The JSON provided is not valid. + // + // * RedactionFailure Redacting the CloudTrail event failed. + // + // * NotAuthorizedForSourceException You do not have permissions to publish + // events with this source onto this event bus. + // + // * NotAuthorizedForDetailTypeException You do not have permissions to publish + // events with this detail type onto this event bus. ErrorCode *string `type:"string"` // The error message that explains why the event submission failed. @@ -13871,8 +13998,13 @@ func (s *PutPartnerEventsInput) SetEntries(v []*PutPartnerEventsRequestEntry) *P type PutPartnerEventsOutput struct { _ struct{} `type:"structure"` - // The list of events from this operation that were successfully written to - // the partner event bus. + // The results for each event entry the partner submitted in this request. If + // the event was successfully submitted, the entry has the event ID in it. Otherwise, + // you can use the error code and error message to identify the problem with + // the entry. + // + // For each record, the index of the response element is the same as the index + // in the request array. Entries []*PutPartnerEventsResultEntry `type:"list"` // The number of events from this operation that could not be written to the @@ -13915,11 +14047,23 @@ type PutPartnerEventsRequestEntry struct { _ struct{} `type:"structure"` // A valid JSON string. There is no other schema imposed. The JSON string may - // contain fields and nested subobjects. + // contain fields and nested sub-objects. + // + // Detail, DetailType, and Source are required for EventBridge to successfully + // send an event to an event bus. If you include event entries in a request + // that do not include each of those properties, EventBridge fails that entry. + // If you submit a request in which none of the entries have each of these properties, + // EventBridge fails the entire request. Detail *string `type:"string"` // A free-form string, with a maximum of 128 characters, used to decide what // fields to expect in the event detail. + // + // Detail, DetailType, and Source are required for EventBridge to successfully + // send an event to an event bus. If you include event entries in a request + // that do not include each of those properties, EventBridge fails that entry. + // If you submit a request in which none of the entries have each of these properties, + // EventBridge fails the entire request. DetailType *string `type:"string"` // Amazon Web Services resources, identified by Amazon Resource Name (ARN), @@ -13927,6 +14071,12 @@ type PutPartnerEventsRequestEntry struct { Resources []*string `type:"list"` // The event source that is generating the entry. + // + // Detail, DetailType, and Source are required for EventBridge to successfully + // send an event to an event bus. If you include event entries in a request + // that do not include each of those properties, EventBridge fails that entry. + // If you submit a request in which none of the entries have each of these properties, + // EventBridge fails the entire request. Source *string `min:"1" type:"string"` // The date and time of the event. @@ -13994,7 +14144,10 @@ func (s *PutPartnerEventsRequestEntry) SetTime(v time.Time) *PutPartnerEventsReq return s } -// Represents an event that a partner tried to generate, but failed. +// The result of an event entry the partner submitted in this request. If the +// event was successfully submitted, the entry has the event ID in it. Otherwise, +// you can use the error code and error message to identify the problem with +// the entry. type PutPartnerEventsResultEntry struct { _ struct{} `type:"structure"` @@ -14543,8 +14696,8 @@ func (s *PutTargetsResultEntry) SetTargetId(v string) *PutTargetsResultEntry { } // These are custom parameters to be used when the target is a Amazon Redshift -// cluster or Redshift Serverless workgroup to invoke the Amazon Redshift Data -// API ExecuteStatement based on EventBridge events. +// cluster to invoke the Amazon Redshift Data API ExecuteStatement based on +// EventBridge events. type RedshiftDataParameters struct { _ struct{} `type:"structure"` @@ -14554,8 +14707,6 @@ type RedshiftDataParameters struct { Database *string `min:"1" type:"string" required:"true"` // The database user name. Required when authenticating using temporary credentials. - // - // Do not provide this parameter when connecting to a Redshift Serverless workgroup. DbUser *string `min:"1" type:"string"` // The name or ARN of the secret that enables access to the database. Required @@ -14569,7 +14720,11 @@ type RedshiftDataParameters struct { // String and GoString methods. Sql *string `min:"1" type:"string" sensitive:"true"` - // A list of SQLs. + // One or more SQL statements to run. The SQL statements are run as a single + // transaction. They run serially in the order of the array. Subsequent SQL + // statements don't start until the previous statement in the array completes. + // If any SQL statement fails, then because they are run as one transaction, + // all work is rolled back. // // Sqls is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by RedshiftDataParameters's @@ -16189,6 +16344,10 @@ func (s TagResourceOutput) GoString() string { type Target struct { _ struct{} `type:"structure"` + // Contains the GraphQL operation to be parsed and executed, if the event target + // is an AppSync API. + AppSyncParameters *AppSyncParameters `type:"structure"` + // The Amazon Resource Name (ARN) of the target. // // Arn is a required field @@ -16318,6 +16477,11 @@ func (s *Target) Validate() error { if s.RoleArn != nil && len(*s.RoleArn) < 1 { invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1)) } + if s.AppSyncParameters != nil { + if err := s.AppSyncParameters.Validate(); err != nil { + invalidParams.AddNested("AppSyncParameters", err.(request.ErrInvalidParams)) + } + } if s.BatchParameters != nil { if err := s.BatchParameters.Validate(); err != nil { invalidParams.AddNested("BatchParameters", err.(request.ErrInvalidParams)) @@ -16370,6 +16534,12 @@ func (s *Target) Validate() error { return nil } +// SetAppSyncParameters sets the AppSyncParameters field's value. +func (s *Target) SetAppSyncParameters(v *AppSyncParameters) *Target { + s.AppSyncParameters = v + return s +} + // SetArn sets the Arn field's value. func (s *Target) SetArn(v string) *Target { s.Arn = &v @@ -16962,7 +17132,11 @@ type UpdateConnectionApiKeyAuthRequestParameters struct { ApiKeyName *string `min:"1" type:"string"` // The value associated with teh API key to use for authorization. - ApiKeyValue *string `min:"1" type:"string"` + // + // ApiKeyValue is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateConnectionApiKeyAuthRequestParameters's + // String and GoString methods. + ApiKeyValue *string `min:"1" type:"string" sensitive:"true"` } // String returns the string representation. @@ -17104,7 +17278,11 @@ type UpdateConnectionBasicAuthRequestParameters struct { _ struct{} `type:"structure"` // The password associated with the user name to use for Basic authorization. - Password *string `min:"1" type:"string"` + // + // Password is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateConnectionBasicAuthRequestParameters's + // String and GoString methods. + Password *string `min:"1" type:"string" sensitive:"true"` // The user name to use for Basic authorization. Username *string `min:"1" type:"string"` @@ -17245,7 +17423,11 @@ type UpdateConnectionOAuthClientRequestParameters struct { ClientID *string `min:"1" type:"string"` // The client secret assciated with the client ID to use for OAuth authorization. - ClientSecret *string `min:"1" type:"string"` + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateConnectionOAuthClientRequestParameters's + // String and GoString methods. + ClientSecret *string `min:"1" type:"string" sensitive:"true"` } // String returns the string representation. @@ -18016,6 +18198,9 @@ const ( // RuleStateDisabled is a RuleState enum value RuleStateDisabled = "DISABLED" + + // RuleStateEnabledWithAllCloudtrailManagementEvents is a RuleState enum value + RuleStateEnabledWithAllCloudtrailManagementEvents = "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" ) // RuleState_Values returns all elements of the RuleState enum @@ -18023,5 +18208,6 @@ func RuleState_Values() []string { return []string{ RuleStateEnabled, RuleStateDisabled, + RuleStateEnabledWithAllCloudtrailManagementEvents, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go index 461dd14a79fb5..389613848bf02 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go @@ -167,9 +167,10 @@ func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInp // The caller of this operation must be granted the PassRole permission on the // IAM role by a permissions policy. // -// For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). -// For more information about instance profiles, see About instance profiles -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. For more information about instance profiles, see +// Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1357,11 +1358,12 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // Amazon Web Services. // // Amazon Web Services secures communication with some OIDC identity providers -// (IdPs) through our library of trusted certificate authorities (CAs) instead -// of using a certificate thumbprint to verify your IdP server certificate. -// These OIDC IdPs include Google, Auth0, and those that use an Amazon S3 bucket -// to host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint -// remains in your configuration, but is no longer used for validation. +// (IdPs) through our library of trusted root certificate authorities (CAs) +// instead of using a certificate thumbprint to verify your IdP server certificate. +// In these cases, your legacy thumbprint remains in your configuration, but +// is no longer used for validation. These OIDC IdPs include Auth0, GitHub, +// GitLab, Google, and those that use an Amazon S3 bucket to host a JSON Web +// Key Set (JWKS) endpoint. // // The trust for the OIDC provider is derived from the IAM provider that this // operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider @@ -1686,10 +1688,11 @@ func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *request.Request, o // CreateRole API operation for AWS Identity and Access Management. // -// Creates a new role for your Amazon Web Services account. For more information -// about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). -// For information about quotas for role names and the number of roles you can -// create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) +// Creates a new role for your Amazon Web Services account. +// +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. For information about quotas for role names and the +// number of roles you can create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2926,8 +2929,9 @@ func (c *IAM) DeleteInstanceProfileRequest(input *DeleteInstanceProfileInput) (r // that is associated with a running instance will break any applications running // on the instance. // -// For more information about instance profiles, see About instance profiles -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// For more information about instance profiles, see Using instance profiles +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5472,6 +5476,9 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // reports activity for at least the last 400 days, or less if your Region began // supporting this feature within the last year. For more information, see Regions // where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). +// For more information about services and actions for which action last accessed +// information is displayed, see IAM action last accessed information services +// and actions (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-action-last-accessed.html). // // The service last accessed data includes all attempts to access an Amazon // Web Services API, not just the successful ones. This includes all attempts @@ -5613,12 +5620,6 @@ func (c *IAM) GetAccessKeyLastUsedRequest(input *GetAccessKeyLastUsedInput) (req // // See the AWS API reference guide for AWS Identity and Access Management's // API operation GetAccessKeyLastUsed for usage and error information. -// -// Returned Error Codes: -// - ErrCodeNoSuchEntityException "NoSuchEntity" -// The request was rejected because it referenced a resource entity that does -// not exist. The error message describes the resource. -// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccessKeyLastUsed func (c *IAM) GetAccessKeyLastUsed(input *GetAccessKeyLastUsedInput) (*GetAccessKeyLastUsedOutput, error) { req, out := c.GetAccessKeyLastUsedRequest(input) @@ -6531,7 +6532,7 @@ func (c *IAM) GetInstanceProfileRequest(input *GetInstanceProfileInput) (req *re // // Retrieves information about the specified instance profile, including the // instance profile's path, GUID, ARN, and role. For more information about -// instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html) +// instance profiles, see Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -7195,7 +7196,8 @@ func (c *IAM) GetRoleRequest(input *GetRoleInput) (req *request.Request, output // // Retrieves information about the specified role, including the role's path, // GUID, ARN, and the role's trust policy that grants permission to assume the -// role. For more information about roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). +// role. For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. // // Policies returned by this operation are URL-encoded compliant with RFC 3986 // (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method @@ -7303,8 +7305,8 @@ func (c *IAM) GetRolePolicyRequest(input *GetRolePolicyInput) (req *request.Requ // (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) // in the IAM User Guide. // -// For more information about roles, see Using roles to delegate permissions -// and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8190,10 +8192,11 @@ func (c *IAM) ListAccessKeysRequest(input *ListAccessKeysInput) (req *request.Re // If the UserName is not specified, the user name is determined implicitly // based on the Amazon Web Services access key ID used to sign the request. // If a temporary access key is used, then UserName is required. If a long-term -// key is assigned to the user, then UserName is not required. This operation -// works for access keys under the Amazon Web Services account. Consequently, -// you can use this operation to manage Amazon Web Services account root user -// credentials even if the Amazon Web Services account has no associated users. +// key is assigned to the user, then UserName is not required. +// +// This operation works for access keys under the Amazon Web Services account. +// If the Amazon Web Services account has no associated users, the root user +// returns it's own access key IDs by running this command. // // To ensure the security of your Amazon Web Services account, the secret access // key is accessible only during key and user creation. @@ -9677,7 +9680,8 @@ func (c *IAM) ListInstanceProfilesRequest(input *ListInstanceProfilesInput) (req // // Lists the instance profiles that have the specified path prefix. If there // are none, the operation returns an empty list. For more information about -// instance profiles, see About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// instance profiles, see Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even @@ -9822,7 +9826,8 @@ func (c *IAM) ListInstanceProfilesForRoleRequest(input *ListInstanceProfilesForR // // Lists the instance profiles that have the specified associated IAM role. // If there are none, the operation returns an empty list. For more information -// about instance profiles, go to About instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// about instance profiles, go to Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -11361,7 +11366,8 @@ func (c *IAM) ListRolesRequest(input *ListRolesInput) (req *request.Request, out // // Lists the IAM roles that have the specified path prefix. If there are none, // the operation returns an empty list. For more information about roles, see -// Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). +// IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. // // IAM resource-listing operations return a subset of the available attributes // for the resource. This operation does not return the following attributes, @@ -13240,9 +13246,9 @@ func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *request.Requ // When you embed an inline policy in a role, the inline policy is used as part // of the role's access (permissions) policy. The role's trust policy is created // at the same time as the role, using CreateRole (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). -// You can update a role's trust policy using UpdateAssumerolePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). -// For more information about IAM roles, see Using roles to delegate permissions -// and federate identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). +// You can update a role's trust policy using UpdateAssumeRolePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) +// in the IAM User Guide. // // A role can also have a managed policy attached to it. To attach a managed // policy to a role, use AttachRolePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html). @@ -13674,9 +13680,10 @@ func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstance // an instance profile that is associated with a running instance might break // any applications running on the instance. // -// For more information about IAM roles, see Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). -// For more information about instance profiles, see About instance profiles -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html). +// For more information about roles, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// in the IAM User Guide. For more information about instance profiles, see +// Using instance profiles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16944,11 +16951,12 @@ func (c *IAM) UpdateOpenIDConnectProviderThumbprintRequest(input *UpdateOpenIDCo // as a principal fails until the certificate thumbprint is updated. // // Amazon Web Services secures communication with some OIDC identity providers -// (IdPs) through our library of trusted certificate authorities (CAs) instead -// of using a certificate thumbprint to verify your IdP server certificate. -// These OIDC IdPs include Google, Auth0, and those that use an Amazon S3 bucket -// to host a JSON Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint -// remains in your configuration, but is no longer used for validation. +// (IdPs) through our library of trusted root certificate authorities (CAs) +// instead of using a certificate thumbprint to verify your IdP server certificate. +// In these cases, your legacy thumbprint remains in your configuration, but +// is no longer used for validation. These OIDC IdPs include Auth0, GitHub, +// GitLab, Google, and those that use an Amazon S3 bucket to host a JSON Web +// Key Set (JWKS) endpoint. // // Trust for the OIDC provider is derived from the provider certificate and // is validated by the thumbprint. Therefore, it is best to limit access to @@ -33700,7 +33708,7 @@ type PutGroupPolicyInput struct { // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. // CloudFormation always converts a YAML policy to JSON format before submitting - // it to = IAM. + // it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 6d70114087b20..df96655802f99 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -75,6 +75,9 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // // Related operations: ScheduleKeyDeletion // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -270,6 +273,9 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // - UpdateCustomKeyStore // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -470,6 +476,9 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // // - UpdateAlias // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -664,6 +673,9 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // // - UpdateCustomKeyStore // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -750,15 +762,14 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // // - XksProxyUriInUseException // The request was rejected because the concatenation of the XksProxyUriEndpoint -// and XksProxyUriPath is already associated with an external key store in the -// Amazon Web Services account and Region. Each external key store in an account -// and Region must use a unique external key store proxy API address. +// and XksProxyUriPath is already associated with another external key store +// in this Amazon Web Services Region. Each external key store in a Region must +// use a unique external key store proxy API address. // // - XksProxyUriEndpointInUseException -// The request was rejected because the concatenation of the XksProxyUriEndpoint -// is already associated with an external key store in the Amazon Web Services -// account and Region. Each external key store in an account and Region must -// use a unique external key store proxy address. +// The request was rejected because the XksProxyUriEndpoint is already associated +// with another external key store in this Amazon Web Services Region. To identify +// the cause, see the error message that accompanies the exception. // // - XksProxyUriUnreachableException // KMS was unable to reach the specified XksProxyUriPath. The path must be reachable @@ -777,9 +788,9 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // // - XksProxyVpcEndpointServiceInUseException // The request was rejected because the specified Amazon VPC endpoint service -// is already associated with an external key store in the Amazon Web Services -// account and Region. Each external key store in an Amazon Web Services account -// and Region must use a different Amazon VPC endpoint service. +// is already associated with another external key store in this Amazon Web +// Services Region. Each external key store in a Region must use a different +// Amazon VPC endpoint service. // // - XksProxyVpcEndpointServiceNotFoundException // The request was rejected because KMS could not find the specified VPC endpoint @@ -790,8 +801,9 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // // - XksProxyVpcEndpointServiceInvalidConfigurationException // The request was rejected because the Amazon VPC endpoint service configuration -// does not fulfill the requirements for an external key store proxy. For details, -// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// does not fulfill the requirements for an external key store. To identify +// the cause, see the error message that accompanies the exception and review +// the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) // for Amazon VPC endpoint service connectivity for an external key store. // // - XksProxyInvalidResponseException @@ -801,9 +813,9 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // to the proxy vendor. // // - XksProxyInvalidConfigurationException -// The request was rejected because the Amazon VPC endpoint service configuration -// does not fulfill the requirements for an external key store proxy. For details, -// see the exception message. +// The request was rejected because the external key store proxy is not configured +// correctly. To identify the cause, see the error message that accompanies +// the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) { @@ -922,6 +934,9 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // // - RevokeGrant // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1218,6 +1233,9 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // // - ScheduleKeyDeletion // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1329,8 +1347,8 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // // - XksKeyAlreadyInUseException // The request was rejected because the (XksKeyId) is already associated with -// a KMS key in this external key store. Each KMS key in an external key store -// must be associated with a different external key. +// another KMS key in this external key store. Each KMS key in an external key +// store must be associated with a different external key. // // - XksKeyNotFoundException // The request was rejected because the external key store proxy could not find @@ -1462,10 +1480,10 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // or any Amazon Web Services SDK. Use the Recipient parameter to provide the // attestation document for the enclave. Instead of the plaintext data, the // response includes the plaintext data encrypted with the public key from the -// attestation document (CiphertextForRecipient).For information about the interaction -// between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services -// Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) -// in the Key Management Service Developer Guide.. +// attestation document (CiphertextForRecipient). For information about the +// interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon +// Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -1488,6 +1506,9 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // // - ReEncrypt // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1672,6 +1693,9 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // // - UpdateAlias // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1827,6 +1851,9 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // // - UpdateCustomKeyStore // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1971,6 +1998,9 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // // - ImportKeyMaterial // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2140,6 +2170,9 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // // - UpdateCustomKeyStore // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2288,11 +2321,11 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // signing, or generating and verifying MACs) and the algorithms that the KMS // key supports. // -// For multi-Region keys (kms/latest/developerguide/multi-region-keys-overview.html), +// For multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html), // DescribeKey displays the primary key and all related replica keys. For KMS -// keys in CloudHSM key stores (kms/latest/developerguide/keystore-cloudhsm.html), +// keys in CloudHSM key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html), // it includes information about the key store, such as the key store ID and -// the CloudHSM cluster ID. For KMS keys in external key stores (kms/latest/developerguide/keystore-external.html), +// the CloudHSM cluster ID. For KMS keys in external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html), // it includes the custom key store ID and the ID of the external key. // // DescribeKey does not return the following information: @@ -2338,6 +2371,9 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // // - ListRetirableGrants // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2448,6 +2484,9 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // // Related operations: EnableKey // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2593,6 +2632,9 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // // - GetKeyRotationStatus // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2752,6 +2794,9 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // // - UpdateCustomKeyStore // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2879,6 +2924,9 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // // Related operations: DisableKey // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2994,7 +3042,7 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // of the specified symmetric encryption KMS key. // -// When you enable automatic rotation of acustomer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), +// When you enable automatic rotation of a customer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), // KMS rotates the key material of the KMS key one year (approximately 365 days) // from the enable date and every year thereafter. You can monitor rotation // of the key material for your KMS keys in CloudTrail and Amazon CloudWatch. @@ -3043,6 +3091,9 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // // - GetKeyRotationStatus // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3220,6 +3271,9 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // // - GenerateDataKeyPair // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3445,6 +3499,9 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // // - GenerateDataKeyWithoutPlaintext // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3582,8 +3639,8 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // private key that is encrypted under the symmetric encryption KMS key you // specify. You can use the data key pair to perform asymmetric cryptography // and implement digital signatures outside of KMS. The bytes in the keys are -// random; they not related to the caller or to the KMS key that is used to -// encrypt the private key. +// random; they are not related to the caller or to the KMS key that is used +// to encrypt the private key. // // You can use the public key that GenerateDataKeyPair returns to encrypt data // or verify a signature outside of KMS. Then, store the encrypted private key @@ -3660,6 +3717,9 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // // - GenerateDataKeyWithoutPlaintext // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3854,6 +3914,9 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // // - GenerateDataKeyWithoutPlaintext // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4060,6 +4123,9 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // // - GenerateDataKeyPairWithoutPlaintext // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4226,6 +4292,9 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request, // // Related operations: VerifyMac // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4383,6 +4452,9 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // Required permissions: kms:GenerateRandom (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4510,7 +4582,10 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // Required permissions: kms:GetKeyPolicy (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) // -// Related operations: PutKeyPolicy +// Related operations: PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4676,6 +4751,9 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // // - EnableKeyRotation // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4800,11 +4878,11 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // Origin value of EXTERNAL to create a KMS key with no key material. You can // import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric // encryption KMS key, or asymmetric signing KMS key. You can also import key -// material into a multi-Region key (kms/latest/developerguide/multi-region-keys-overview.html) +// material into a multi-Region key (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) // of any supported type. However, you can't import key material into a KMS -// key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html). +// key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // You can also use GetParametersForImport to get a public key and import token -// to reimport the original key material (kms/latest/developerguide/importing-keys.html#reimport-key-material) +// to reimport the original key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) // into a KMS key whose key material expired or was deleted. // // GetParametersForImport returns the items that you need to import your key @@ -4853,6 +4931,9 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // // - DeleteImportedKeyMaterial // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5017,6 +5098,9 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // // Related operations: CreateKey // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5256,6 +5340,9 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // // - GetParametersForImport // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5431,6 +5518,9 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // // - UpdateAlias // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5615,6 +5705,9 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // // - RevokeGrant // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5799,7 +5892,10 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // // - GetKeyPolicy // -// - PutKeyPolicy +// - PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5983,6 +6079,9 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu // // - ListResourceTags // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6149,6 +6248,9 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques // // - UntagResource // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6311,14 +6413,22 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). // // Cross-account use: You must specify a principal in your Amazon Web Services -// account. However, this operation can return grants in any Amazon Web Services -// account. You do not need kms:ListRetirableGrants permission (or any other -// additional permission) in any Amazon Web Services account other than your -// own. +// account. This operation returns a list of grants where the retiring principal +// specified in the ListRetirableGrants request is the same retiring principal +// on the grant. This can include grants on KMS keys owned by other Amazon Web +// Services accounts, but you do not need kms:ListRetirableGrants permission +// (or any other additional permission) in any Amazon Web Services account other +// than your own. // // Required permissions: kms:ListRetirableGrants (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) in your Amazon Web Services account. // +// KMS authorizes ListRetirableGrants requests by evaluating the caller account's +// kms:ListRetirableGrants permissions. The authorized resource in ListRetirableGrants +// calls is the retiring principal specified in the request. KMS does not evaluate +// the caller's permissions to verify their access to any KMS keys or grants +// that might be returned by the ListRetirableGrants call. +// // Related operations: // // - CreateGrant @@ -6329,6 +6439,9 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // // - RevokeGrant // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6493,6 +6606,9 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // // Related operations: GetKeyPolicy // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6697,6 +6813,9 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // // - GenerateDataKeyPair // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6900,7 +7019,7 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // If you replicate a multi-Region primary key with imported key material, the // replica key is created with no key material. You must import the same key // material that you imported into the primary key. For details, see Importing -// key material into multi-Region keys (kms/latest/developerguide/multi-region-keys-import.html) +// key material into multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html) // in the Key Management Service Developer Guide. // // To convert a replica key to a primary key, use the UpdatePrimaryRegion operation. @@ -6927,6 +7046,9 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // // - UpdatePrimaryRegion // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7073,7 +7195,7 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // Cross-account use: Yes. You can retire a grant on a KMS key in a different // Amazon Web Services account. // -// Required permissions::Permission to retire a grant is determined primarily +// Required permissions: Permission to retire a grant is determined primarily // by the grant. For details, see Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) // in the Key Management Service Developer Guide. // @@ -7087,6 +7209,9 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // // - RevokeGrant // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7236,6 +7361,9 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // // - RetireGrant // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7360,7 +7488,7 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // // Deleting a KMS key is a destructive and potentially dangerous operation. // When a KMS key is deleted, all data that was encrypted under the KMS key -// is unrecoverable. (The only exception is a multi-Region replica key (kms/latest/developerguide/multi-region-keys-delete.html), +// is unrecoverable. (The only exception is a multi-Region replica key (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html), // or an asymmetric or HMAC KMS key with imported key material (kms/latest/developerguide/importing-keys-managing.html#import-delete-key).) // To prevent the use of a KMS key without deleting it, use DisableKey. // @@ -7406,6 +7534,9 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // // - DisableKey // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7566,6 +7697,9 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // // Related operations: Verify // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7744,6 +7878,9 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // // - UntagResource // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7892,6 +8029,9 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // // - TagResource // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8050,6 +8190,9 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // // - ListAliases // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8240,6 +8383,9 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // // - DisconnectCustomKeyStore // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8349,15 +8495,14 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // // - XksProxyUriInUseException // The request was rejected because the concatenation of the XksProxyUriEndpoint -// and XksProxyUriPath is already associated with an external key store in the -// Amazon Web Services account and Region. Each external key store in an account -// and Region must use a unique external key store proxy API address. +// and XksProxyUriPath is already associated with another external key store +// in this Amazon Web Services Region. Each external key store in a Region must +// use a unique external key store proxy API address. // // - XksProxyUriEndpointInUseException -// The request was rejected because the concatenation of the XksProxyUriEndpoint -// is already associated with an external key store in the Amazon Web Services -// account and Region. Each external key store in an account and Region must -// use a unique external key store proxy address. +// The request was rejected because the XksProxyUriEndpoint is already associated +// with another external key store in this Amazon Web Services Region. To identify +// the cause, see the error message that accompanies the exception. // // - XksProxyUriUnreachableException // KMS was unable to reach the specified XksProxyUriPath. The path must be reachable @@ -8376,9 +8521,9 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // // - XksProxyVpcEndpointServiceInUseException // The request was rejected because the specified Amazon VPC endpoint service -// is already associated with an external key store in the Amazon Web Services -// account and Region. Each external key store in an Amazon Web Services account -// and Region must use a different Amazon VPC endpoint service. +// is already associated with another external key store in this Amazon Web +// Services Region. Each external key store in a Region must use a different +// Amazon VPC endpoint service. // // - XksProxyVpcEndpointServiceNotFoundException // The request was rejected because KMS could not find the specified VPC endpoint @@ -8389,8 +8534,9 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // // - XksProxyVpcEndpointServiceInvalidConfigurationException // The request was rejected because the Amazon VPC endpoint service configuration -// does not fulfill the requirements for an external key store proxy. For details, -// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// does not fulfill the requirements for an external key store. To identify +// the cause, see the error message that accompanies the exception and review +// the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) // for Amazon VPC endpoint service connectivity for an external key store. // // - XksProxyInvalidResponseException @@ -8400,9 +8546,9 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // to the proxy vendor. // // - XksProxyInvalidConfigurationException -// The request was rejected because the Amazon VPC endpoint service configuration -// does not fulfill the requirements for an external key store proxy. For details, -// see the exception message. +// The request was rejected because the external key store proxy is not configured +// correctly. To identify the cause, see the error message that accompanies +// the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) { @@ -8489,6 +8635,9 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // // - DescribeKey // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8667,6 +8816,9 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req * // // - ReplicateKey // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8823,6 +8975,9 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // // Related operations: Sign // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8988,6 +9143,9 @@ func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, out // // Related operations: GenerateMac // +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9985,7 +10143,7 @@ type CreateCustomKeyStoreInput struct { // // * An external key store with PUBLIC_ENDPOINT connectivity cannot use the // same XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE - // connectivity in the same Amazon Web Services Region. + // connectivity in this Amazon Web Services Region. // // * Each external key store with VPC_ENDPOINT_SERVICE connectivity must // have its own private DNS name. The XksProxyUriEndpoint value for external @@ -10454,8 +10612,8 @@ type CreateKeyInput struct { // in the Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is - // making the request from making a subsequent PutKeyPolicy request on the KMS - // key. + // making the request from making a subsequent PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) + // request on the KMS key. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). @@ -11459,7 +11617,7 @@ type DecryptInput struct { // To get the alias name and alias ARN, use ListAliases. KeyId *string `min:"1" type:"string"` - // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // A signed attestation document (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-attestdoc) // from an Amazon Web Services Nitro enclave and the encryption algorithm to // use with the enclave's public key. The only valid encryption algorithm is // RSAES_OAEP_SHA_256. @@ -14537,8 +14695,8 @@ type GetParametersForImportInput struct { // algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key // material. // - // * RSAES_PKCS1_V1_5 (Deprecated) — Supported only for symmetric encryption - // key material (and only in legacy mode). + // * RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not + // support the RSAES_PKCS1_V1_5 wrapping algorithm. // // WrappingAlgorithm is a required field WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` @@ -17791,8 +17949,8 @@ type PutKeyPolicyInput struct { // in the Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is - // making the request from making a subsequent PutKeyPolicy request on the KMS - // key. + // making the request from making a subsequent PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) + // request on the KMS key. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` // Sets the key policy on the specified KMS key. @@ -18330,8 +18488,8 @@ type ReplicateKeyInput struct { // in the Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is - // making the request from making a subsequent PutKeyPolicy request on the KMS - // key. + // making the request from making a subsequent PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) + // request on the KMS key. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` // A description of the KMS key. The default value is an empty string (no description). @@ -20662,8 +20820,8 @@ func (s *VerifyOutput) SetSigningAlgorithm(v string) *VerifyOutput { } // The request was rejected because the (XksKeyId) is already associated with -// a KMS key in this external key store. Each KMS key in an external key store -// must be associated with a different external key. +// another KMS key in this external key store. Each KMS key in an external key +// store must be associated with a different external key. type XksKeyAlreadyInUseException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -21145,9 +21303,9 @@ func (s *XksProxyIncorrectAuthenticationCredentialException) RequestID() string return s.RespMetadata.RequestID } -// The request was rejected because the Amazon VPC endpoint service configuration -// does not fulfill the requirements for an external key store proxy. For details, -// see the exception message. +// The request was rejected because the external key store proxy is not configured +// correctly. To identify the cause, see the error message that accompanies +// the exception. type XksProxyInvalidConfigurationException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -21278,10 +21436,9 @@ func (s *XksProxyInvalidResponseException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the concatenation of the XksProxyUriEndpoint -// is already associated with an external key store in the Amazon Web Services -// account and Region. Each external key store in an account and Region must -// use a unique external key store proxy address. +// The request was rejected because the XksProxyUriEndpoint is already associated +// with another external key store in this Amazon Web Services Region. To identify +// the cause, see the error message that accompanies the exception. type XksProxyUriEndpointInUseException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -21346,9 +21503,9 @@ func (s *XksProxyUriEndpointInUseException) RequestID() string { } // The request was rejected because the concatenation of the XksProxyUriEndpoint -// and XksProxyUriPath is already associated with an external key store in the -// Amazon Web Services account and Region. Each external key store in an account -// and Region must use a unique external key store proxy API address. +// and XksProxyUriPath is already associated with another external key store +// in this Amazon Web Services Region. Each external key store in a Region must +// use a unique external key store proxy API address. type XksProxyUriInUseException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -21482,9 +21639,9 @@ func (s *XksProxyUriUnreachableException) RequestID() string { } // The request was rejected because the specified Amazon VPC endpoint service -// is already associated with an external key store in the Amazon Web Services -// account and Region. Each external key store in an Amazon Web Services account -// and Region must use a different Amazon VPC endpoint service. +// is already associated with another external key store in this Amazon Web +// Services Region. Each external key store in a Region must use a different +// Amazon VPC endpoint service. type XksProxyVpcEndpointServiceInUseException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -21549,8 +21706,9 @@ func (s *XksProxyVpcEndpointServiceInUseException) RequestID() string { } // The request was rejected because the Amazon VPC endpoint service configuration -// does not fulfill the requirements for an external key store proxy. For details, -// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// does not fulfill the requirements for an external key store. To identify +// the cause, see the error message that accompanies the exception and review +// the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) // for Amazon VPC endpoint service connectivity for an external key store. type XksProxyVpcEndpointServiceInvalidConfigurationException struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go index 5810320c1168e..7efa95c27d490 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go @@ -367,8 +367,8 @@ const ( // "XksKeyAlreadyInUseException". // // The request was rejected because the (XksKeyId) is already associated with - // a KMS key in this external key store. Each KMS key in an external key store - // must be associated with a different external key. + // another KMS key in this external key store. Each KMS key in an external key + // store must be associated with a different external key. ErrCodeXksKeyAlreadyInUseException = "XksKeyAlreadyInUseException" // ErrCodeXksKeyInvalidConfigurationException for service response error code @@ -409,9 +409,9 @@ const ( // ErrCodeXksProxyInvalidConfigurationException for service response error code // "XksProxyInvalidConfigurationException". // - // The request was rejected because the Amazon VPC endpoint service configuration - // does not fulfill the requirements for an external key store proxy. For details, - // see the exception message. + // The request was rejected because the external key store proxy is not configured + // correctly. To identify the cause, see the error message that accompanies + // the exception. ErrCodeXksProxyInvalidConfigurationException = "XksProxyInvalidConfigurationException" // ErrCodeXksProxyInvalidResponseException for service response error code @@ -426,19 +426,18 @@ const ( // ErrCodeXksProxyUriEndpointInUseException for service response error code // "XksProxyUriEndpointInUseException". // - // The request was rejected because the concatenation of the XksProxyUriEndpoint - // is already associated with an external key store in the Amazon Web Services - // account and Region. Each external key store in an account and Region must - // use a unique external key store proxy address. + // The request was rejected because the XksProxyUriEndpoint is already associated + // with another external key store in this Amazon Web Services Region. To identify + // the cause, see the error message that accompanies the exception. ErrCodeXksProxyUriEndpointInUseException = "XksProxyUriEndpointInUseException" // ErrCodeXksProxyUriInUseException for service response error code // "XksProxyUriInUseException". // // The request was rejected because the concatenation of the XksProxyUriEndpoint - // and XksProxyUriPath is already associated with an external key store in the - // Amazon Web Services account and Region. Each external key store in an account - // and Region must use a unique external key store proxy API address. + // and XksProxyUriPath is already associated with another external key store + // in this Amazon Web Services Region. Each external key store in a Region must + // use a unique external key store proxy API address. ErrCodeXksProxyUriInUseException = "XksProxyUriInUseException" // ErrCodeXksProxyUriUnreachableException for service response error code @@ -456,17 +455,18 @@ const ( // "XksProxyVpcEndpointServiceInUseException". // // The request was rejected because the specified Amazon VPC endpoint service - // is already associated with an external key store in the Amazon Web Services - // account and Region. Each external key store in an Amazon Web Services account - // and Region must use a different Amazon VPC endpoint service. + // is already associated with another external key store in this Amazon Web + // Services Region. Each external key store in a Region must use a different + // Amazon VPC endpoint service. ErrCodeXksProxyVpcEndpointServiceInUseException = "XksProxyVpcEndpointServiceInUseException" // ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException for service response error code // "XksProxyVpcEndpointServiceInvalidConfigurationException". // // The request was rejected because the Amazon VPC endpoint service configuration - // does not fulfill the requirements for an external key store proxy. For details, - // see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) + // does not fulfill the requirements for an external key store. To identify + // the cause, see the error message that accompanies the exception and review + // the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) // for Amazon VPC endpoint service connectivity for an external key store. ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException = "XksProxyVpcEndpointServiceInvalidConfigurationException" diff --git a/vendor/github.com/aws/aws-sdk-go/service/pricing/api.go b/vendor/github.com/aws/aws-sdk-go/service/pricing/api.go index 44b29e3fe8e3e..ba3b5c30931b9 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/pricing/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/pricing/api.go @@ -1707,7 +1707,9 @@ type ListPriceListsInput struct { // and Reserved Instance (RI) pricing, use the DescribeServices (https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_pricing_DescribeServices.html#awscostmanagement-pricing_DescribeServices-request-FormatVersion) // API. // - // To retrieve the Compute Savings Plan price lists, use ComputeSavingsPlans. + // To retrieve the Reserved Instance and Compute Savings Plan price lists, use + // ComputeSavingsPlans. + // // To retrieve Machine Learning Savings Plans price lists, use MachineLearningSavingsPlans. // // ServiceCode is a required field diff --git a/vendor/github.com/aws/aws-sdk-go/service/pricing/doc.go b/vendor/github.com/aws/aws-sdk-go/service/pricing/doc.go index 5d9a35831b502..a7f80b9f9916a 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/pricing/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/pricing/doc.go @@ -27,12 +27,8 @@ // you can use GetProducts to find specific products that you're interested // in, such as an AmazonEC2 instance, with a Provisioned IOPS volumeType. // -// You can use the following endpoints for the Amazon Web Services Price List -// API: -// -// - https://api.pricing.us-east-1.amazonaws.com -// -// - https://api.pricing.ap-south-1.amazonaws.com +// For more information, see Using the Amazon Web Services Price List API (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/price-changes.html) +// in the Billing User Guide. // // See https://docs.aws.amazon.com/goto/WebAPI/pricing-2017-10-15 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/api.go b/vendor/github.com/aws/aws-sdk-go/service/route53/api.go index 046397c6116ae..7034b6149a82e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/route53/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/route53/api.go @@ -474,8 +474,8 @@ func (c *Route53) ChangeResourceRecordSetsRequest(input *ChangeResourceRecordSet // - DELETE: Deletes an existing resource record set that has the specified // values. // -// - UPSERT: If a resource set exists Route 53 updates it with the values -// in the request. +// - UPSERT: If a resource set doesn't exist, Route 53 creates it. If a resource +// set exists Route 53 updates it with the values in the request. // // # Syntaxes for Creating, Updating, and Deleting Resource Record Sets // @@ -492,11 +492,11 @@ func (c *Route53) ChangeResourceRecordSetsRequest(input *ChangeResourceRecordSet // # Change Propagation to Route 53 DNS Servers // // When you submit a ChangeResourceRecordSets request, Route 53 propagates your -// changes to all of the Route 53 authoritative DNS servers. While your changes -// are propagating, GetChange returns a status of PENDING. When propagation -// is complete, GetChange returns a status of INSYNC. Changes generally propagate -// to all Route 53 name servers within 60 seconds. For more information, see -// GetChange (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GetChange.html). +// changes to all of the Route 53 authoritative DNS servers managing the hosted +// zone. While your changes are propagating, GetChange returns a status of PENDING. +// When propagation is complete, GetChange returns a status of INSYNC. Changes +// generally propagate to all Route 53 name servers managing the hosted zone +// within 60 seconds. For more information, see GetChange (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GetChange.html). // // # Limits on ChangeResourceRecordSets Requests // @@ -1728,6 +1728,13 @@ func (c *Route53) CreateTrafficPolicyInstanceRequest(input *CreateTrafficPolicyI // responds to DNS queries for the domain or subdomain name by using the resource // record sets that CreateTrafficPolicyInstance created. // +// After you submit an CreateTrafficPolicyInstance request, there's a brief +// delay while Amazon Route 53 creates the resource record sets that are specified +// in the traffic policy definition. Use GetTrafficPolicyInstance with the id +// of new traffic policy instance to confirm that the CreateTrafficPolicyInstance +// request completed successfully. For more information, see the State response +// element. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3500,11 +3507,11 @@ func (c *Route53) GetChangeRequest(input *GetChangeInput) (req *request.Request, // the following values: // // - PENDING indicates that the changes in this request have not propagated -// to all Amazon Route 53 DNS servers. This is the initial status of all -// change batch requests. +// to all Amazon Route 53 DNS servers managing the hosted zone. This is the +// initial status of all change batch requests. // // - INSYNC indicates that the changes have propagated to all Route 53 DNS -// servers. +// servers managing the hosted zone. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4780,10 +4787,10 @@ func (c *Route53) GetTrafficPolicyInstanceRequest(input *GetTrafficPolicyInstanc // // Gets information about a specified traffic policy instance. // -// After you submit a CreateTrafficPolicyInstance or an UpdateTrafficPolicyInstance -// request, there's a brief delay while Amazon Route 53 creates the resource -// record sets that are specified in the traffic policy definition. For more -// information, see the State response element. +// Use GetTrafficPolicyInstance with the id of new traffic policy instance to +// confirm that the CreateTrafficPolicyInstance or an UpdateTrafficPolicyInstance +// request completed successfully. For more information, see the State response +// element. // // In the Route 53 console, traffic policy instances are known as policy records. // @@ -7155,6 +7162,11 @@ func (c *Route53) TestDNSAnswerRequest(input *TestDNSAnswerInput) (req *request. // // This call only supports querying public hosted zones. // +// The TestDnsAnswer returns information similar to what you would expect from +// the answer section of the dig command. Therefore, if you query for the name +// servers of a subdomain that point to the parent name servers, those will +// not be returned. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7500,6 +7512,12 @@ func (c *Route53) UpdateTrafficPolicyInstanceRequest(input *UpdateTrafficPolicyI // UpdateTrafficPolicyInstance API operation for Amazon Route 53. // +// After you submit a UpdateTrafficPolicyInstance request, there's a brief delay +// while Route 53 creates the resource record sets that are specified in the +// traffic policy definition. Use GetTrafficPolicyInstance with the id of updated +// traffic policy instance confirm that the UpdateTrafficPolicyInstance request +// completed successfully. For more information, see the State response element. +// // Updates the resource record sets in a specified hosted zone that were created // based on the settings in a specified traffic policy version. // @@ -8068,7 +8086,7 @@ type AliasTarget struct { // in. The environment must have a regionalized subdomain. For a list of regions // and the corresponding hosted zone IDs, see Elastic Beanstalk endpoints and // quotas (https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html) - // in the the Amazon Web Services General Reference. + // in the Amazon Web Services General Reference. // // ELB load balancer // @@ -9314,6 +9332,75 @@ func (s *CollectionSummary) SetVersion(v int64) *CollectionSummary { return s } +// A complex type that lists the coordinates for a geoproximity resource record. +type Coordinates struct { + _ struct{} `type:"structure"` + + // Specifies a coordinate of the north–south position of a geographic point + // on the surface of the Earth (-90 - 90). + // + // Latitude is a required field + Latitude *string `min:"1" type:"string" required:"true"` + + // Specifies a coordinate of the east–west position of a geographic point + // on the surface of the Earth (-180 - 180). + // + // Longitude is a required field + Longitude *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Coordinates) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Coordinates) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Coordinates) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Coordinates"} + if s.Latitude == nil { + invalidParams.Add(request.NewErrParamRequired("Latitude")) + } + if s.Latitude != nil && len(*s.Latitude) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Latitude", 1)) + } + if s.Longitude == nil { + invalidParams.Add(request.NewErrParamRequired("Longitude")) + } + if s.Longitude != nil && len(*s.Longitude) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Longitude", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLatitude sets the Latitude field's value. +func (s *Coordinates) SetLatitude(v string) *Coordinates { + s.Latitude = &v + return s +} + +// SetLongitude sets the Longitude field's value. +func (s *Coordinates) SetLongitude(v string) *Coordinates { + s.Longitude = &v + return s +} + type CreateCidrCollectionInput struct { _ struct{} `locationName:"CreateCidrCollectionRequest" type:"structure" xmlURI:"https://route53.amazonaws.com/doc/2013-04-01/"` @@ -9448,6 +9535,10 @@ type CreateHealthCheckInput struct { // but settings identical to an existing health check, Route 53 creates the // health check. // + // Route 53 does not store the CallerReference for a deleted health check indefinitely. + // The CallerReference for a deleted health check will be deleted after a number + // of days. + // // CallerReference is a required field CallerReference *string `min:"1" type:"string" required:"true"` @@ -9574,6 +9665,11 @@ type CreateHostedZoneInput struct { // the ID that Amazon Route 53 assigned to the reusable delegation set when // you created it. For more information about reusable delegation sets, see // CreateReusableDelegationSet (https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateReusableDelegationSet.html). + // + // If you are using a reusable delegation set to create a public hosted zone + // for a subdomain, make sure that the parent hosted zone doesn't use one or + // more of the same name servers. If you have overlapping nameservers, the operation + // will cause a ConflictingDomainsExist error. DelegationSetId *string `type:"string"` // (Optional) A complex type that contains the following optional values: @@ -10711,7 +10807,7 @@ func (s *CreateVPCAssociationAuthorizationOutput) SetVPC(v *VPC) *CreateVPCAssoc return s } -// A string repesenting the status of DNSSEC signing. +// A string representing the status of DNSSEC signing. type DNSSECStatus struct { _ struct{} `type:"structure"` @@ -12035,6 +12131,8 @@ type GeoLocation struct { // // Amazon Route 53 uses the two-letter country codes that are specified in ISO // standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). + // + // Route 53 also supports the country code UA for Ukraine. CountryCode *string `min:"1" type:"string"` // For geolocation resource record sets, the two-letter code for a state of @@ -12186,6 +12284,120 @@ func (s *GeoLocationDetails) SetSubdivisionName(v string) *GeoLocationDetails { return s } +// (Resource record sets only): A complex type that lets you control how Amazon +// Route 53 responds to DNS queries based on the geographic origin of the query +// and your resources. Only one of , LocalZoneGroup, Coordinates, or Amazon +// Web ServicesRegion is allowed per request at a time. +// +// For more information about geoproximity routing, see Geoproximity routing +// (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-geoproximity.html) +// in the Amazon Route 53 Developer Guide. +type GeoProximityLocation struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Region the resource you are directing DNS traffic + // to, is in. + AWSRegion *string `min:"1" type:"string"` + + // The bias increases or decreases the size of the geographic region from which + // Route 53 routes traffic to a resource. + // + // To use Bias to change the size of the geographic region, specify the applicable + // value for the bias: + // + // * To expand the size of the geographic region from which Route 53 routes + // traffic to a resource, specify a positive integer from 1 to 99 for the + // bias. Route 53 shrinks the size of adjacent regions. + // + // * To shrink the size of the geographic region from which Route 53 routes + // traffic to a resource, specify a negative bias of -1 to -99. Route 53 + // expands the size of adjacent regions. + Bias *int64 `type:"integer"` + + // Contains the longitude and latitude for a geographic region. + Coordinates *Coordinates `type:"structure"` + + // Specifies an Amazon Web Services Local Zone Group. + // + // A local Zone Group is usually the Local Zone code without the ending character. + // For example, if the Local Zone is us-east-1-bue-1a the Local Zone Group is + // us-east-1-bue-1. + // + // You can identify the Local Zones Group for a specific Local Zone by using + // the describe-availability-zones (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-availability-zones.html) + // CLI command: + // + // This command returns: "GroupName": "us-west-2-den-1", specifying that the + // Local Zone us-west-2-den-1a belongs to the Local Zone Group us-west-2-den-1. + LocalZoneGroup *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GeoProximityLocation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GeoProximityLocation) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GeoProximityLocation) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GeoProximityLocation"} + if s.AWSRegion != nil && len(*s.AWSRegion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AWSRegion", 1)) + } + if s.Bias != nil && *s.Bias < -99 { + invalidParams.Add(request.NewErrParamMinValue("Bias", -99)) + } + if s.LocalZoneGroup != nil && len(*s.LocalZoneGroup) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LocalZoneGroup", 1)) + } + if s.Coordinates != nil { + if err := s.Coordinates.Validate(); err != nil { + invalidParams.AddNested("Coordinates", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAWSRegion sets the AWSRegion field's value. +func (s *GeoProximityLocation) SetAWSRegion(v string) *GeoProximityLocation { + s.AWSRegion = &v + return s +} + +// SetBias sets the Bias field's value. +func (s *GeoProximityLocation) SetBias(v int64) *GeoProximityLocation { + s.Bias = &v + return s +} + +// SetCoordinates sets the Coordinates field's value. +func (s *GeoProximityLocation) SetCoordinates(v *Coordinates) *GeoProximityLocation { + s.Coordinates = v + return s +} + +// SetLocalZoneGroup sets the LocalZoneGroup field's value. +func (s *GeoProximityLocation) SetLocalZoneGroup(v string) *GeoProximityLocation { + s.LocalZoneGroup = &v + return s +} + // A complex type that contains information about the request to create a hosted // zone. type GetAccountLimitInput struct { @@ -12506,7 +12718,7 @@ type GetDNSSECOutput struct { // KeySigningKeys is a required field KeySigningKeys []*KeySigningKey `type:"list" required:"true"` - // A string repesenting the status of DNSSEC. + // A string representing the status of DNSSEC. // // Status is a required field Status *DNSSECStatus `type:"structure" required:"true"` @@ -12567,6 +12779,8 @@ type GetGeoLocationInput struct { // Amazon Route 53 uses the two-letter country codes that are specified in ISO // standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). + // + // Route 53 also supports the country code UA for Ukraine. CountryCode *string `location:"querystring" locationName:"countrycode" min:"1" type:"string"` // The code for the subdivision, such as a particular state within the United @@ -14211,7 +14425,7 @@ type HealthCheckConfig struct { // checkers consider to be healthy and compares that number with the value // of HealthThreshold. // - // * RECOVERY_CONTROL: The health check is assocated with a Route53 Application + // * RECOVERY_CONTROL: The health check is associated with a Route53 Application // Recovery Controller routing control. If the routing control state is ON, // the health check is considered healthy. If the state is OFF, the health // check is considered unhealthy. @@ -15569,8 +15783,8 @@ type ListHealthChecksInput struct { // The maximum number of health checks that you want ListHealthChecks to return // in response to the current request. Amazon Route 53 returns a maximum of - // 100 items. If you set MaxItems to a value greater than 100, Route 53 returns - // only the first 100 health checks. + // 1000 items. If you set MaxItems to a value greater than 1000, Route 53 returns + // only the first 1000 health checks. MaxItems *string `location:"querystring" locationName:"maxitems" type:"string"` } @@ -16030,6 +16244,9 @@ type ListHostedZonesInput struct { // the ID of that reusable delegation set. DelegationSetId *string `location:"querystring" locationName:"delegationsetid" type:"string"` + // (Optional) Specifies if the hosted zone is private. + HostedZoneType *string `location:"querystring" locationName:"hostedzonetype" type:"string" enum:"HostedZoneType"` + // If the value of IsTruncated in the previous response was true, you have more // hosted zones. To get more hosted zones, submit another ListHostedZones request. // @@ -16073,6 +16290,12 @@ func (s *ListHostedZonesInput) SetDelegationSetId(v string) *ListHostedZonesInpu return s } +// SetHostedZoneType sets the HostedZoneType field's value. +func (s *ListHostedZonesInput) SetHostedZoneType(v string) *ListHostedZonesInput { + s.HostedZoneType = &v + return s +} + // SetMarker sets the Marker field's value. func (s *ListHostedZonesInput) SetMarker(v string) *ListHostedZonesInput { s.Marker = &v @@ -18113,9 +18336,6 @@ type ResourceRecordSet struct { // to a web server with an IP address of 192.0.2.111, create a resource record // set with a Type of A and a ContinentCode of AF. // - // Although creating geolocation and geolocation alias resource record sets - // in a private hosted zone is allowed, it's not supported. - // // If you create separate resource record sets for overlapping geographic regions // (for example, one resource record set for a continent and one for a country // on the same continent), priority goes to the smallest geographic region. @@ -18144,6 +18364,11 @@ type ResourceRecordSet struct { // values for the Name and Type elements as geolocation resource record sets. GeoLocation *GeoLocation `type:"structure"` + // GeoproximityLocation resource record sets only: A complex type that lets + // you control how Route 53 responds to DNS queries based on the geographic + // origin of the query and your resources. + GeoProximityLocation *GeoProximityLocation `type:"structure"` + // If you want Amazon Route 53 to return this resource record set in response // to a DNS query only when the status of a health check is healthy, include // the HealthCheckId element and specify the ID of the applicable health check. @@ -18302,11 +18527,6 @@ type ResourceRecordSet struct { // You can't use the * wildcard for resource records sets that have a type // of NS. // - // You can use the * wildcard as the leftmost label in a domain name, for example, - // *.example.com. You can't use an * for one of the middle labels, for example, - // marketing.*.example.com. In addition, the * must replace the entire label; - // for example, you can't specify prod*.example.com. - // // Name is a required field Name *string `type:"string" required:"true"` @@ -18526,6 +18746,11 @@ func (s *ResourceRecordSet) Validate() error { invalidParams.AddNested("GeoLocation", err.(request.ErrInvalidParams)) } } + if s.GeoProximityLocation != nil { + if err := s.GeoProximityLocation.Validate(); err != nil { + invalidParams.AddNested("GeoProximityLocation", err.(request.ErrInvalidParams)) + } + } if s.ResourceRecords != nil { for i, v := range s.ResourceRecords { if v == nil { @@ -18567,6 +18792,12 @@ func (s *ResourceRecordSet) SetGeoLocation(v *GeoLocation) *ResourceRecordSet { return s } +// SetGeoProximityLocation sets the GeoProximityLocation field's value. +func (s *ResourceRecordSet) SetGeoProximityLocation(v *GeoProximityLocation) *ResourceRecordSet { + s.GeoProximityLocation = v + return s +} + // SetHealthCheckId sets the HealthCheckId field's value. func (s *ResourceRecordSet) SetHealthCheckId(v string) *ResourceRecordSet { s.HealthCheckId = &v @@ -19477,6 +19708,10 @@ type UpdateHealthCheckInput struct { // you specify in RequestInterval. Using an IPv4 address that is returned by // DNS, Route 53 then checks the health of the endpoint. // + // If you don't specify a value for IPAddress, you can’t update the health + // check to remove the FullyQualifiedDomainName; if you don’t specify a value + // for IPAddress on creation, a FullyQualifiedDomainName is required. + // // If you don't specify a value for IPAddress, Route 53 uses only IPv4 to send // health checks to the endpoint. If there's no resource record set with a type // of A for the name that you specify for FullyQualifiedDomainName, the health @@ -20427,6 +20662,12 @@ const ( // CloudWatchRegionApSoutheast4 is a CloudWatchRegion enum value CloudWatchRegionApSoutheast4 = "ap-southeast-4" + + // CloudWatchRegionIlCentral1 is a CloudWatchRegion enum value + CloudWatchRegionIlCentral1 = "il-central-1" + + // CloudWatchRegionCaWest1 is a CloudWatchRegion enum value + CloudWatchRegionCaWest1 = "ca-west-1" ) // CloudWatchRegion_Values returns all elements of the CloudWatchRegion enum @@ -20466,6 +20707,8 @@ func CloudWatchRegion_Values() []string { CloudWatchRegionUsIsoWest1, CloudWatchRegionUsIsobEast1, CloudWatchRegionApSoutheast4, + CloudWatchRegionIlCentral1, + CloudWatchRegionCaWest1, } } @@ -20589,6 +20832,18 @@ func HostedZoneLimitType_Values() []string { } } +const ( + // HostedZoneTypePrivateHostedZone is a HostedZoneType enum value + HostedZoneTypePrivateHostedZone = "PrivateHostedZone" +) + +// HostedZoneType_Values returns all elements of the HostedZoneType enum +func HostedZoneType_Values() []string { + return []string{ + HostedZoneTypePrivateHostedZone, + } +} + const ( // InsufficientDataHealthStatusHealthy is a InsufficientDataHealthStatus enum value InsufficientDataHealthStatusHealthy = "Healthy" @@ -20796,6 +21051,12 @@ const ( // ResourceRecordSetRegionApSoutheast4 is a ResourceRecordSetRegion enum value ResourceRecordSetRegionApSoutheast4 = "ap-southeast-4" + + // ResourceRecordSetRegionIlCentral1 is a ResourceRecordSetRegion enum value + ResourceRecordSetRegionIlCentral1 = "il-central-1" + + // ResourceRecordSetRegionCaWest1 is a ResourceRecordSetRegion enum value + ResourceRecordSetRegionCaWest1 = "ca-west-1" ) // ResourceRecordSetRegion_Values returns all elements of the ResourceRecordSetRegion enum @@ -20830,6 +21091,8 @@ func ResourceRecordSetRegion_Values() []string { ResourceRecordSetRegionEuSouth1, ResourceRecordSetRegionEuSouth2, ResourceRecordSetRegionApSoutheast4, + ResourceRecordSetRegionIlCentral1, + ResourceRecordSetRegionCaWest1, } } @@ -20988,6 +21251,12 @@ const ( // VPCRegionApSoutheast4 is a VPCRegion enum value VPCRegionApSoutheast4 = "ap-southeast-4" + + // VPCRegionIlCentral1 is a VPCRegion enum value + VPCRegionIlCentral1 = "il-central-1" + + // VPCRegionCaWest1 is a VPCRegion enum value + VPCRegionCaWest1 = "ca-west-1" ) // VPCRegion_Values returns all elements of the VPCRegion enum @@ -21026,5 +21295,7 @@ func VPCRegion_Values() []string { VPCRegionEuSouth1, VPCRegionEuSouth2, VPCRegionApSoutheast4, + VPCRegionIlCentral1, + VPCRegionCaWest1, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 6df89213b2e16..01ec8099e4776 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -67,19 +67,47 @@ func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req // AbortMultipartUpload API operation for Amazon Simple Storage Service. // -// This action aborts a multipart upload. After a multipart upload is aborted, +// This operation aborts a multipart upload. After a multipart upload is aborted, // no additional parts can be uploaded using that upload ID. The storage consumed // by any previously uploaded parts will be freed. However, if any part uploads // are currently in progress, those part uploads might or might not succeed. // As a result, it might be necessary to abort a given multipart upload multiple // times in order to completely free all storage consumed by all parts. // -// To verify that all parts have been removed, so you don't get charged for +// To verify that all parts have been removed and prevent getting charged for // the part storage, you should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) -// action and ensure that the parts list is empty. +// API operation and ensure that the parts list is empty. // -// For information about permissions required to use the multipart upload, see -// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to AbortMultipartUpload: // @@ -173,60 +201,93 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) // // You first initiate the multipart upload and then upload all parts using the // UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// operation or the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. After successfully uploading all relevant parts of an upload, -// you call this action to complete the upload. Upon receiving this request, -// Amazon S3 concatenates all the parts in ascending order by part number to -// create a new object. In the Complete Multipart Upload request, you must provide -// the parts list. You must ensure that the parts list is complete. This action -// concatenates the parts that you provide in the list. For each part in the -// list, you must provide the part number and the ETag value, returned after -// that part was uploaded. -// -// Processing of a Complete Multipart Upload request could take several minutes -// to complete. After Amazon S3 begins processing the request, it sends an HTTP +// you call this CompleteMultipartUpload operation to complete the upload. Upon +// receiving this request, Amazon S3 concatenates all the parts in ascending +// order by part number to create a new object. In the CompleteMultipartUpload +// request, you must provide the parts list and ensure that the parts list is +// complete. The CompleteMultipartUpload API operation concatenates the parts +// that you provide in the list. For each part in the list, you must provide +// the PartNumber value and the ETag value that are returned after that part +// was uploaded. +// +// The processing of a CompleteMultipartUpload request could take several minutes +// to finalize. After Amazon S3 begins processing the request, it sends an HTTP // response header that specifies a 200 OK response. While processing is in // progress, Amazon S3 periodically sends white space characters to keep the // connection from timing out. A request could fail after the initial 200 OK // response has been sent. This means that a 200 OK response can contain either -// a success or an error. If you call the S3 API directly, make sure to design -// your application to parse the contents of the response and handle it appropriately. +// a success or an error. The error response might be embedded in the 200 OK +// response. If you call this API operation directly, make sure to design your +// application to parse the contents of the response and handle it appropriately. // If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs // detect the embedded error and apply error handling per your configuration // settings (including automatically retrying the request as appropriate). If -// the condition persists, the SDKs throws an exception (or, for the SDKs that -// don't use exceptions, they return the error). +// the condition persists, the SDKs throw an exception (or, for the SDKs that +// don't use exceptions, they return an error). // // Note that if CompleteMultipartUpload fails, applications should be prepared // to retry the failed requests. For more information, see Amazon S3 Error Best // Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). // -// You cannot use Content-Type: application/x-www-form-urlencoded with Complete -// Multipart Upload requests. Also, if you do not provide a Content-Type header, -// CompleteMultipartUpload returns a 200 OK response. +// You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload +// requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload +// can still return a 200 OK response. // // For more information about multipart uploads, see Uploading Objects Using -// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. // -// For information about permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. // -// CompleteMultipartUpload has the following special errors: +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). // -// - Error code: EntityTooSmall Description: Your proposed upload is smaller +// Special errors +// +// - Error Code: EntityTooSmall Description: Your proposed upload is smaller // than the minimum allowed object size. Each part must be at least 5 MB -// in size, except the last part. 400 Bad Request +// in size, except the last part. HTTP Status Code: 400 Bad Request // -// - Error code: InvalidPart Description: One or more of the specified parts +// - Error Code: InvalidPart Description: One or more of the specified parts // could not be found. The part might not have been uploaded, or the specified -// entity tag might not have matched the part's entity tag. 400 Bad Request +// ETag might not have matched the uploaded part's ETag. HTTP Status Code: +// 400 Bad Request // -// - Error code: InvalidPartOrder Description: The list of parts was not +// - Error Code: InvalidPartOrder Description: The list of parts was not // in ascending order. The parts list must be specified in order by part -// number. 400 Bad Request +// number. HTTP Status Code: 400 Bad Request // -// - Error code: NoSuchUpload Description: The specified multipart upload +// - Error Code: NoSuchUpload Description: The specified multipart upload // does not exist. The upload ID might be invalid, or the multipart upload -// might have been aborted or completed. 404 Not Found +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CompleteMultipartUpload: // @@ -319,183 +380,108 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // upload Upload Part - Copy (UploadPartCopy) API. For more information, see // Copy Object Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html). // -// All copy requests must be authenticated. Additionally, you must have read -// access to the source object and write access to the destination bucket. For -// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). -// Both the Region that you want to copy the object from and the Region that -// you want to copy the object to must be enabled for your account. +// You can copy individual objects between general purpose buckets, between +// directory buckets, and between general purpose buckets and directory buckets. // -// A copy request might return an error when Amazon S3 receives the copy request -// or while Amazon S3 is copying the files. If the error occurs before the copy -// action starts, you receive a standard Amazon S3 error. If the error occurs -// during the copy operation, the error response is embedded in the 200 OK response. -// This means that a 200 OK response can contain either a success or an error. -// If you call the S3 API directly, make sure to design your application to -// parse the contents of the response and handle it appropriately. If you use -// Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the -// embedded error and apply error handling per your configuration settings (including -// automatically retrying the request as appropriate). If the condition persists, -// the SDKs throws an exception (or, for the SDKs that don't use exceptions, -// they return the error). -// -// If the copy is successful, you receive a response with information about -// the copied object. -// -// If the request is an HTTP 1.1 request, the response is chunk encoded. If -// it were not, it would not contain the content-length, and you would need -// to read the entire body. +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// The copy request charge is based on the storage class and Region that you -// specify for the destination object. For pricing information, see Amazon S3 -// pricing (http://aws.amazon.com/s3/pricing/). +// Both the Region that you want to copy the object from and the Region that +// you want to copy the object to must be enabled for your account. // // Amazon S3 transfer acceleration does not support cross-Region copies. If // you request a cross-Region copy using a transfer acceleration endpoint, you // get a 400 Bad Request error. For more information, see Transfer Acceleration // (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html). // -// # Metadata -// -// When copying an object, you can preserve all metadata (the default) or specify -// new metadata. However, the access control list (ACL) is not preserved and -// is set to private for the user making the request. To override the default -// ACL setting, specify a new ACL when generating a copy request. For more information, -// see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// -// To specify whether you want the object metadata copied from the source object -// or replaced with metadata provided in the request, you can optionally add -// the x-amz-metadata-directive header. When you grant permissions, you can -// use the s3:x-amz-metadata-directive condition key to enforce certain metadata -// behavior when objects are uploaded. For more information, see Specifying -// Conditions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) -// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition -// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). -// -// x-amz-website-redirect-location is unique to each object and must be specified -// in the request headers to copy the value. -// -// x-amz-copy-source-if Headers -// -// To only copy an object under certain conditions, such as whether the Etag -// matches or whether the object was modified before or after a specified date, -// use the following request parameters: -// -// - x-amz-copy-source-if-match -// -// - x-amz-copy-source-if-none-match -// -// - x-amz-copy-source-if-unmodified-since -// -// - x-amz-copy-source-if-modified-since +// # Authentication and authorization // -// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// 200 OK and copies the data: -// -// - x-amz-copy-source-if-match condition evaluates to true -// -// - x-amz-copy-source-if-unmodified-since condition evaluates to false -// -// If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// the 412 Precondition Failed response code: -// -// - x-amz-copy-source-if-none-match condition evaluates to false -// -// - x-amz-copy-source-if-modified-since condition evaluates to true -// -// All headers with the x-amz- prefix, including x-amz-copy-source, must be -// signed. -// -// # Server-side encryption -// -// Amazon S3 automatically encrypts all new objects that are copied to an S3 -// bucket. When copying an object, if you don't specify encryption information -// in your copy request, the encryption setting of the target object is set -// to the default encryption configuration of the destination bucket. By default, -// all buckets have a base level of encryption configuration that uses server-side -// encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket -// has a default encryption configuration that uses server-side encryption with -// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption -// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with -// customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding -// KMS key, or a customer-provided key to encrypt the target object copy. -// -// When you perform a CopyObject operation, if you want to use a different type -// of encryption setting for the target object, you can use other appropriate -// encryption-related headers to encrypt the target object with a KMS key, an -// Amazon S3 managed key, or a customer-provided key. With server-side encryption, -// Amazon S3 encrypts your data as it writes your data to disks in its data -// centers and decrypts the data when you access it. If the encryption setting -// in your request is different from the default encryption configuration of -// the destination bucket, the encryption setting in your request takes precedence. -// If the source object for the copy is stored in Amazon S3 using SSE-C, you -// must provide the necessary encryption information in your request so that -// Amazon S3 can decrypt the object for copying. For more information about -// server-side encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). -// -// If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the -// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. -// -// # Access Control List (ACL)-Specific Request Headers -// -// When copying an object, you can optionally use headers to grant ACL-based -// permissions. By default, all objects are private. Only the owner has full -// access control. When adding a new object, you can grant permissions to individual -// Amazon Web Services accounts or to predefined groups that are defined by -// Amazon S3. These permissions are then added to the ACL on the object. For -// more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). -// -// If the bucket that you're copying objects to uses the bucket owner enforced -// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. -// Buckets that use this setting only accept PUT requests that don't specify -// an ACL or PUT requests that specify bucket owner full control ACLs, such -// as the bucket-owner-full-control canned ACL or an equivalent form of this -// ACL expressed in the XML format. -// -// For more information, see Controlling ownership of objects and disabling -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. -// -// If your bucket uses the bucket owner enforced setting for Object Ownership, -// all objects written to the bucket by any account will be owned by the bucket -// owner. +// All CopyObject requests must be authenticated and signed by using IAM credentials +// (access key ID and secret access key for the IAM identities). All headers +// with the x-amz- prefix, including x-amz-copy-source, must be signed. For +// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). // -// # Checksums +// Directory buckets - You must use the IAM credentials to authenticate and +// authorize your access to the CopyObject API operation, instead of using the +// temporary security credentials through the CreateSession API operation. // -// When copying an object, if it has a checksum, that checksum will be copied -// to the new object by default. When you copy the object over, you can optionally -// specify a different checksum algorithm to use with the x-amz-checksum-algorithm -// header. +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. // -// # Storage Class Options +// # Permissions // -// You can use the CopyObject action to change the storage class of an object -// that is already stored in Amazon S3 by using the StorageClass parameter. -// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 User Guide. +// You must have read access to the source object and write access to the destination +// bucket. // -// If the source object's storage class is GLACIER, you must restore a copy -// of this object before you can use it as a source object for the copy operation. -// For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). -// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html). +// - General purpose bucket permissions - You must have permissions in an +// IAM policy based on the source and destination bucket types in a CopyObject +// operation. If the source object is in a general purpose bucket, you must +// have s3:GetObject permission to read the source object that is being copied. +// If the destination bucket is a general purpose bucket, you must have s3:PubObject +// permission to write the object copy to the destination bucket. +// +// - Directory bucket permissions - You must have permissions in a bucket +// policy or an IAM identity-based policy based on the source and destination +// bucket types in a CopyObject operation. If the source object that you +// want to copy is in a directory bucket, you must have the s3express:CreateSession +// permission in the Action element of a policy to read the object. By default, +// the session is in the ReadWrite mode. If you want to restrict the access, +// you can explicitly set the s3express:SessionMode condition key to ReadOnly +// on the copy source bucket. If the copy destination is a directory bucket, +// you must have the s3express:CreateSession permission in the Action element +// of a policy to write the object to the destination. The s3express:SessionMode +// condition key can't be set to ReadOnly on the copy destination bucket. +// For example policies, see Example bucket policies for S3 Express One Zone +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. // -// # Versioning +// # Response and special errors +// +// When the request is an HTTP 1.1 request, the response is chunk encoded. When +// the request is not an HTTP 1.1 request, the response would not contain the +// Content-Length. You always need to read the entire response body to check +// if the copy succeeds. to keep the connection alive while we copy the data. +// +// - If the copy is successful, you receive a response with information about +// the copied object. +// +// - A copy request might return an error when Amazon S3 receives the copy +// request or while Amazon S3 is copying the files. A 200 OK response can +// contain either a success or an error. If the error occurs before the copy +// action starts, you receive a standard Amazon S3 error. If the error occurs +// during the copy operation, the error response is embedded in the 200 OK +// response. For example, in a cross-region copy, you may encounter throttling +// and receive a 200 OK response. For more information, see Resolve the Error +// 200 response when copying objects to Amazon S3 (repost.aws/knowledge-center/s3-resolve-200-internalerror). +// The 200 OK status code means the copy was accepted, but it doesn't mean +// the copy is complete. Another example is when you disconnect from Amazon +// S3 before the copy is complete, Amazon S3 might cancel the copy and you +// may receive a 200 OK response. You must stay connected to Amazon S3 until +// the entire response is successfully received and processed. If you call +// this API operation directly, make sure to design your application to parse +// the content of the response and handle it appropriately. If you use Amazon +// Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded +// error and apply error handling per your configuration settings (including +// automatically retrying the request as appropriate). If the condition persists, +// the SDKs throw an exception (or, for the SDKs that don't use exceptions, +// they return an error). +// +// # Charge // -// By default, x-amz-copy-source header identifies the current version of an -// object to copy. If the current version is a delete marker, Amazon S3 behaves -// as if the object was deleted. To copy a different version, use the versionId -// subresource. +// The copy request charge is based on the storage class and Region that you +// specify for the destination object. The request can also result in a data +// retrieval charge for the source if the source storage class bills for data +// retrieval. For pricing information, see Amazon S3 pricing (http://aws.amazon.com/s3/pricing/). // -// If you enable versioning on the target bucket, Amazon S3 generates a unique -// version ID for the object being copied. This version ID is different from -// the version ID of the source object. Amazon S3 returns the version ID of -// the copied object in the x-amz-version-id response header in the response. +// # HTTP Host header syntax // -// If you do not enable versioning or suspend it on the target bucket, the version -// ID that Amazon S3 generates is always null. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CopyObject: // @@ -580,77 +566,89 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // CreateBucket API operation for Amazon Simple Storage Service. // -// Creates a new S3 bucket. To create a bucket, you must register with Amazon -// S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. +// This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts +// bucket, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). +// +// Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and +// have a valid Amazon Web Services Access Key ID to authenticate requests. // Anonymous requests are never allowed to create buckets. By creating the bucket, // you become the bucket owner. // -// Not every string is an acceptable bucket name. For information about bucket -// naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html). -// -// If you want to create an Amazon S3 on Outposts bucket, see Create Bucket -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). -// -// By default, the bucket is created in the US East (N. Virginia) Region. You -// can optionally specify a Region in the request body. You might choose a Region -// to optimize latency, minimize costs, or address regulatory requirements. -// For example, if you reside in Europe, you will probably find it advantageous -// to create buckets in the Europe (Ireland) Region. For more information, see -// Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro). -// -// If you send your create bucket request to the s3.amazonaws.com endpoint, -// the request goes to the us-east-1 Region. Accordingly, the signature calculations -// in Signature Version 4 must use us-east-1 as the Region, even if the location -// constraint in the request specifies another Region where the bucket is to -// be created. If you create a bucket in a Region other than US East (N. Virginia), -// your application must be able to handle 307 redirect. For more information, -// see Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html). +// There are two types of buckets: general purpose buckets and directory buckets. +// For more information about these bucket types, see Creating, configuring, +// and working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) +// in the Amazon S3 User Guide. // -// # Permissions +// - General purpose buckets - If you send your CreateBucket request to the +// s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. +// So the signature calculations in Signature Version 4 must use us-east-1 +// as the Region, even if the location constraint in the request specifies +// another Region where the bucket is to be created. If you create a bucket +// in a Region other than US East (N. Virginia), your application must be +// able to handle 307 redirect. For more information, see Virtual hosting +// of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html) +// in the Amazon S3 User Guide. // -// In addition to s3:CreateBucket, the following permissions are required when -// your CreateBucket request includes specific headers: -// -// - Access control lists (ACLs) - If your CreateBucket request specifies -// access control list (ACL) permissions and the ACL is public-read, public-read-write, -// authenticated-read, or if you specify access permissions explicitly through -// any other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are -// needed. If the ACL for the CreateBucket request is private or if the request -// doesn't specify any ACLs, only s3:CreateBucket permission is needed. -// -// - Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket -// request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning -// permissions are required. -// -// - S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership -// header, then the s3:PutBucketOwnershipControls permission is required. -// By default, ObjectOwnership is set to BucketOWnerEnforced and ACLs are -// disabled. We recommend keeping ACLs disabled, except in uncommon use cases -// where you must control access for each object individually. If you want -// to change the ObjectOwnership setting, you can use the x-amz-object-ownership -// header in your CreateBucket request to set the ObjectOwnership setting -// of your choice. For more information about S3 Object Ownership, see Controlling -// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, +// see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// - S3 Block Public Access - If your specific use case requires granting -// public access to your S3 resources, you can disable Block Public Access. -// You can create a new bucket with Block Public Access enabled, then separately -// call the DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// Permissions +// +// - General purpose bucket permissions - In addition to the s3:CreateBucket +// permission, the following permissions are required in a policy when your +// CreateBucket request includes specific headers: Access control lists (ACLs) +// +// - In your CreateBucket request, if you specify an access control list +// (ACL) and set it to public-read, public-read-write, authenticated-read, +// or if you explicitly specify any other custom ACLs, both s3:CreateBucket +// and s3:PutBucketAcl permissions are required. In your CreateBucket request, +// if you set the ACL to private, or if you don't specify any ACLs, only +// the s3:CreateBucket permission is required. Object Lock - In your CreateBucket +// request, if you set x-amz-bucket-object-lock-enabled to true, the s3:PutBucketObjectLockConfiguration +// and s3:PutBucketVersioning permissions are required. S3 Object Ownership +// +// - If your CreateBucket request includes the x-amz-object-ownership header, +// then the s3:PutBucketOwnershipControls permission is required. If your +// CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object Ownership +// and specifies a bucket ACL that provides access to an external Amazon +// Web Services account, your request fails with a 400 error and returns +// the InvalidBucketAcLWithObjectOwnership error code. For more information, +// see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html) +// in the Amazon S3 User Guide. S3 Block Public Access - If your specific +// use case requires granting public access to your S3 resources, you can +// disable Block Public Access. Specifically, you can create a new bucket +// with Block Public Access enabled, then separately call the DeletePublicAccessBlock +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) // API. To use this operation, you must have the s3:PutBucketPublicAccessBlock -// permission. By default, all Block Public Access settings are enabled for -// new buckets. To avoid inadvertent exposure of your resources, we recommend -// keeping the S3 Block Public Access settings enabled. For more information -// about S3 Block Public Access, see Blocking public access to your Amazon -// S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// permission. For more information about S3 Block Public Access, see Blocking +// public access to your Amazon S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) // in the Amazon S3 User Guide. // -// If your CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object -// Ownership and specifies a bucket ACL that provides access to an external -// Amazon Web Services account, your request fails with a 400 error and returns -// the InvalidBucketAcLWithObjectOwnership error code. For more information, -// see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html) -// in the Amazon S3 User Guide. +// - Directory bucket permissions - You must have the s3express:CreateBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation +// can only be performed by the Amazon Web Services account that owns the +// resource. For more information about directory bucket policies and permissions, +// see Amazon Web Services Identity and Access Management (IAM) for S3 Express +// One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. The permissions for ACLs, Object Lock, S3 +// Object Ownership, and S3 Block Public Access are not supported for directory +// buckets. For directory buckets, all Block Public Access settings are enabled +// at the bucket level and S3 Object Ownership is set to Bucket owner enforced +// (ACLs disabled). These settings can't be modified. For more information +// about permissions for creating and working with directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. For more information about supported S3 features +// for directory buckets, see Features of S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-one-zone.html#s3-express-features) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to CreateBucket: // @@ -748,164 +746,139 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // You specify this upload ID in each of your subsequent upload part requests // (see UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)). // You also include this upload ID in the final request to either complete or -// abort the multipart upload request. +// abort the multipart upload request. For more information about multipart +// uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) +// in the Amazon S3 User Guide. // -// For more information about multipart uploads, see Multipart Upload Overview -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html). +// After you initiate a multipart upload and upload one or more parts, to stop +// being charged for storing the uploaded parts, you must either complete or +// abort the multipart upload. Amazon S3 frees up the space used to store the +// parts and stops charging you for storing them only after you either complete +// or abort a multipart upload. // // If you have configured a lifecycle rule to abort incomplete multipart uploads, -// the upload must complete within the number of days specified in the bucket -// lifecycle configuration. Otherwise, the incomplete multipart upload becomes -// eligible for an abort action and Amazon S3 aborts the multipart upload. For -// more information, see Aborting Incomplete Multipart Uploads Using a Bucket -// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). +// the created multipart upload must be completed within the number of days +// specified in the bucket lifecycle configuration. Otherwise, the incomplete +// multipart upload becomes eligible for an abort action and Amazon S3 aborts +// the multipart upload. For more information, see Aborting Incomplete Multipart +// Uploads Using a Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). +// +// - Directory buckets - S3 Lifecycle is not supported by directory buckets. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// For information about the permissions required to use the multipart upload -// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// # Request signing // // For request signing, multipart upload is just a series of regular requests. // You initiate a multipart upload, send one or more requests to upload parts, // and then complete the multipart upload process. You sign each request individually. // There is nothing special about signing multipart upload requests. For more // information about signing, see Authenticating Requests (Amazon Web Services -// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). -// -// After you initiate a multipart upload and upload one or more parts, to stop -// being charged for storing the uploaded parts, you must either complete or -// abort the multipart upload. Amazon S3 frees up the space used to store the -// parts and stop charging you for storing them only after you either complete -// or abort a multipart upload. -// -// Server-side encryption is for data encryption at rest. Amazon S3 encrypts -// your data as it writes it to disks in its data centers and decrypts it when -// you access it. Amazon S3 automatically encrypts all new objects that are -// uploaded to an S3 bucket. When doing a multipart upload, if you don't specify -// encryption information in your request, the encryption setting of the uploaded -// parts is set to the default encryption configuration of the destination bucket. -// By default, all buckets have a base level of encryption configuration that -// uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the -// destination bucket has a default encryption configuration that uses server-side -// encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided -// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided -// key to encrypt the uploaded parts. When you perform a CreateMultipartUpload -// operation, if you want to use a different type of encryption setting for -// the uploaded parts, you can request that Amazon S3 encrypts the object with -// a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption -// setting in your request is different from the default encryption configuration -// of the destination bucket, the encryption setting in your request takes precedence. -// If you choose to provide your own encryption key, the request headers you -// provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) -// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) -// requests must match the headers you used in the request to initiate the upload -// by using CreateMultipartUpload. You can request that Amazon S3 save the uploaded -// parts encrypted with server-side encryption with an Amazon S3 managed key -// (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided -// encryption key (SSE-C). -// -// To perform a multipart upload with encryption by using an Amazon Web Services -// KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* -// actions on the key. These permissions are required because Amazon S3 must -// decrypt and read data from the encrypted file parts before it completes the -// multipart upload. For more information, see Multipart upload API and permissions -// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) -// and Protecting data using server-side encryption with Amazon Web Services -// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) // in the Amazon S3 User Guide. // -// If your Identity and Access Management (IAM) user or role is in the same -// Amazon Web Services account as the KMS key, then you must have these permissions -// on the key policy. If your IAM user or role belongs to a different account -// than the key, then you must have the permissions on both the key policy and -// your IAM user or role. -// -// For more information, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). -// -// # Access Permissions -// -// When copying an object, you can optionally specify the accounts or groups -// that should be granted specific permissions on the new object. There are -// two ways to grant the permissions using the request headers: -// -// - Specify a canned ACL with the x-amz-acl request header. For more information, -// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, -// x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters -// map to the set of permissions that Amazon S3 supports in an ACL. For more -// information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// -// You can use either a canned ACL or specify access permissions explicitly. -// You cannot do both. -// -// # Server-Side- Encryption-Specific Request Headers -// -// Amazon S3 encrypts data by using server-side encryption with an Amazon S3 -// managed key (SSE-S3) by default. Server-side encryption is for data encryption -// at rest. Amazon S3 encrypts your data as it writes it to disks in its data -// centers and decrypts it when you access it. You can request that Amazon S3 -// encrypts data at rest by using server-side encryption with other key options. -// The option you use depends on whether you want to use KMS keys (SSE-KMS) -// or provide your own encryption keys (SSE-C). +// Permissions +// +// - General purpose bucket permissions - For information about the permissions +// required to use the multipart upload API, see Multipart upload and permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. To perform a multipart upload with encryption +// by using an Amazon Web Services KMS key, the requester must have permission +// to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These +// permissions are required because Amazon S3 must decrypt and read data +// from the encrypted file parts before it completes the multipart upload. +// For more information, see Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. // -// - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Encryption +// +// - General purpose buckets - Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its +// data centers and decrypts it when you access it. Amazon S3 automatically +// encrypts all new objects that are uploaded to an S3 bucket. When doing +// a multipart upload, if you don't specify encryption information in your +// request, the encryption setting of the uploaded parts is set to the default +// encryption configuration of the destination bucket. By default, all buckets +// have a base level of encryption configuration that uses server-side encryption +// with Amazon S3 managed keys (SSE-S3). If the destination bucket has a +// default encryption configuration that uses server-side encryption with +// an Key Management Service (KMS) key (SSE-KMS), or a customer-provided +// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a +// customer-provided key to encrypt the uploaded parts. When you perform +// a CreateMultipartUpload operation, if you want to use a different type +// of encryption setting for the uploaded parts, you can request that Amazon +// S3 encrypts the object with a different encryption key (such as an Amazon +// S3 managed key, a KMS key, or a customer-provided key). When the encryption +// setting in your request is different from the default encryption configuration +// of the destination bucket, the encryption setting in your request takes +// precedence. If you choose to provide your own encryption key, the request +// headers you provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// requests must match the headers you used in the CreateMultipartUpload +// request. Use KMS keys (SSE-KMS) that include the Amazon Web Services managed // key (aws/s3) and KMS customer managed keys stored in Key Management Service // (KMS) – If you want Amazon Web Services to manage the keys used to encrypt // data, specify the following headers in the request. x-amz-server-side-encryption // x-amz-server-side-encryption-aws-kms-key-id x-amz-server-side-encryption-context // If you specify x-amz-server-side-encryption:aws:kms, but don't provide // x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon -// Web Services managed key (aws/s3 key) in KMS to protect the data. All -// GET and PUT requests for an object protected by KMS fail if you don't -// make them by using Secure Sockets Layer (SSL), Transport Layer Security -// (TLS), or Signature Version 4. For more information about server-side -// encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side -// Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html). -// -// - Use customer-provided encryption keys (SSE-C) – If you want to manage -// your own encryption keys, provide all the following headers in the request. -// x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key -// x-amz-server-side-encryption-customer-key-MD5 For more information about -// server-side encryption with customer-provided encryption keys (SSE-C), -// see Protecting data using server-side encryption with customer-provided -// encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html). -// -// # Access-Control-List (ACL)-Specific Request Headers -// -// You also can use the following access control–related headers with this -// operation. By default, all objects are private. Only the owner has full access -// control. When adding a new object, you can grant permissions to individual -// Amazon Web Services accounts or to predefined groups defined by Amazon S3. -// These permissions are then added to the access control list (ACL) on the -// object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// With this operation, you can grant access permissions using one of the following -// two methods: -// -// - Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined -// ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees -// and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// - Specify access permissions explicitly — To explicitly grant access -// permissions to specific Amazon Web Services accounts or groups, use the -// following headers. Each header maps to specific permissions that Amazon -// S3 supports in an ACL. For more information, see Access Control List (ACL) -// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// In the header, you specify a list of grantees who get the specific permission. -// To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write -// x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You -// specify each grantee as a type=value pair, where the type is one of the -// following: id – if the value specified is the canonical user ID of an -// Amazon Web Services account uri – if you are granting permissions to -// a predefined group emailAddress – if the value specified is the email -// address of an Amazon Web Services account Using email addresses to specify -// a grantee is only supported in the following Amazon Web Services Regions: -// US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific -// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) -// South America (São Paulo) For a list of all the Amazon S3 supported Regions -// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) -// in the Amazon Web Services General Reference. For example, the following -// x-amz-grant-read header grants the Amazon Web Services accounts identified -// by account IDs permissions to read object data and its metadata: x-amz-grant-read: -// id="11112222333", id="444455556666" +// Web Services managed key (aws/s3 key) in KMS to protect the data. To perform +// a multipart upload with encryption by using an Amazon Web Services KMS +// key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* +// actions on the key. These permissions are required because Amazon S3 must +// decrypt and read data from the encrypted file parts before it completes +// the multipart upload. For more information, see Multipart upload API and +// permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. If your Identity and Access Management (IAM) +// user or role is in the same Amazon Web Services account as the KMS key, +// then you must have these permissions on the key policy. If your IAM user +// or role is in a different account from the key, then you must have the +// permissions on both the key policy and your IAM user or role. All GET +// and PUT requests for an object protected by KMS fail if you don't make +// them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), +// or Signature Version 4. For information about configuring any of the officially +// supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying +// the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) +// in the Amazon S3 User Guide. For more information about server-side encryption +// with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption +// with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. Use customer-provided encryption keys (SSE-C) +// – If you want to manage your own encryption keys, provide all the following +// headers in the request. x-amz-server-side-encryption-customer-algorithm +// x-amz-server-side-encryption-customer-key x-amz-server-side-encryption-customer-key-MD5 +// For more information about server-side encryption with customer-provided +// encryption keys (SSE-C), see Protecting data using server-side encryption +// with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. +// +// - Directory buckets -For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CreateMultipartUpload: // @@ -947,6 +920,152 @@ func (c *S3) CreateMultipartUploadWithContext(ctx aws.Context, input *CreateMult return out, req.Send() } +const opCreateSession = "CreateSession" + +// CreateSessionRequest generates a "aws/request.Request" representing the +// client's request for the CreateSession operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSession for more information on using the CreateSession +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateSessionRequest method. +// req, resp := client.CreateSessionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSession +func (c *S3) CreateSessionRequest(input *CreateSessionInput) (req *request.Request, output *CreateSessionOutput) { + op := &request.Operation{ + Name: opCreateSession, + HTTPMethod: "GET", + HTTPPath: "/{Bucket}?session", + } + + if input == nil { + input = &CreateSessionInput{} + } + + output = &CreateSessionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSession API operation for Amazon Simple Storage Service. +// +// Creates a session that establishes temporary security credentials to support +// fast authentication and authorization for the Zonal endpoint APIs on directory +// buckets. For more information about Zonal endpoint APIs that include the +// Availability Zone in the request endpoint, see S3 Express One Zone APIs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html) +// in the Amazon S3 User Guide. +// +// To make Zonal endpoint API requests on a directory bucket, use the CreateSession +// API operation. Specifically, you grant s3express:CreateSession permission +// to a bucket in a bucket policy or an IAM identity-based policy. Then, you +// use IAM credentials to make the CreateSession API request on the bucket, +// which returns temporary security credentials that include the access key +// ID, secret access key, session token, and expiration. These credentials have +// associated permissions to access the Zonal endpoint APIs. After the session +// is created, you don’t need to use other policies to grant permissions to +// each Zonal endpoint API individually. Instead, in your Zonal endpoint API +// requests, you sign your requests by applying the temporary security credentials +// of the session to the request headers and following the SigV4 protocol for +// authentication. You also apply the session token to the x-amz-s3session-token +// request header for authorization. Temporary security credentials are scoped +// to the bucket and expire after 5 minutes. After the expiration time, any +// calls that you make with those credentials will fail. You must use IAM credentials +// again to make a CreateSession API request that generates a new set of temporary +// credentials for use. Temporary credentials cannot be extended or refreshed +// beyond the original specified interval. +// +// If you use Amazon Web Services SDKs, SDKs handle the session token refreshes +// automatically to avoid service interruptions when a session expires. We recommend +// that you use the Amazon Web Services SDKs to initiate and manage requests +// to the CreateSession API. For more information, see Performance guidelines +// and design patterns (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication) +// in the Amazon S3 User Guide. +// +// - You must make requests for this API operation to the Zonal endpoint. +// These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com. +// Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// - CopyObject API operation - Unlike other Zonal endpoint APIs, the CopyObject +// API operation doesn't use the temporary security credentials returned +// from the CreateSession API operation for authentication and authorization. +// For information about authentication and authorization of the CopyObject +// API operation on directory buckets, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). +// +// - HeadBucket API operation - Unlike other Zonal endpoint APIs, the HeadBucket +// API operation doesn't use the temporary security credentials returned +// from the CreateSession API operation for authentication and authorization. +// For information about authentication and authorization of the HeadBucket +// API operation on directory buckets, see HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html). +// +// # Permissions +// +// To obtain temporary security credentials, you must create a bucket policy +// or an IAM identity-based policy that grants s3express:CreateSession permission +// to the bucket. In a policy, you can have the s3express:SessionMode condition +// key to control who can create a ReadWrite or ReadOnly session. For more information +// about ReadWrite or ReadOnly sessions, see x-amz-create-session-mode (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters). +// For example policies, see Example bucket policies for S3 Express One Zone +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// To grant cross-account access to Zonal endpoint APIs, the bucket policy should +// also grant both accounts the s3express:CreateSession permission. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation CreateSession for usage and error information. +// +// Returned Error Codes: +// - ErrCodeNoSuchBucket "NoSuchBucket" +// The specified bucket does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSession +func (c *S3) CreateSession(input *CreateSessionInput) (*CreateSessionOutput, error) { + req, out := c.CreateSessionRequest(input) + return out, req.Send() +} + +// CreateSessionWithContext is the same as CreateSession with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSession for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) CreateSessionWithContext(ctx aws.Context, input *CreateSessionInput, opts ...request.Option) (*CreateSessionOutput, error) { + req, out := c.CreateSessionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteBucket = "DeleteBucket" // DeleteBucketRequest generates a "aws/request.Request" representing the @@ -994,6 +1113,35 @@ func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request // Deletes the S3 bucket. All objects (including all object versions and delete // markers) in the bucket must be deleted before the bucket itself can be deleted. // +// - Directory buckets - If multipart uploads in a directory bucket are in +// progress, you can't delete the bucket until all the in-progress multipart +// uploads are aborted or completed. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, +// see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - You must have the s3:DeleteBucket +// permission on the specified bucket in a policy. +// +// - Directory bucket permissions - You must have the s3express:DeleteBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation +// can only be performed by the Amazon Web Services account that owns the +// resource. For more information about directory bucket policies and permissions, +// see Amazon Web Services Identity and Access Management (IAM) for S3 Express +// One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// // The following operations are related to DeleteBucket: // // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) @@ -1072,6 +1220,8 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt // DeleteBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes an analytics configuration for the bucket (specified by the analytics // configuration ID). // @@ -1164,6 +1314,8 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request // DeleteBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the cors configuration information set for the bucket. // // To use this operation, you must have permission to perform the s3:PutBucketCORS @@ -1251,6 +1403,8 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) ( // DeleteBucketEncryption API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the DELETE action resets the default encryption for // the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). // For information about the bucket default encryption feature, see Amazon S3 @@ -1342,6 +1496,8 @@ func (c *S3) DeleteBucketIntelligentTieringConfigurationRequest(input *DeleteBuc // DeleteBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -1441,6 +1597,8 @@ func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInvent // DeleteBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes an inventory configuration (identified by the inventory ID) from // the bucket. // @@ -1533,6 +1691,8 @@ func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (re // DeleteBucketLifecycle API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the lifecycle configuration from the specified bucket. Amazon S3 // removes all the lifecycle configuration rules in the lifecycle subresource // associated with the bucket. Your objects never expire, and Amazon S3 no longer @@ -1627,6 +1787,8 @@ func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsC // DeleteBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes a metrics configuration for the Amazon CloudWatch request metrics // (specified by the metrics configuration ID) from the bucket. Note that this // doesn't include the daily storage metrics. @@ -1722,6 +1884,8 @@ func (c *S3) DeleteBucketOwnershipControlsRequest(input *DeleteBucketOwnershipCo // DeleteBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes OwnershipControls for an Amazon S3 bucket. To use this operation, // you must have the s3:PutBucketOwnershipControls permission. For more information // about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). @@ -1807,11 +1971,21 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req // DeleteBucketPolicy API operation for Amazon Simple Storage Service. // -// This implementation of the DELETE action uses the policy subresource to delete -// the policy of a specified bucket. If you are using an identity other than -// the root user of the Amazon Web Services account that owns the bucket, the -// calling identity must have the DeleteBucketPolicy permissions on the specified -// bucket and belong to the bucket owner's account to use this operation. +// Deletes the policy of a specified bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the DeleteBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 // Access Denied error. If you have the correct permissions, but you're not @@ -1826,8 +2000,23 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req // these API actions by VPC endpoint policies and Amazon Web Services Organizations // policies. // -// For more information about bucket policies, see Using Bucket Policies and -// UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// - General purpose bucket permissions - The s3:DeleteBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:DeleteBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to DeleteBucketPolicy // @@ -1907,6 +2096,8 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) // DeleteBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the replication configuration from the bucket. // // To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration @@ -1999,6 +2190,8 @@ func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *r // DeleteBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the tags from the bucket. // // To use this operation, you must have permission to perform the s3:PutBucketTagging @@ -2083,6 +2276,8 @@ func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *r // DeleteBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action removes the website configuration for a bucket. Amazon S3 returns // a 200 OK response upon successfully deleting a website configuration on the // specified bucket. You will get a 200 OK response if the website configuration @@ -2175,31 +2370,79 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request // DeleteObject API operation for Amazon Simple Storage Service. // -// Removes the null version (if there is one) of an object and inserts a delete -// marker, which becomes the latest version of the object. If there isn't a -// null version, Amazon S3 does not remove any objects but will still respond -// that the command was successful. +// Removes an object from a bucket. The behavior depends on the bucket's versioning +// state: +// +// - If versioning is enabled, the operation removes the null version (if +// there is one) of an object and inserts a delete marker, which becomes +// the latest version of the object. If there isn't a null version, Amazon +// S3 does not remove any objects but will still respond that the command +// was successful. // -// To remove a specific version, you must use the version Id subresource. Using -// this subresource permanently deletes the version. If the object deleted is -// a delete marker, Amazon S3 sets the response header, x-amz-delete-marker, +// - If versioning is suspended or not enabled, the operation permanently +// deletes the object. +// +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID +// is supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// To remove a specific version, you must use the versionId query parameter. +// Using this query parameter permanently deletes the version. If the object +// deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker // to true. // // If the object you want to delete is in a bucket where the bucket versioning // configuration is MFA Delete enabled, you must include the x-amz-mfa request // header in the DELETE versionId request. Requests that include x-amz-mfa must -// use HTTPS. +// use HTTPS. For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html) +// in the Amazon S3 User Guide. To see sample requests that use versioning, +// see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). // -// For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html). -// To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). +// Directory buckets - MFA delete is not supported by directory buckets. // -// You can delete objects by explicitly calling DELETE Object or configure its -// lifecycle (PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) +// You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) // to enable Amazon S3 to remove them for you. If you want to block users or // accounts from removing or deleting objects from your bucket, you must deny // them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration // actions. // +// Directory buckets - S3 Lifecycle is not supported by directory buckets. +// +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// s3:DeleteObject - To delete an object from a bucket, you must always have +// the s3:DeleteObject permission. s3:DeleteObjectVersion - To delete a specific +// version of an object from a versiong-enabled bucket, you must have the +// s3:DeleteObjectVersion permission. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// // The following action is related to DeleteObject: // // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) @@ -2275,6 +2518,8 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // DeleteObjectTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes the entire tag set from the specified object. For more information // about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). // @@ -2366,36 +2611,82 @@ func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Reque // DeleteObjects API operation for Amazon Simple Storage Service. // -// This action enables you to delete multiple objects from a bucket using a -// single HTTP request. If you know the object keys that you want to delete, -// then this action provides a suitable alternative to sending individual delete -// requests, reducing per-request overhead. +// This operation enables you to delete multiple objects from a bucket using +// a single HTTP request. If you know the object keys that you want to delete, +// then this operation provides a suitable alternative to sending individual +// delete requests, reducing per-request overhead. // -// The request contains a list of up to 1000 keys that you want to delete. In -// the XML, you provide the object key names, and optionally, version IDs if -// you want to delete a specific version of the object from a versioning-enabled -// bucket. For each key, Amazon S3 performs a delete action and returns the -// result of that delete, success, or failure, in the response. Note that if +// The request can contain a list of up to 1000 keys that you want to delete. +// In the XML, you provide the object key names, and optionally, version IDs +// if you want to delete a specific version of the object from a versioning-enabled +// bucket. For each key, Amazon S3 performs a delete operation and returns the +// result of that delete, success or failure, in the response. Note that if // the object specified in the request is not found, Amazon S3 returns the result // as deleted. // -// The action supports two modes for the response: verbose and quiet. By default, -// the action uses verbose mode in which the response includes the result of -// deletion of each key in your request. In quiet mode the response includes -// only keys where the delete action encountered an error. For a successful -// deletion, the action does not return any information about the delete in -// the response body. +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// The operation supports two modes for the response: verbose and quiet. By +// default, the operation uses verbose mode in which the response includes the +// result of deletion of each key in your request. In quiet mode the response +// includes only keys where the delete operation encountered an error. For a +// successful deletion in a quiet mode, the operation does not return any information +// about the delete in the response body. // // When performing this action on an MFA Delete enabled bucket, that attempts // to delete any versioned objects, you must include an MFA token. If you do // not provide one, the entire request will fail, even if there are non-versioned // objects you are trying to delete. If you provide an invalid token, whether // there are versioned keys in the request or not, the entire Multi-Object Delete -// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete). +// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) +// in the Amazon S3 User Guide. +// +// Directory buckets - MFA delete is not supported by directory buckets. // -// Finally, the Content-MD5 header is required for all Multi-Object Delete requests. -// Amazon S3 uses the header value to ensure that your request body has not -// been altered in transit. +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// s3:DeleteObject - To delete an object from a bucket, you must always specify +// the s3:DeleteObject permission. s3:DeleteObjectVersion - To delete a specific +// version of an object from a versiong-enabled bucket, you must specify +// the s3:DeleteObjectVersion permission. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Content-MD5 request header +// +// - General purpose bucket - The Content-MD5 request header is required +// for all Multi-Object Delete requests. Amazon S3 uses the header value +// to ensure that your request body has not been altered in transit. +// +// - Directory bucket - The Content-MD5 request header or a additional checksum +// request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, +// x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object +// Delete requests. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to DeleteObjects: // @@ -2481,6 +2772,8 @@ func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) // DeletePublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use // this operation, you must have the s3:PutBucketPublicAccessBlock permission. // For more information about permissions, see Permissions Related to Bucket @@ -2568,6 +2861,8 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC // GetBucketAccelerateConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action uses the accelerate subresource to // return the Transfer Acceleration state of a bucket, which is either Enabled // or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that @@ -2667,16 +2962,18 @@ func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request // GetBucketAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action uses the acl subresource to return // the access control list (ACL) of a bucket. To use GET to return the ACL of -// the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission -// is granted to the anonymous user, you can return the ACL of the bucket without -// using an authorization header. +// the bucket, you must have the READ_ACP access to the bucket. If READ_ACP +// permission is granted to the anonymous user, you can return the ACL of the +// bucket without using an authorization header. // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// To use this API operation against an Object Lambda access point, provide +// When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -2763,6 +3060,8 @@ func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsCon // GetBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action returns an analytics configuration // (identified by the analytics configuration ID) from the bucket. // @@ -2856,6 +3155,8 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // GetBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the Cross-Origin Resource Sharing (CORS) configuration information // set for the bucket. // @@ -2863,10 +3164,10 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // action. By default, the bucket owner has this permission and can grant it // to others. // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// To use this API operation against an Object Lambda access point, provide +// When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -2952,6 +3253,8 @@ func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *r // GetBucketEncryption API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the default encryption configuration for an Amazon S3 bucket. By // default, all buckets have a default encryption configuration that uses server-side // encryption with Amazon S3 managed keys (SSE-S3). For information about the @@ -3042,6 +3345,8 @@ func (c *S3) GetBucketIntelligentTieringConfigurationRequest(input *GetBucketInt // GetBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -3140,6 +3445,8 @@ func (c *S3) GetBucketInventoryConfigurationRequest(input *GetBucketInventoryCon // GetBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns an inventory configuration (identified by the inventory configuration // ID) from the bucket. // @@ -3241,6 +3548,8 @@ func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *req // see the updated version of this topic. This topic is provided for backward // compatibility. // +// This operation is not supported by directory buckets. +// // Returns the lifecycle configuration information set on the bucket. For information // about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). // @@ -3339,6 +3648,8 @@ func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleCon // GetBucketLifecycleConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Bucket lifecycle configuration now supports specifying a lifecycle rule using // an object key name prefix, one or more object tags, or a combination of both. // Accordingly, this section describes the latest API. The response describes @@ -3441,14 +3752,16 @@ func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *reque // GetBucketLocation API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the Region the bucket resides in. You set the bucket's Region using // the LocationConstraint request parameter in a CreateBucket request. For more // information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// To use this API operation against an Object Lambda access point, provide +// When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -3535,6 +3848,8 @@ func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request // GetBucketLogging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the logging status of a bucket and the permissions users have to // view and modify that status. // @@ -3615,6 +3930,8 @@ func (c *S3) GetBucketMetricsConfigurationRequest(input *GetBucketMetricsConfigu // GetBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets a metrics configuration (specified by the metrics configuration ID) // from the bucket. Note that this doesn't include the daily storage metrics. // @@ -3713,6 +4030,8 @@ func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurat // GetBucketNotification API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // No longer used, see GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3790,6 +4109,8 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat // GetBucketNotificationConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the notification configuration of a bucket. // // If notifications are not enabled on the bucket, the action returns an empty @@ -3800,10 +4121,10 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat // to other users to read this configuration with the s3:GetBucketNotification // permission. // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// To use this API operation against an Object Lambda access point, provide +// When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -3888,6 +4209,8 @@ func (c *S3) GetBucketOwnershipControlsRequest(input *GetBucketOwnershipControls // GetBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, // you must have the s3:GetBucketOwnershipControls permission. For more information // about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html). @@ -3972,10 +4295,21 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R // GetBucketPolicy API operation for Amazon Simple Storage Service. // -// Returns the policy of a specified bucket. If you are using an identity other -// than the root user of the Amazon Web Services account that owns the bucket, -// the calling identity must have the GetBucketPolicy permissions on the specified -// bucket and belong to the bucket owner's account in order to use this operation. +// Returns the policy of a specified bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the GetBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access // Denied error. If you have the correct permissions, but you're not using an @@ -3990,17 +4324,33 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R // these API actions by VPC endpoint policies and Amazon Web Services Organizations // policies. // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// - General purpose bucket permissions - The s3:GetBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. // -// To use this API operation against an Object Lambda access point, provide -// the alias of the Object Lambda access point in place of the bucket name. -// If the Object Lambda access point alias in a request is not valid, the error -// code InvalidAccessPointAliasError is returned. For more information about -// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:GetBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # Example bucket policies +// +// General purpose buckets example bucket policies - See Bucket policy examples +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// Directory bucket example bucket policies - See Example bucket policies for +// S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax // -// For more information about bucket policies, see Using Bucket Policies and -// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following action is related to GetBucketPolicy: // @@ -4077,6 +4427,8 @@ func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (re // GetBucketPolicyStatus API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves the policy status for an Amazon S3 bucket, indicating whether the // bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus // permission. For more information about Amazon S3 permissions, see Specifying @@ -4166,6 +4518,8 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req // GetBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the replication configuration of a bucket. // // It can take a while to propagate the put or delete a replication configuration @@ -4263,6 +4617,8 @@ func (c *S3) GetBucketRequestPaymentRequest(input *GetBucketRequestPaymentInput) // GetBucketRequestPayment API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the request payment configuration of a bucket. To use this version // of the operation, you must be the bucket owner. For more information, see // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). @@ -4342,6 +4698,8 @@ func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request // GetBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the tag set associated with the bucket. // // To use this operation, you must have permission to perform the s3:GetBucketTagging @@ -4430,6 +4788,8 @@ func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *r // GetBucketVersioning API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the versioning state of a bucket. // // To retrieve the versioning state of a bucket, you must be the bucket owner. @@ -4517,6 +4877,8 @@ func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request // GetBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the website configuration for a bucket. To host website on Amazon // S3, you can configure a bucket as website by adding a website configuration. // For more information about hosting websites, see Hosting Websites on Amazon @@ -4604,113 +4966,106 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // GetObject API operation for Amazon Simple Storage Service. // -// Retrieves objects from Amazon S3. To use GET, you must have READ access to -// the object. If you grant READ access to the anonymous user, you can return -// the object without using an authorization header. -// -// An Amazon S3 bucket has no directory hierarchy such as you would find in -// a typical computer file system. You can, however, create a logical hierarchy -// by using object key names that imply a folder structure. For example, instead -// of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg. -// -// To get an object from such a logical hierarchy, specify the full key name -// for the object in the GET operation. For a virtual hosted-style request example, -// if you have the object photos/2006/February/sample.jpg, specify the resource -// as /photos/2006/February/sample.jpg. For a path-style request example, if -// you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, -// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For -// more information about request types, see HTTP Host Header Bucket Specification -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket). -// -// For more information about returning the ACL of an object, see GetObjectAcl -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html). +// Retrieves an object from Amazon S3. // -// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval -// or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive -// or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the -// object you must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). -// Otherwise, this action returns an InvalidObjectState error. For information -// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html). -// -// Encryption request headers, like x-amz-server-side-encryption, should not -// be sent for GET requests if your object uses server-side encryption with -// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption -// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with -// Amazon S3 managed encryption keys (SSE-S3). If your object does use these -// types of keys, you’ll get an HTTP 400 Bad Request error. -// -// If you encrypt an object by using server-side encryption with customer-provided -// encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you GET the object, you must use the following headers: +// In the GetObject request, specify the full key name for the object. // -// - x-amz-server-side-encryption-customer-algorithm -// -// - x-amz-server-side-encryption-customer-key -// -// - x-amz-server-side-encryption-customer-key-MD5 -// -// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). -// -// Assuming you have the relevant permission to read object tags, the response -// also returns the x-amz-tagging-count header that provides the count of number -// of tags associated with the object. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) -// to retrieve the tag set associated with an object. -// -// # Permissions -// -// You need the relevant read object (or version) permission for this operation. -// For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). -// If the object that you request doesn’t exist, the error that Amazon S3 -// returns depends on whether you also have the s3:ListBucket permission. -// -// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 (Not Found) error. +// General purpose buckets - Both the virtual-hosted-style requests and the +// path-style requests are supported. For a virtual hosted-style request example, +// if you have the object photos/2006/February/sample.jpg, specify the object +// key name as /photos/2006/February/sample.jpg. For a path-style request example, +// if you have the object photos/2006/February/sample.jpg in the bucket named +// examplebucket, specify the object key name as /examplebucket/photos/2006/February/sample.jpg. +// For more information about request types, see HTTP Host Header Bucket Specification +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket) +// in the Amazon S3 User Guide. // -// If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP -// status code 403 ("access denied") error. +// Directory buckets - Only virtual-hosted-style requests are supported. For +// a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg +// in the bucket named examplebucket--use1-az5--x-s3, specify the object key +// name as /photos/2006/February/sample.jpg. Also, when you make requests to +// this API operation, your requests are sent to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// # Versioning +// Permissions +// +// - General purpose bucket permissions - You must have the required permissions +// in a policy. To use GetObject, you must have the READ access to the object +// (or version). If you grant READ access to the anonymous user, the GetObject +// operation returns the object without using an authorization header. For +// more information, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If you include a versionId in your request +// header, you must have the s3:GetObjectVersion permission to access a specific +// version of an object. The s3:GetObject permission is not required in this +// scenario. If you request the current version of an object without a specific +// versionId in the request header, only the s3:GetObject permission is required. +// The s3:GetObjectVersion permission is not required in this scenario. If +// the object that you request doesn’t exist, the error that Amazon S3 +// returns depends on whether you also have the s3:ListBucket permission. +// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns +// an HTTP status code 404 Not Found error. If you don’t have the s3:ListBucket +// permission, Amazon S3 returns an HTTP status code 403 Access Denied error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Storage classes // -// By default, the GET action returns the current version of an object. To return -// a different version, use the versionId subresource. +// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval +// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering +// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, +// before you can retrieve the object you must first restore a copy using RestoreObject +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this operation returns an InvalidObjectState error. For information +// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. // -// - If you supply a versionId, you need the s3:GetObjectVersion permission -// to access a specific version of an object. If you request a specific version, -// you do not need to have the s3:GetObject permission. If you request the -// current version without a specific version ID, only s3:GetObject permission -// is required. s3:GetObjectVersion permission won't be required. +// Directory buckets - For directory buckets, only the S3 Express One Zone storage +// class is supported to store newly created objects. Unsupported storage class +// values won't write a destination object and will respond with the HTTP status +// code 400 Bad Request. // -// - If the current version of the object is a delete marker, Amazon S3 behaves -// as if the object was deleted and includes x-amz-delete-marker: true in -// the response. +// # Encryption // -// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for the GetObject requests, if your object uses server-side encryption +// with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in +// your GetObject requests for the object that uses these types of keys, you’ll +// get an HTTP 400 Bad Request error. // -// # Overriding Response Header Values +// # Overriding response header values through the request // // There are times when you want to override certain response header values -// in a GET response. For example, you might override the Content-Disposition -// response header value in your GET request. -// -// You can override values for a set of response headers using the following -// query parameters. These response header values are sent only on a successful -// request, that is, when status code 200 OK is returned. The set of headers -// you can override using these parameters is a subset of the headers that Amazon -// S3 accepts when you create an object. The response headers that you can override -// for the GET response are Content-Type, Content-Language, Expires, Cache-Control, -// Content-Disposition, and Content-Encoding. To override these header values -// in the GET response, you use the following request parameters. -// -// You must sign the request, either using an Authorization header or a presigned -// URL, when using these parameters. They cannot be used with an unsigned (anonymous) -// request. +// of a GetObject response. For example, you might override the Content-Disposition +// response header value through your GetObject request. // -// - response-content-type +// You can override values for a set of response headers. These modified response +// header values are included only in a successful response, that is, when the +// HTTP status code 200 OK is returned. The headers you can override using the +// following query parameters in the request are a subset of the headers that +// Amazon S3 accepts when you create an object. // -// - response-content-language +// The response headers that you can override for the GetObject response are +// Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, +// and Expires. // -// - response-expires +// To override values for a set of response headers in the GetObject response, +// you can use the following query parameters in the request. // // - response-cache-control // @@ -4718,17 +5073,19 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // // - response-content-encoding // -// # Overriding Response Header Values +// - response-content-language +// +// - response-content-type +// +// - response-expires // -// If both of the If-Match and If-Unmodified-Since headers are present in the -// request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since -// condition evaluates to false; then, S3 returns 200 OK and the data requested. +// When you use these parameters, you must sign the request by using either +// an Authorization header or a presigned URL. These parameters cannot be used +// with an unsigned (anonymous) request. // -// If both of the If-None-Match and If-Modified-Since headers are present in -// the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since -// condition evaluates to true; then, S3 returns 304 Not Modified response code. +// # HTTP Host header syntax // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to GetObject: // @@ -4751,6 +5108,15 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // - ErrCodeInvalidObjectState "InvalidObjectState" // Object is archived and inaccessible until restored. // +// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval +// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering +// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, +// before you can retrieve the object you must first restore a copy using RestoreObject +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this operation returns an InvalidObjectState error. For information +// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject func (c *S3) GetObject(input *GetObjectInput) (*GetObjectOutput, error) { req, out := c.GetObjectRequest(input) @@ -4816,13 +5182,15 @@ func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request // GetObjectAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the access control list (ACL) of an object. To use this operation, // you must have s3:GetObjectAcl permissions or READ_ACP access to the object. // For more information, see Mapping of ACL permissions and access policy permissions // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping) // in the Amazon S3 User Guide // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // By default, GET returns ACL information about the current version of an object. // To return ACL information about a different version, use the versionId subresource. @@ -4920,16 +5288,65 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r // GetObjectAttributes API operation for Amazon Simple Storage Service. // // Retrieves all the metadata from an object without returning the object itself. -// This action is useful if you're interested only in an object's metadata. -// To use GetObjectAttributes, you must have READ access to the object. +// This operation is useful if you're interested only in an object's metadata. // // GetObjectAttributes combines the functionality of HeadObject and ListParts. // All of the data returned with each of those individual calls can be returned // with a single call to GetObjectAttributes. // +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - To use GetObjectAttributes, you +// must have READ access to the object. The permissions that you need to +// use this operation with depend on whether the bucket is versioned. If +// the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes +// permissions for this operation. If the bucket is not versioned, you need +// the s3:GetObject and s3:GetObjectAttributes permissions. For more information, +// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If the object that you request does not exist, +// the error Amazon S3 returns depends on whether you also have the s3:ListBucket +// permission. If you have the s3:ListBucket permission on the bucket, Amazon +// S3 returns an HTTP status code 404 Not Found ("no such key") error. If +// you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP +// status code 403 Forbidden ("access denied") error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Encryption +// +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for HEAD requests if your object uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption +// header is used when you PUT an object to S3 and want to specify the encryption +// method. If you include this header in a GET request for an object that uses +// these types of keys, you’ll get an HTTP 400 Bad Request error. It's because +// the encryption method can't be changed when you retrieve the object. +// // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you retrieve the metadata from the object, you must use the following headers: +// you retrieve the metadata from the object, you must use the following headers +// to provide the encryption key for the server to be able to retrieve the object's +// metadata. The headers are: // // - x-amz-server-side-encryption-customer-algorithm // @@ -4941,47 +5358,35 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // -// - Encryption request headers, such as x-amz-server-side-encryption, should -// not be sent for GET requests if your object uses server-side encryption -// with Amazon Web Services KMS keys stored in Amazon Web Services Key Management -// Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys -// (SSE-S3). If your object does use these types of keys, you'll get an HTTP -// 400 Bad Request error. +// Directory bucket permissions - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// - The last modified property in this case is the creation date of the -// object. +// # Versioning +// +// Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID is +// supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// # Conditional request headers // // Consider the following when using request headers: // // - If both of the If-Match and If-Unmodified-Since headers are present // in the request as follows, then Amazon S3 returns the HTTP status code // 200 OK and the data requested: If-Match condition evaluates to true. If-Unmodified-Since -// condition evaluates to false. +// condition evaluates to false. For more information about conditional requests, +// see RFC 7232 (https://tools.ietf.org/html/rfc7232). // // - If both of the If-None-Match and If-Modified-Since headers are present // in the request as follows, then Amazon S3 returns the HTTP status code // 304 Not Modified: If-None-Match condition evaluates to false. If-Modified-Since -// condition evaluates to true. -// -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). -// -// # Permissions -// -// The permissions that you need to use this operation depend on whether the -// bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion -// and s3:GetObjectVersionAttributes permissions for this operation. If the -// bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes -// permissions. For more information, see Specifying Permissions in a Policy -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) -// in the Amazon S3 User Guide. If the object that you request does not exist, -// the error Amazon S3 returns depends on whether you also have the s3:ListBucket -// permission. +// condition evaluates to true. For more information about conditional requests, +// see RFC 7232 (https://tools.ietf.org/html/rfc7232). // -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 Not Found ("no such key") error. +// # HTTP Host header syntax // -// - If you don't have the s3:ListBucket permission, Amazon S3 returns an -// HTTP status code 403 Forbidden ("access denied") error. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following actions are related to GetObjectAttributes: // @@ -5077,10 +5482,12 @@ func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *req // GetObjectLegalHold API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets an object's current legal hold status. For more information, see Locking // Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectLegalHold: // @@ -5157,6 +5564,8 @@ func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfiguration // GetObjectLockConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets the Object Lock configuration for a bucket. The rule specified in the // Object Lock configuration will be applied by default to every new object // placed in the specified bucket. For more information, see Locking Objects @@ -5237,10 +5646,12 @@ func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *req // GetObjectRetention API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves an object's retention settings. For more information, see Locking // Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectRetention: // @@ -5317,6 +5728,8 @@ func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request // GetObjectTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the tag-set of an object. You send the GET request against the tagging // subresource associated with the object. // @@ -5412,6 +5825,8 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // GetObjectTorrent API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns torrent files from a bucket. BitTorrent can save you bandwidth when // you're distributing large files. // @@ -5421,7 +5836,7 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // // To use GET, you must have READ access to the object. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectTorrent: // @@ -5498,6 +5913,8 @@ func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req // GetPublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To // use this operation, you must have the s3:GetBucketPublicAccessBlock permission. // For more information about Amazon S3 permissions, see Specifying Permissions @@ -5589,39 +6006,63 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou output = &HeadBucketOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // HeadBucket API operation for Amazon Simple Storage Service. // -// This action is useful to determine if a bucket exists and you have permission -// to access it. The action returns a 200 OK if the bucket exists and you have -// permission to access it. +// You can use this operation to determine if a bucket exists and if you have +// permission to access it. The action returns a 200 OK if the bucket exists +// and you have permission to access it. // // If the bucket does not exist or you do not have permission to access it, // the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 // Not Found code. A message body is not included, so you cannot determine the // exception beyond these error codes. // -// To use this operation, you must have permissions to perform the s3:ListBucket -// action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). +// Directory buckets - You must make requests for this API operation to the +// Zonal endpoint. These endpoints support virtual-hosted-style requests in +// the format https://bucket_name.s3express-az_id.region.amazonaws.com. Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// To use this API operation against an access point, you must provide the alias -// of the access point in place of the bucket name or specify the access point -// ARN. When using the access point ARN, you must direct requests to the access -// point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. -// When using the Amazon Web Services SDKs, you provide the ARN in place of -// the bucket name. For more information, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html). +// # Authentication and authorization // -// To use this API operation against an Object Lambda access point, provide -// the alias of the Object Lambda access point in place of the bucket name. -// If the Object Lambda access point alias in a request is not valid, the error -// code InvalidAccessPointAliasError is returned. For more information about -// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// All HeadBucket requests must be authenticated and signed by using IAM credentials +// (access key ID and secret access key for the IAM identities). All headers +// with the x-amz- prefix, including x-amz-copy-source, must be signed. For +// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). +// +// Directory bucket - You must use IAM credentials to authenticate and authorize +// your access to the HeadBucket API operation, instead of using the temporary +// security credentials through the CreateSession API operation. +// +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. +// +// Permissions +// +// - General purpose bucket permissions - To use this operation, you must +// have permissions to perform the s3:ListBucket action. The bucket owner +// has this permission by default and can grant this permission to others. +// For more information about permissions, see Managing access permissions +// to your Amazon S3 resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - You must have the s3express:CreateSession +// permission in the Action element of a policy. By default, the session +// is in the ReadWrite mode. If you want to restrict the access, you can +// explicitly set the s3express:SessionMode condition key to ReadOnly on +// the bucket. For more information about example bucket policies, see Example +// bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5699,19 +6140,70 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // HeadObject API operation for Amazon Simple Storage Service. // -// The HEAD action retrieves metadata from an object without returning the object -// itself. This action is useful if you're only interested in an object's metadata. -// To use HEAD, you must have READ access to the object. +// The HEAD operation retrieves metadata from an object without returning the +// object itself. This operation is useful if you're interested only in an object's +// metadata. +// +// A HEAD request has the same options as a GET operation on an object. The +// response is identical to the GET response except that there is no response +// body. Because of this, if the HEAD request generates an error, it returns +// a generic code, such as 400 Bad Request, 403 Forbidden, 404 Not Found, 405 +// Method Not Allowed, 412 Precondition Failed, or 304 Not Modified. It's not +// possible to retrieve the exact exception of these error codes. +// +// Request headers are limited to 8 KB in size. For more information, see Common +// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// A HEAD request has the same options as a GET action on an object. The response -// is identical to the GET response except that there is no response body. Because -// of this, if the HEAD request generates an error, it returns a generic 400 -// Bad Request, 403 Forbidden or 404 Not Found code. It is not possible to retrieve -// the exact exception beyond these error codes. +// Permissions +// +// - General purpose bucket permissions - To use HEAD, you must have the +// s3:GetObject permission. You need the relevant read object (or version) +// permission for this operation. For more information, see Actions, resources, +// and condition keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) +// in the Amazon S3 User Guide. If the object you request doesn't exist, +// the error that Amazon S3 returns depends on whether you also have the +// s3:ListBucket permission. If you have the s3:ListBucket permission on +// the bucket, Amazon S3 returns an HTTP status code 404 Not Found error. +// If you don’t have the s3:ListBucket permission, Amazon S3 returns an +// HTTP status code 403 Forbidden error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Encryption +// +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for HEAD requests if your object uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption +// header is used when you PUT an object to S3 and want to specify the encryption +// method. If you include this header in a HEAD request for an object that uses +// these types of keys, you’ll get an HTTP 400 Bad Request error. It's because +// the encryption method can't be changed when you retrieve the object. // // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you retrieve the metadata from the object, you must use the following headers: +// you retrieve the metadata from the object, you must use the following headers +// to provide the encryption key for the server to be able to retrieve the object's +// metadata. The headers are: // // - x-amz-server-side-encryption-customer-algorithm // @@ -5720,48 +6212,32 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // - x-amz-server-side-encryption-customer-key-MD5 // // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). -// -// - Encryption request headers, like x-amz-server-side-encryption, should -// not be sent for GET requests if your object uses server-side encryption -// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side -// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side -// encryption with Amazon S3 managed encryption keys (SSE-S3). If your object -// does use these types of keys, you’ll get an HTTP 400 Bad Request error. -// -// - The last modified property in this case is the creation date of the -// object. -// -// Request headers are limited to 8 KB in size. For more information, see Common -// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). +// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. // -// Consider the following when using request headers: +// Directory bucket permissions - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// - Consideration 1 – If both of the If-Match and If-Unmodified-Since -// headers are present in the request as follows: If-Match condition evaluates -// to true, and; If-Unmodified-Since condition evaluates to false; Then Amazon -// S3 returns 200 OK and the data requested. +// Versioning // -// - Consideration 2 – If both of the If-None-Match and If-Modified-Since -// headers are present in the request as follows: If-None-Match condition -// evaluates to false, and; If-Modified-Since condition evaluates to true; -// Then Amazon S3 returns the 304 Not Modified response code. +// - If the current version of the object is a delete marker, Amazon S3 behaves +// as if the object was deleted and includes x-amz-delete-marker: true in +// the response. // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// - If the specified version is a delete marker, the response returns a +// 405 Method Not Allowed error and the Last-Modified: timestamp response +// header. // -// # Permissions +// - Directory buckets - Delete marker is not supported by directory buckets. // -// You need the relevant read object (or version) permission for this operation. -// For more information, see Actions, resources, and condition keys for Amazon -// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). -// If the object you request doesn't exist, the error that Amazon S3 returns -// depends on whether you also have the s3:ListBucket permission. +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID +// is supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. // -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 error. +// # HTTP Host header syntax // -// - If you don’t have the s3:ListBucket permission, Amazon S3 returns -// an HTTP status code 403 error. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following actions are related to HeadObject: // @@ -5843,6 +6319,8 @@ func (c *S3) ListBucketAnalyticsConfigurationsRequest(input *ListBucketAnalytics // ListBucketAnalyticsConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the analytics configurations for the bucket. You can have up to 1,000 // analytics configurations per bucket. // @@ -5942,6 +6420,8 @@ func (c *S3) ListBucketIntelligentTieringConfigurationsRequest(input *ListBucket // ListBucketIntelligentTieringConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -6040,6 +6520,8 @@ func (c *S3) ListBucketInventoryConfigurationsRequest(input *ListBucketInventory // ListBucketInventoryConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns a list of inventory configurations for the bucket. You can have up // to 1,000 analytics configurations per bucket. // @@ -6139,6 +6621,8 @@ func (c *S3) ListBucketMetricsConfigurationsRequest(input *ListBucketMetricsConf // ListBucketMetricsConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the metrics configurations for the bucket. The metrics configurations // are only for the request metrics of the bucket and do not provide information // on daily storage metrics. You can have up to 1,000 configurations per bucket. @@ -6239,6 +6723,8 @@ func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request, // ListBuckets API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns a list of all buckets owned by the authenticated sender of the request. // To use this operation, you must have the s3:ListAllMyBuckets permission. // @@ -6273,6 +6759,160 @@ func (c *S3) ListBucketsWithContext(ctx aws.Context, input *ListBucketsInput, op return out, req.Send() } +const opListDirectoryBuckets = "ListDirectoryBuckets" + +// ListDirectoryBucketsRequest generates a "aws/request.Request" representing the +// client's request for the ListDirectoryBuckets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListDirectoryBuckets for more information on using the ListDirectoryBuckets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListDirectoryBucketsRequest method. +// req, resp := client.ListDirectoryBucketsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListDirectoryBuckets +func (c *S3) ListDirectoryBucketsRequest(input *ListDirectoryBucketsInput) (req *request.Request, output *ListDirectoryBucketsOutput) { + op := &request.Operation{ + Name: opListDirectoryBuckets, + HTTPMethod: "GET", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"ContinuationToken"}, + OutputTokens: []string{"ContinuationToken"}, + LimitToken: "MaxDirectoryBuckets", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListDirectoryBucketsInput{} + } + + output = &ListDirectoryBucketsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListDirectoryBuckets API operation for Amazon Simple Storage Service. +// +// Returns a list of all Amazon S3 directory buckets owned by the authenticated +// sender of the request. For more information about directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// You must have the s3express:ListAllMyDirectoryBuckets permission in an IAM +// identity-based policy instead of a bucket policy. Cross-account access to +// this API operation isn't supported. This operation can only be performed +// by the Amazon Web Services account that owns the resource. For more information +// about directory bucket policies and permissions, see Amazon Web Services +// Identity and Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation ListDirectoryBuckets for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListDirectoryBuckets +func (c *S3) ListDirectoryBuckets(input *ListDirectoryBucketsInput) (*ListDirectoryBucketsOutput, error) { + req, out := c.ListDirectoryBucketsRequest(input) + return out, req.Send() +} + +// ListDirectoryBucketsWithContext is the same as ListDirectoryBuckets with the addition of +// the ability to pass a context and additional request options. +// +// See ListDirectoryBuckets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) ListDirectoryBucketsWithContext(ctx aws.Context, input *ListDirectoryBucketsInput, opts ...request.Option) (*ListDirectoryBucketsOutput, error) { + req, out := c.ListDirectoryBucketsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListDirectoryBucketsPages iterates over the pages of a ListDirectoryBuckets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListDirectoryBuckets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListDirectoryBuckets operation. +// pageNum := 0 +// err := client.ListDirectoryBucketsPages(params, +// func(page *s3.ListDirectoryBucketsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *S3) ListDirectoryBucketsPages(input *ListDirectoryBucketsInput, fn func(*ListDirectoryBucketsOutput, bool) bool) error { + return c.ListDirectoryBucketsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListDirectoryBucketsPagesWithContext same as ListDirectoryBucketsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) ListDirectoryBucketsPagesWithContext(ctx aws.Context, input *ListDirectoryBucketsInput, fn func(*ListDirectoryBucketsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListDirectoryBucketsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListDirectoryBucketsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListDirectoryBucketsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListMultipartUploads = "ListMultipartUploads" // ListMultipartUploadsRequest generates a "aws/request.Request" representing the @@ -6322,28 +6962,79 @@ func (c *S3) ListMultipartUploadsRequest(input *ListMultipartUploadsInput) (req // ListMultipartUploads API operation for Amazon Simple Storage Service. // -// This action lists in-progress multipart uploads. An in-progress multipart -// upload is a multipart upload that has been initiated using the Initiate Multipart -// Upload request, but has not yet been completed or aborted. +// This operation lists in-progress multipart uploads in a bucket. An in-progress +// multipart upload is a multipart upload that has been initiated by the CreateMultipartUpload +// request, but has not yet been completed or aborted. +// +// Directory buckets - If multipart uploads in a directory bucket are in progress, +// you can't delete the bucket until all the in-progress multipart uploads are +// aborted or completed. +// +// The ListMultipartUploads operation returns a maximum of 1,000 multipart uploads +// in the response. The limit of 1,000 multipart uploads is also the default +// value. You can further limit the number of uploads in a response by specifying +// the max-uploads request parameter. If there are more than 1,000 multipart +// uploads that satisfy your ListMultipartUploads request, the response returns +// an IsTruncated element with the value of true, a NextKeyMarker element, and +// a NextUploadIdMarker element. To list the remaining multipart uploads, you +// need to make subsequent ListMultipartUploads requests. In these requests, +// include two query parameters: key-marker and upload-id-marker. Set the value +// of key-marker to the NextKeyMarker value from the previous response. Similarly, +// set the value of upload-id-marker to the NextUploadIdMarker value from the +// previous response. +// +// Directory buckets - The upload-id-marker element and the NextUploadIdMarker +// element aren't supported by directory buckets. To list the additional multipart +// uploads, you only need to set the value of key-marker to the NextKeyMarker +// value from the previous response. +// +// For more information about multipart uploads, see Uploading Objects Using +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. // -// This action returns at most 1,000 multipart uploads in the response. 1,000 -// multipart uploads is the maximum number of uploads a response can include, -// which is also the default value. You can further limit the number of uploads -// in a response by specifying the max-uploads parameter in the response. If -// additional multipart uploads satisfy the list criteria, the response will -// contain an IsTruncated element with the value true. To list the additional -// multipart uploads, use the key-marker and upload-id-marker request parameters. +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// In the response, the uploads are sorted by key. If your application has initiated -// more than one multipart upload using the same object key, then uploads in -// the response are first sorted by key. Additionally, uploads are sorted in -// ascending order within each key by the upload initiation time. +// Permissions // -// For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Sorting of multipart uploads in response +// +// - General purpose bucket - In the ListMultipartUploads response, the multipart +// uploads are sorted based on two criteria: Key-based sorting - Multipart +// uploads are initially sorted in ascending order based on their object +// keys. Time-based sorting - For uploads that share the same object key, +// they are further sorted in ascending order based on the upload initiation +// time. Among uploads with the same key, the one that was initiated first +// will appear before the ones that were initiated later. // -// For information on permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// - Directory bucket - In the ListMultipartUploads response, the multipart +// uploads aren't sorted lexicographically based on the object keys. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to ListMultipartUploads: // @@ -6485,6 +7176,8 @@ func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *req // ListObjectVersions API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns metadata about all versions of the objects in a bucket. You can also // use request parameters as selection criteria to return metadata about a subset // of all the object versions. @@ -6497,8 +7190,6 @@ func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *req // // To use this operation, you must have READ access to the bucket. // -// This action is not supported by Amazon S3 on Outposts. -// // The following operations are related to ListObjectVersions: // // - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) @@ -6637,6 +7328,8 @@ func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, // ListObjects API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns some or all (up to 1,000) of the objects in a bucket. You can use // the request parameters as selection criteria to return a subset of the objects // in a bucket. A 200 OK response can contain valid or invalid XML. Be sure @@ -6797,28 +7490,58 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque // You can use the request parameters as selection criteria to return a subset // of the objects in a bucket. A 200 OK response can contain valid or invalid // XML. Make sure to design your application to parse the contents of the response -// and handle it appropriately. Objects are returned sorted in an ascending -// order of the respective key names in the list. For more information about -// listing objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) +// and handle it appropriately. For more information about listing objects, +// see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) +// in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// To use this operation, you must have READ access to the bucket. +// Permissions // -// To use this action in an Identity and Access Management (IAM) policy, you -// must have permission to perform the s3:ListBucket action. The bucket owner -// has this permission by default and can grant this permission to others. For -// more information about permissions, see Permissions Related to Bucket Subresource -// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) -// in the Amazon S3 User Guide. +// - General purpose bucket permissions - To use this operation, you must +// have READ access to the bucket. You must have permission to perform the +// s3:ListBucket action. The bucket owner has this permission by default +// and can grant this permission to others. For more information about permissions, +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Sorting order of returned objects +// +// - General purpose bucket - For general purpose buckets, ListObjectsV2 +// returns objects in lexicographical order based on their key names. +// +// - Directory bucket - For directory buckets, ListObjectsV2 does not return +// objects in lexicographical order. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // This section describes the latest revision of this action. We recommend that // you use this revised API operation for application development. For backward // compatibility, Amazon S3 continues to support the prior version of this API // operation, ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). // -// To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). -// // The following operations are related to ListObjectsV2: // // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) @@ -6961,24 +7684,58 @@ func (c *S3) ListPartsRequest(input *ListPartsInput) (req *request.Request, outp // ListParts API operation for Amazon Simple Storage Service. // // Lists the parts that have been uploaded for a specific multipart upload. -// This operation must include the upload ID, which you obtain by sending the -// initiate multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)). -// This request returns a maximum of 1,000 uploaded parts. The default number -// of parts returned is 1,000 parts. You can restrict the number of parts returned -// by specifying the max-parts request parameter. If your multipart upload consists -// of more than 1,000 parts, the response returns an IsTruncated field with -// the value of true, and a NextPartNumberMarker element. In subsequent ListParts -// requests you can include the part-number-marker query string parameter and -// set its value to the NextPartNumberMarker field value from the previous response. -// -// If the upload was created using a checksum algorithm, you will need to have -// permission to the kms:Decrypt action for the request to succeed. +// +// To use this operation, you must provide the upload ID in the request. You +// obtain this uploadID by sending the initiate multipart upload request through +// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// +// The ListParts request returns a maximum of 1,000 uploaded parts. The limit +// of 1,000 parts is also the default value. You can restrict the number of +// parts in a response by specifying the max-parts request parameter. If your +// multipart upload consists of more than 1,000 parts, the response returns +// an IsTruncated field with the value of true, and a NextPartNumberMarker element. +// To list remaining uploaded parts, in subsequent ListParts requests, include +// the part-number-marker query string parameter and set its value to the NextPartNumberMarker +// field value from the previous response. // // For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// For information on permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. If the upload was created using server-side +// encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer +// server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you +// must have permission to the kms:Decrypt action for the ListParts request +// to succeed. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to ListParts: // @@ -7117,6 +7874,8 @@ func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateC // PutBucketAccelerateConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer // Acceleration is a bucket-level feature that enables you to perform faster // data transfers to Amazon S3. @@ -7229,9 +7988,11 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // PutBucketAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the permissions on an existing bucket using access control lists (ACL). // For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// To set the ACL of a bucket, you must have WRITE_ACP permission. +// To set the ACL of a bucket, you must have the WRITE_ACP permission. // // You can use one of the following two ways to set a bucket's permissions: // @@ -7397,6 +8158,8 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // PutBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets an analytics configuration for the bucket (specified by the analytics // configuration ID). You can have up to 1,000 analytics configurations per // bucket. @@ -7519,6 +8282,8 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque // PutBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the cors configuration for your bucket. If the configuration exists, // Amazon S3 replaces it. // @@ -7639,21 +8404,21 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r // PutBucketEncryption API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action uses the encryption subresource to configure default encryption // and Amazon S3 Bucket Keys for an existing bucket. // // By default, all buckets have a default encryption configuration that uses // server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally // configure default encryption for a bucket by using server-side encryption -// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side -// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption -// with customer-provided keys (SSE-C). If you specify default encryption by -// using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information -// about bucket default encryption, see Amazon S3 bucket default encryption -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) -// in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see -// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. +// with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side +// encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default +// encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html). If you +// use PutBucketEncryption to set your default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 +// does not validate the KMS key ID provided in PutBucketEncryption requests. // // This action requires Amazon Web Services Signature Version 4. For more information, // see Authenticating Requests (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). @@ -7743,6 +8508,8 @@ func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketInt // PutBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Puts a S3 Intelligent-Tiering configuration to the specified bucket. You // can have up to 1,000 S3 Intelligent-Tiering configurations per bucket. // @@ -7868,6 +8635,8 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon // PutBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the PUT action adds an inventory configuration (identified // by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations // per bucket. @@ -8022,6 +8791,8 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req // PutBucketLifecycle API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // For an updated version of this API, see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html). // This version has been deprecated. Existing lifecycle configurations will // work. For new lifecycle configurations, use the updated API. @@ -8151,6 +8922,8 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // PutBucketLifecycleConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates a new lifecycle configuration for the bucket or replaces an existing // lifecycle configuration. Keep in mind that this will overwrite an existing // lifecycle configuration, so if you want to retain any configuration details, @@ -8294,6 +9067,8 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // PutBucketLogging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Set the logging parameters for a bucket and to specify permissions for who // can view and modify the logging parameters. All logs are saved to buckets // in the same Amazon Web Services Region as the source bucket. To set the logging @@ -8421,6 +9196,8 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu // PutBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets a metrics configuration (specified by the metrics configuration ID) // for the bucket. You can have up to 1,000 metrics configurations per bucket. // If you're updating an existing metrics configuration, note that this is a @@ -8531,6 +9308,8 @@ func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (re // PutBucketNotification API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // No longer used, see the PutBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html) // operation. // @@ -8610,6 +9389,8 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // PutBucketNotificationConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Enables notifications of specified events for a bucket. For more information // about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). // @@ -8739,6 +9520,8 @@ func (c *S3) PutBucketOwnershipControlsRequest(input *PutBucketOwnershipControls // PutBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this // operation, you must have the s3:PutBucketOwnershipControls permission. For // more information about Amazon S3 permissions, see Specifying permissions @@ -8829,11 +9612,21 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R // PutBucketPolicy API operation for Amazon Simple Storage Service. // -// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using -// an identity other than the root user of the Amazon Web Services account that -// owns the bucket, the calling identity must have the PutBucketPolicy permissions -// on the specified bucket and belong to the bucket owner's account in order -// to use this operation. +// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the PutBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access // Denied error. If you have the correct permissions, but you're not using an @@ -8848,7 +9641,33 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R // these API actions by VPC endpoint policies and Amazon Web Services Organizations // policies. // -// For more information, see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html). +// - General purpose bucket permissions - The s3:PutBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:PutBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # Example bucket policies +// +// General purpose buckets example bucket policies - See Bucket policy examples +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// Directory bucket example bucket policies - See Example bucket policies for +// S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to PutBucketPolicy: // @@ -8932,6 +9751,8 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // PutBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates a replication configuration or replaces an existing one. For more // information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) // in the Amazon S3 User Guide. @@ -8940,6 +9761,9 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // configuration, you provide the name of the destination bucket or buckets // where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 // can assume to replicate objects on your behalf, and other relevant information. +// You can invoke this request for a specific Amazon Web Services Region by +// using the aws:RequestedRegion (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion) +// condition key. // // A replication configuration must include at least one rule, and can contain // a maximum of 1,000. Each rule identifies a subset of objects to replicate @@ -9068,6 +9892,8 @@ func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput) // PutBucketRequestPayment API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the request payment configuration for a bucket. By default, the bucket // owner pays for downloads from the bucket. This configuration parameter enables // the bucket owner (only) to specify that the person requesting the download @@ -9156,6 +9982,8 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // PutBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the tags for a bucket. // // Use tags to organize your Amazon Web Services bill to reflect your own cost @@ -9166,7 +9994,7 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // name, and then organize your billing information to see the total cost of // that application across several services. For more information, see Cost // Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) -// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html). +// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). // // When this operation sets the tags for a bucket, it will overwrite any current // tags the bucket already has. You cannot use this operation to add tags to @@ -9178,22 +10006,20 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// PutBucketTagging has the following special errors: +// PutBucketTagging has the following special errors. For more Amazon S3 errors +// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // -// - Error code: InvalidTagError Description: The tag provided was not a -// valid tag. This error can occur if the tag did not pass input validation. -// For information about tag restrictions, see User-Defined Tag Restrictions -// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) -// and Amazon Web Services-Generated Cost Allocation Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html). +// - InvalidTag - The tag provided was not a valid tag. This error can occur +// if the tag did not pass input validation. For more information, see Using +// Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). // -// - Error code: MalformedXMLError Description: The XML provided does not -// match the schema. +// - MalformedXML - The XML provided does not match the schema. // -// - Error code: OperationAbortedError Description: A conflicting conditional -// action is currently in progress against this resource. Please try again. +// - OperationAborted - A conflicting conditional action is currently in +// progress against this resource. Please try again. // -// - Error code: InternalError Description: The service was unable to apply -// the provided tag to the bucket. +// - InternalError - The service was unable to apply the provided tag to +// the bucket. // // The following operations are related to PutBucketTagging: // @@ -9277,6 +10103,8 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r // PutBucketVersioning API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the versioning state of an existing bucket. // // You can set the versioning state with one of the following values: @@ -9388,6 +10216,8 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // PutBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the configuration of the website that is specified in the website subresource. // To configure a bucket as a website, you can add this subresource on the bucket // with website configuration information such as the file name of the index @@ -9455,6 +10285,8 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // more information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) // in the Amazon S3 User Guide. // +// The maximum request length is limited to 128 KB. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9526,87 +10358,83 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // PutObject API operation for Amazon Simple Storage Service. // -// Adds an object to a bucket. You must have WRITE permissions on a bucket to -// add an object to it. -// -// Amazon S3 never adds partial objects; if you receive a success response, -// Amazon S3 added the entire object to the bucket. You cannot use PutObject -// to only update a single piece of metadata for an existing object. You must -// put the entire object with updated metadata if you want to update some values. +// Adds an object to a bucket. // -// Amazon S3 is a distributed system. If it receives multiple write requests -// for the same object simultaneously, it overwrites all but the last object -// written. To prevent objects from being deleted or overwritten, you can use -// Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html). +// - Amazon S3 never adds partial objects; if you receive a success response, +// Amazon S3 added the entire object to the bucket. You cannot use PutObject +// to only update a single piece of metadata for an existing object. You +// must put the entire object with updated metadata if you want to update +// some values. // -// To ensure that data is not corrupted traversing the network, use the Content-MD5 -// header. When you use this header, Amazon S3 checks the object against the -// provided MD5 value and, if they do not match, returns an error. Additionally, -// you can calculate the MD5 while putting an object to Amazon S3 and compare -// the returned ETag to the calculated MD5 value. +// - If your bucket uses the bucket owner enforced setting for Object Ownership, +// ACLs are disabled and no longer affect permissions. All objects written +// to the bucket by any account will be owned by the bucket owner. // -// - To successfully complete the PutObject request, you must have the s3:PutObject -// in your IAM permissions. -// -// - To successfully change the objects acl of your PutObject request, you -// must have the s3:PutObjectAcl in your IAM permissions. -// -// - To successfully set the tag-set with your PutObject request, you must -// have the s3:PutObjectTagging in your IAM permissions. -// -// - The Content-MD5 header is required for any request to upload an object -// with a retention period configured using Amazon S3 Object Lock. For more -// information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// You have four mutually exclusive options to protect data using server-side -// encryption in Amazon S3, depending on how you choose to manage the encryption -// keys. Specifically, the encryption key options are Amazon S3 managed keys -// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided -// keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using -// Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon -// S3 to encrypt data at rest by using server-side encryption with other key -// options. For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). -// -// When adding a new object, you can use headers to grant ACL-based permissions -// to individual Amazon Web Services accounts or to predefined groups defined -// by Amazon S3. These permissions are then added to the ACL on the object. -// By default, all objects are private. Only the owner has full access control. -// For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). -// -// If the bucket that you're uploading objects to uses the bucket owner enforced -// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. -// Buckets that use this setting only accept PUT requests that don't specify -// an ACL or PUT requests that specify bucket owner full control ACLs, such -// as the bucket-owner-full-control canned ACL or an equivalent form of this -// ACL expressed in the XML format. PUT requests that contain other ACLs (for -// example, custom grants to certain Amazon Web Services accounts) fail and -// return a 400 error with the error code AccessControlListNotSupported. For -// more information, see Controlling ownership of objects and disabling ACLs -// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. -// -// If your bucket uses the bucket owner enforced setting for Object Ownership, -// all objects written to the bucket by any account will be owned by the bucket -// owner. -// -// By default, Amazon S3 uses the STANDARD Storage Class to store newly created -// objects. The STANDARD storage class provides high durability and high availability. -// Depending on performance needs, you can specify a different Storage Class. -// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, -// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 User Guide. -// -// If you enable versioning for a bucket, Amazon S3 automatically generates -// a unique version ID for the object being stored. Amazon S3 returns this ID -// in the response. When you enable versioning for a bucket, if Amazon S3 receives -// multiple write requests for the same object simultaneously, it stores all -// of the objects. For more information about versioning, see Adding Objects -// to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html). -// For information about returning the versioning state of a bucket, see GetBucketVersioning -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). +// Amazon S3 is a distributed system. If it receives multiple write requests +// for the same object simultaneously, it overwrites all but the last object +// written. However, Amazon S3 provides features that can modify this behavior: +// +// - S3 Object Lock - To prevent objects from being deleted or overwritten, +// you can use Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) +// in the Amazon S3 User Guide. This functionality is not supported for directory +// buckets. +// +// - S3 Versioning - When you enable versioning for a bucket, if Amazon S3 +// receives multiple write requests for the same object simultaneously, it +// stores all versions of the objects. For each write request that is made +// to the same object, Amazon S3 automatically generates a unique version +// ID of that object being stored in Amazon S3. You can retrieve, replace, +// or delete any version of the object. For more information about versioning, +// see Adding Objects to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) +// in the Amazon S3 User Guide. For information about returning the versioning +// state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). +// This functionality is not supported for directory buckets. +// +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your PutObject request includes specific headers. +// s3:PutObject - To successfully complete the PutObject request, you must +// always have the s3:PutObject permission on a bucket to add an object to +// it. s3:PutObjectAcl - To successfully change the objects ACL of your PutObject +// request, you must have the s3:PutObjectAcl. s3:PutObjectTagging - To successfully +// set the tag-set with your PutObject request, you must have the s3:PutObjectTagging. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Data integrity with Content-MD5 +// +// - General purpose bucket - To ensure that data is not corrupted traversing +// the network, use the Content-MD5 header. When you use this header, Amazon +// S3 checks the object against the provided MD5 value and, if they do not +// match, Amazon S3 returns an error. Alternatively, when the object's ETag +// is its MD5 digest, you can calculate the MD5 while putting the object +// to Amazon S3 and compare the returned ETag to the calculated MD5 value. +// +// - Directory bucket - This functionality is not supported for directory +// buckets. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // For more information about related Amazon S3 APIs, see the following: // @@ -9689,13 +10517,15 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // PutObjectAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Uses the acl subresource to set the access control list (ACL) permissions -// for a new or existing object in an S3 bucket. You must have WRITE_ACP permission -// to set the ACL of an object. For more information, see What permissions can -// I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) +// for a new or existing object in an S3 bucket. You must have the WRITE_ACP +// permission to set the ACL of an object. For more information, see What permissions +// can I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) // in the Amazon S3 User Guide. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Depending on your application needs, you can choose to set the ACL on an // object using either the request body or the headers. For example, if you @@ -9864,10 +10694,12 @@ func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *req // PutObjectLegalHold API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Applies a legal hold configuration to the specified object. For more information, // see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9944,6 +10776,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration // PutObjectLockConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Places an Object Lock configuration on the specified bucket. The rule specified // in the Object Lock configuration will be applied by default to every new // object placed in the specified bucket. For more information, see Locking @@ -9954,8 +10788,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration // - The DefaultRetention period can be either Days or Years but you must // select one. You cannot specify Days and Years at the same time. // -// - You can only enable Object Lock for new buckets. If you want to turn -// on Object Lock for an existing bucket, contact Amazon Web Services Support. +// - You can enable Object Lock for new or existing buckets. For more information, +// see Configuring Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10032,13 +10866,15 @@ func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *req // PutObjectRetention API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Places an Object Retention configuration on an object. For more information, // see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // Users or accounts require the s3:PutObjectRetention permission in order to // place an Object Retention configuration on objects. Bypassing a Governance // Retention configuration requires the s3:BypassGovernanceRetention permission. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10115,12 +10951,15 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // PutObjectTagging API operation for Amazon Simple Storage Service. // -// Sets the supplied tag-set to an object that already exists in a bucket. +// This operation is not supported by directory buckets. // -// A tag is a key-value pair. You can associate tags with an object by sending -// a PUT request against the tagging subresource that is associated with the -// object. You can retrieve tags by sending a GET request. For more information, -// see GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). +// Sets the supplied tag-set to an object that already exists in a bucket. A +// tag is a key-value pair. For more information, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). +// +// You can associate tags with an object by sending a PUT request against the +// tagging subresource that is associated with the object. You can retrieve +// tags by sending a GET request. For more information, see GetObjectTagging +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). // // For tagging-related restrictions related to characters and encodings, see // Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html). @@ -10133,22 +10972,20 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // To put tags of any other version, use the versionId query parameter. You // also need permission for the s3:PutObjectVersionTagging action. // -// For information about the Amazon S3 object tagging feature, see Object Tagging -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). -// -// PutObjectTagging has the following special errors: +// PutObjectTagging has the following special errors. For more Amazon S3 errors +// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // -// - Code: InvalidTagError Cause: The tag provided was not a valid tag. This -// error can occur if the tag did not pass input validation. For more information, -// see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). +// - InvalidTag - The tag provided was not a valid tag. This error can occur +// if the tag did not pass input validation. For more information, see Object +// Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). // -// - Code: MalformedXMLError Cause: The XML provided does not match the schema. +// - MalformedXML - The XML provided does not match the schema. // -// - Code: OperationAbortedError Cause: A conflicting conditional action -// is currently in progress against this resource. Please try again. +// - OperationAborted - A conflicting conditional action is currently in +// progress against this resource. Please try again. // -// - Code: InternalError Cause: The service was unable to apply the provided -// tag to the object. +// - InternalError - The service was unable to apply the provided tag to +// the object. // // The following operations are related to PutObjectTagging: // @@ -10232,6 +11069,8 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req // PutPublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates or modifies the PublicAccessBlock configuration for an Amazon S3 // bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock // permission. For more information about Amazon S3 permissions, see Specifying @@ -10328,9 +11167,11 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // RestoreObject API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // # Restores an archived copy of an object back into Amazon S3 // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // This action performs the following types of requests: // @@ -10590,6 +11431,8 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // SelectObjectContent API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action filters the contents of an Amazon S3 object based on a simple // structured query language (SQL) statement. In the request, along with the // SQL expression, you must also specify a data serialization format (JSON, @@ -10598,7 +11441,7 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // SQL expression. You must also specify the data serialization format for the // response. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // For more information about Amazon S3 Select, see Selecting Content from Objects // (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html) @@ -10607,7 +11450,7 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // // # Permissions // -// You must have s3:GetObject permission for this operation. Amazon S3 Select +// You must have the s3:GetObject permission for this operation. Amazon S3 Select // does not support anonymous access. For more information about permissions, // see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) // in the Amazon S3 User Guide. @@ -10708,6 +11551,7 @@ func (c *S3) SelectObjectContentWithContext(ctx aws.Context, input *SelectObject } var _ awserr.Error +var _ time.Time // SelectObjectContentEventStream provides the event stream handling for the SelectObjectContent. // @@ -10919,15 +11763,15 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // // Uploads a part in a multipart upload. // -// In this operation, you provide part data in your request. However, you have -// an option to specify your existing Amazon S3 object as a data source for -// the part you are uploading. To upload a part from an existing object, you -// use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// In this operation, you provide new data as a part of an object in your request. +// However, you have an option to specify your existing Amazon S3 object as +// a data source for the part you are uploading. To upload a part from an existing +// object, you use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. // // You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)) // before you can upload any part. In response to your initiate request, Amazon -// S3 returns an upload ID, a unique identifier, that you must include in your +// S3 returns an upload ID, a unique identifier that you must include in your // upload part request. // // Part numbers can be any number from 1 to 10,000, inclusive. A part number @@ -10939,18 +11783,8 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) // in the Amazon S3 User Guide. // -// To ensure that data is not corrupted when traversing the network, specify -// the Content-MD5 header in the upload part request. Amazon S3 checks the part -// data against the provided MD5 value. If they do not match, Amazon S3 returns -// an error. -// -// If the upload request is signed with Signature Version 4, then Amazon Web -// Services S3 uses the x-amz-content-sha256 header as a checksum instead of -// Content-MD5. For more information see Authenticating Requests: Using the -// Authorization Header (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). -// -// Note: After you initiate multipart upload and upload one or more parts, you -// must either complete or abort multipart upload in order to stop getting charged +// After you initiate multipart upload and upload one or more parts, you must +// either complete or abort multipart upload in order to stop getting charged // for storage of the uploaded parts. Only after you either complete or abort // multipart upload, Amazon S3 frees up the parts storage and stops charging // you for the parts storage. @@ -10959,50 +11793,88 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the // Amazon S3 User Guide . // -// For information on the permissions required to use the multipart upload API, -// go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// in the Amazon S3 User Guide. -// -// Server-side encryption is for data encryption at rest. Amazon S3 encrypts -// your data as it writes it to disks in its data centers and decrypts it when -// you access it. You have three mutually exclusive options to protect data -// using server-side encryption in Amazon S3, depending on how you choose to -// manage the encryption keys. Specifically, the encryption key options are -// Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), -// and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side -// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally -// tell Amazon S3 to encrypt data at rest using server-side encryption with -// other key options. The option you use depends on whether you want to use -// KMS keys (SSE-KMS) or provide your own encryption key (SSE-C). If you choose -// to provide your own encryption key, the request headers you provide in the -// request must match the headers you used in the request to initiate the upload -// by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). -// For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// Server-side encryption is supported by the S3 Multipart Upload actions. Unless -// you are using a customer-provided encryption key (SSE-C), you don't need -// to specify the encryption parameters in each UploadPart request. Instead, -// you only need to specify the server-side encryption parameters in the initial -// Initiate Multipart request. For more information, see CreateMultipartUpload -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// Permissions // -// If you requested server-side encryption using a customer-provided encryption -// key (SSE-C) in your initiate multipart upload request, you must provide identical -// encryption information in each part upload using the following headers. +// - General purpose bucket permissions - For information on the permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. // -// - x-amz-server-side-encryption-customer-algorithm +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Data integrity +// +// General purpose bucket - To ensure that data is not corrupted traversing +// the network, specify the Content-MD5 header in the upload part request. Amazon +// S3 checks the part data against the provided MD5 value. If they do not match, +// Amazon S3 returns an error. If the upload request is signed with Signature +// Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header +// as a checksum instead of Content-MD5. For more information see Authenticating +// Requests: Using the Authorization Header (Amazon Web Services Signature Version +// 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). +// +// Directory buckets - MD5 is not supported by directory buckets. You can use +// checksum algorithms to check object integrity. +// +// Encryption +// +// - General purpose bucket - Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its +// data centers and decrypts it when you access it. You have mutually exclusive +// options to protect data using server-side encryption in Amazon S3, depending +// on how you choose to manage the encryption keys. Specifically, the encryption +// key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS +// keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts +// data with server-side encryption using Amazon S3 managed keys (SSE-S3) +// by default. You can optionally tell Amazon S3 to encrypt data at rest +// using server-side encryption with other key options. The option you use +// depends on whether you want to use KMS keys (SSE-KMS) or provide your +// own encryption key (SSE-C). Server-side encryption is supported by the +// S3 Multipart Upload operations. Unless you are using a customer-provided +// encryption key (SSE-C), you don't need to specify the encryption parameters +// in each UploadPart request. Instead, you only need to specify the server-side +// encryption parameters in the initial Initiate Multipart request. For more +// information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// If you request server-side encryption using a customer-provided encryption +// key (SSE-C) in your initiate multipart upload request, you must provide +// identical encryption information in each part upload using the following +// request headers. x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key +// x-amz-server-side-encryption-customer-key-MD5 +// +// - Directory bucket - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. +// +// For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) +// in the Amazon S3 User Guide. // -// - x-amz-server-side-encryption-customer-key +// Special errors // -// - x-amz-server-side-encryption-customer-key-MD5 +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// SOAP Fault Code Prefix: Client // -// UploadPart has the following special errors: +// # HTTP Host header syntax // -// - Code: NoSuchUpload Cause: The specified multipart upload does not exist. -// The upload ID might be invalid, or the multipart upload might have been -// aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault Code -// Prefix: Client +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to UploadPart: // @@ -11087,81 +11959,105 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req // UploadPartCopy API operation for Amazon Simple Storage Service. // -// Uploads a part by copying data from an existing object as data source. You -// specify the data source by adding the request header x-amz-copy-source in -// your request and a byte range by adding the request header x-amz-copy-source-range +// Uploads a part by copying data from an existing object as data source. To +// specify the data source, you add the request header x-amz-copy-source in +// your request. To specify a byte range, you add the request header x-amz-copy-source-range // in your request. // // For information about maximum and minimum part sizes and other multipart // upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) // in the Amazon S3 User Guide. // -// Instead of using an existing object as part data, you might use the UploadPart -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) action -// and provide data in your request. +// Instead of copying data from an existing object as part data, you might use +// the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// action to upload new data as a part of an object in your request. // // You must initiate a multipart upload before you can upload any part. In response -// to your initiate request. Amazon S3 returns a unique identifier, the upload -// ID, that you must include in your upload part request. +// to your initiate request, Amazon S3 returns the upload ID, a unique identifier +// that you must include in your upload part request. +// +// For conceptual information about multipart uploads, see Uploading Objects +// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. For information about copying objects using +// a single atomic action vs. a multipart upload, see Operations on Objects +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) in +// the Amazon S3 User Guide. // -// For more information about using the UploadPartCopy operation, see the following: +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// - For conceptual information about multipart uploads, see Uploading Objects -// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) -// in the Amazon S3 User Guide. +// # Authentication and authorization // -// - For information about permissions required to use the multipart upload -// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// in the Amazon S3 User Guide. +// All UploadPartCopy requests must be authenticated and signed by using IAM +// credentials (access key ID and secret access key for the IAM identities). +// All headers with the x-amz- prefix, including x-amz-copy-source, must be +// signed. For more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). // -// - For information about copying objects using a single atomic action vs. -// a multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) -// in the Amazon S3 User Guide. +// Directory buckets - You must use IAM credentials to authenticate and authorize +// your access to the UploadPartCopy API operation, instead of using the temporary +// security credentials through the CreateSession API operation. // -// - For information about using server-side encryption with customer-provided -// encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) -// and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. // -// Note the following additional considerations about the request headers x-amz-copy-source-if-match, -// x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and -// x-amz-copy-source-if-modified-since: +// # Permissions // -// - Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request as follows: x-amz-copy-source-if-match -// condition evaluates to true, and; x-amz-copy-source-if-unmodified-since -// condition evaluates to false; Amazon S3 returns 200 OK and copies the -// data. +// You must have READ access to the source object and WRITE access to the destination +// bucket. // -// - Consideration 2 - If both of the x-amz-copy-source-if-none-match and -// x-amz-copy-source-if-modified-since headers are present in the request -// as follows: x-amz-copy-source-if-none-match condition evaluates to false, -// and; x-amz-copy-source-if-modified-since condition evaluates to true; -// Amazon S3 returns 412 Precondition Failed response code. +// - General purpose bucket permissions - You must have the permissions in +// a policy based on the bucket types of your source bucket and destination +// bucket in an UploadPartCopy operation. If the source object is in a general +// purpose bucket, you must have the s3:GetObject permission to read the +// source object that is being copied. If the destination bucket is a general +// purpose bucket, you must have the s3:PubObject permission to write the +// object copy to the destination bucket. For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. // -// # Versioning +// - Directory bucket permissions - You must have permissions in a bucket +// policy or an IAM identity-based policy based on the source and destination +// bucket types in an UploadPartCopy operation. If the source object that +// you want to copy is in a directory bucket, you must have the s3express:CreateSession +// permission in the Action element of a policy to read the object . By default, +// the session is in the ReadWrite mode. If you want to restrict the access, +// you can explicitly set the s3express:SessionMode condition key to ReadOnly +// on the copy source bucket. If the copy destination is a directory bucket, +// you must have the s3express:CreateSession permission in the Action element +// of a policy to write the object to the destination. The s3express:SessionMode +// condition key cannot be set to ReadOnly on the copy destination. For example +// policies, see Example bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. // -// If your bucket has versioning enabled, you could have multiple versions of -// the same object. By default, x-amz-copy-source identifies the current version -// of the object to copy. If the current version is a delete marker and you -// don't specify a versionId in the x-amz-copy-source, Amazon S3 returns a 404 -// error, because the object does not exist. If you specify versionId in the -// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns -// an HTTP 400 error, because you are not allowed to specify a delete marker -// as a version for the x-amz-copy-source. +// Encryption // -// You can optionally specify a specific version of the source object to copy -// by adding the versionId subresource as shown in the following example: +// - General purpose buckets - For information about using server-side encryption +// with customer-provided encryption keys with the UploadPartCopy operation, +// see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). // -// x-amz-copy-source: /bucket/object?versionId=version id +// - Directory buckets - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // // Special errors // -// - Code: NoSuchUpload Cause: The specified multipart upload does not exist. -// The upload ID might be invalid, or the multipart upload might have been -// aborted or completed. HTTP Status Code: 404 Not Found +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// +// - Error Code: InvalidRequest Description: The specified copy source is +// not supported as a byte-range copy source. HTTP Status Code: 400 Bad Request +// +// # HTTP Host header syntax // -// - Code: InvalidRequest Cause: The specified copy source is not supported -// as a byte-range copy source. HTTP Status Code: 400 Bad Request +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to UploadPartCopy: // @@ -11254,6 +12150,8 @@ func (c *S3) WriteGetObjectResponseRequest(input *WriteGetObjectResponseInput) ( // WriteGetObjectResponse API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Passes transformed objects to a GetObject operation when using Object Lambda // access points. For information about Object Lambda access points, see Transforming // objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html) @@ -11368,27 +12266,41 @@ type AbortMultipartUploadInput struct { // The bucket name to which the upload was taking place. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Key of the object for which the multipart upload was initiated. @@ -11397,10 +12309,14 @@ type AbortMultipartUploadInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Upload ID that identifies the multipart upload. @@ -11521,6 +12437,8 @@ type AbortMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -12055,9 +12973,7 @@ func (s *AnalyticsS3BucketDestination) SetPrefix(v string) *AnalyticsS3BucketDes return s } -// In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name -// is globally unique, and the namespace is shared by all Amazon Web Services -// accounts. +// In terms of implementation, a Bucket is a resource. type Bucket struct { _ struct{} `type:"structure"` @@ -12099,6 +13015,51 @@ func (s *Bucket) SetName(v string) *Bucket { return s } +// Specifies the information about the bucket that will be created. For more +// information about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// This functionality is only supported by directory buckets. +type BucketInfo struct { + _ struct{} `type:"structure"` + + // The number of Availability Zone that's used for redundancy for the bucket. + DataRedundancy *string `type:"string" enum:"DataRedundancy"` + + // The type of bucket. + Type *string `type:"string" enum:"BucketType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BucketInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BucketInfo) GoString() string { + return s.String() +} + +// SetDataRedundancy sets the DataRedundancy field's value. +func (s *BucketInfo) SetDataRedundancy(v string) *BucketInfo { + s.DataRedundancy = &v + return s +} + +// SetType sets the Type field's value. +func (s *BucketInfo) SetType(v string) *BucketInfo { + s.Type = &v + return s +} + // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) // in the Amazon S3 User Guide. @@ -12570,34 +13531,42 @@ type Checksum struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` } @@ -12757,19 +13726,33 @@ type CompleteMultipartUploadInput struct { // Name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -12803,9 +13786,9 @@ type CompleteMultipartUploadInput struct { // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -12817,16 +13800,23 @@ type CompleteMultipartUploadInput struct { MultipartUpload *CompletedMultipartUpload `locationName:"CompleteMultipartUpload" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The server-side encryption (SSE) algorithm used to encrypt the object. This - // parameter is needed only when the object was created using a checksum algorithm. - // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // parameter is required only when the object was created using a checksum algorithm + // or if your bucket policy requires the use of SSE-C. For more information, + // see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // The server-side encryption (SSE) customer managed key. This parameter is @@ -12834,6 +13824,8 @@ type CompleteMultipartUploadInput struct { // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CompleteMultipartUploadInput's // String and GoString methods. @@ -12843,6 +13835,8 @@ type CompleteMultipartUploadInput struct { // is needed only when the object was created using a checksum algorithm. For // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // ID for the initiated multipart upload. @@ -13019,55 +14013,52 @@ type CompleteMultipartUploadOutput struct { // The name of the bucket that contains the newly created object. Does not return // the access point ARN or access point alias if used. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // Access points are not supported by directory buckets. Bucket *string `type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -13083,6 +14074,8 @@ type CompleteMultipartUploadOutput struct { // If the object expiration is configured, this will contain the expiration // date (expiry-date) and rule ID (rule-id). The value of rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The object key of the newly created object. @@ -13093,11 +14086,15 @@ type CompleteMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CompleteMultipartUploadOutput's // String and GoString methods. @@ -13105,10 +14102,15 @@ type CompleteMultipartUploadOutput struct { // The server-side encryption algorithm used when storing this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created object, in case the bucket has versioning // turned on. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -13261,34 +14263,42 @@ type CompletedPart struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -13297,6 +14307,16 @@ type CompletedPart struct { // Part number that identifies the part. This is a positive integer between // 1 and 10,000. + // + // * General purpose buckets - In CompleteMultipartUpload, when a additional + // checksum (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, + // or x-amz-checksum-sha256) is applied to each part, the PartNumber must + // start at 1 and the part numbers must be consecutive. Otherwise, Amazon + // S3 generates an HTTP 400 Bad Request status code and an InvalidPartOrder + // error code. + // + // * Directory buckets - In CompleteMultipartUpload, the PartNumber must + // start at 1 and the part numbers must be consecutive. PartNumber *int64 `type:"integer"` } @@ -13456,26 +14476,60 @@ func (s *ContinuationEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg even type CopyObjectInput struct { _ struct{} `locationName:"CopyObjectRequest" type:"structure"` - // The canned ACL to apply to the object. + // The canned access control list (ACL) to apply to the object. + // + // When you copy an object, the ACL metadata is not preserved and is set to + // private by default. Only the owner has full access control. To override the + // default ACL setting, specify a new ACL when you generate a copy request. + // For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). + // + // If the destination bucket that you're copying objects to uses the bucket + // owner enforced setting for S3 Object Ownership, ACLs are disabled and no + // longer affect permissions. Buckets that use this setting only accept PUT + // requests that don't specify an ACL or PUT requests that specify bucket owner + // full control ACLs, such as the bucket-owner-full-control canned ACL or an + // equivalent form of this ACL expressed in the XML format. For more information, + // see Controlling ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // * If your destination bucket uses the bucket owner enforced setting for + // Object Ownership, all objects written to the bucket by any account will + // be owned by the bucket owner. + // + // * This functionality is not supported for directory buckets. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // The name of the destination bucket. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -13483,44 +14537,73 @@ type CopyObjectInput struct { // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the + // object. + // // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for - // object encryption with SSE-KMS. + // object encryption with SSE-KMS. Specifying this header with a COPY action + // doesn’t affect bucket-level settings for S3 Bucket Key. // - // Specifying this header with a COPY action doesn’t affect bucket-level settings - // for S3 Bucket Key. + // For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` - // Specifies caching behavior along the request/reply chain. + // Specifies the caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm you want Amazon S3 to use to create the checksum + // Indicates the algorithm that you want Amazon S3 to use to create the checksum // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. + // + // When you copy an object, if the source object has a checksum, that checksum + // value will be copied to the new object by default. If the CopyObject request + // does not include this x-amz-checksum-algorithm header, the checksum algorithm + // will be copied from the source object to the destination object (if it's + // present on the source object). You can optionally specify a different checksum + // algorithm to use with the x-amz-checksum-algorithm header. Unrecognized or + // unsupported values will respond with the HTTP status code 400 Bad Request. + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // Specifies presentational information for the object. + // Specifies presentational information for the object. Indicates whether an + // object should be displayed in a web browser or downloaded as a file. It allows + // specifying the desired filename for the downloaded file. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. + // + // For directory buckets, only the aws-chunked value is supported in this header + // field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` // The language the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` - // A standard MIME type describing the format of the object data. + // A standard MIME type that describes the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // Specifies the source object for the copy operation. You specify the value - // in one of two formats, depending on whether you want to access the source - // object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): + // Specifies the source object for the copy operation. The source object can + // be up to 5 GB. If the source object is an object that was uploaded by using + // a multipart upload, the object copy will be a single part object after the + // source object is copied to the destination bucket. + // + // You specify the value of the copy source in one of two formats, depending + // on whether you want to access the source object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): // // * For objects not accessed through an access point, specify the name of // the source bucket and the key of the source object, separated by a slash - // (/). For example, to copy the object reports/january.pdf from the bucket - // awsexamplebucket, use awsexamplebucket/reports/january.pdf. The value - // must be URL-encoded. + // (/). For example, to copy the object reports/january.pdf from the general + // purpose bucket awsexamplebucket, use awsexamplebucket/reports/january.pdf. + // The value must be URL-encoded. To copy the object reports/january.pdf + // from the directory bucket awsexamplebucket--use1-az5--x-s3, use awsexamplebucket--use1-az5--x-s3/reports/january.pdf. + // The value must be URL-encoded. // // * For objects accessed through access points, specify the Amazon Resource // Name (ARN) of the object as accessed through the access point, in the @@ -13529,43 +14612,104 @@ type CopyObjectInput struct { // my-access-point owned by account 123456789012 in Region us-west-2, use // the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. // The value must be URL encoded. Amazon S3 supports copy operations using - // access points only when the source and destination buckets are in the - // same Amazon Web Services Region. Alternatively, for objects accessed through - // Amazon S3 on Outposts, specify the ARN of the object as accessed in the - // format arn:aws:s3-outposts:::outpost//object/. + // Access points only when the source and destination buckets are in the + // same Amazon Web Services Region. Access points are not supported by directory + // buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, + // specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. // For example, to copy the object reports/january.pdf through outpost my-outpost // owned by account 123456789012 in Region us-west-2, use the URL encoding // of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. // The value must be URL-encoded. // - // To copy a specific version of an object, append ?versionId= to - // the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + // If your source bucket versioning is enabled, the x-amz-copy-source header + // by default identifies the current version of an object to copy. If the current + // version is a delete marker, Amazon S3 behaves as if the object was deleted. + // To copy a different version, use the versionId query parameter. Specifically, + // append ?versionId= to the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). // If you don't specify a version ID, Amazon S3 copies the latest version of // the source object. // + // If you enable versioning on the destination bucket, Amazon S3 generates a + // unique version ID for the copied object. This version ID is different from + // the version ID of the source object. Amazon S3 returns the version ID of + // the copied object in the x-amz-version-id response header in the response. + // + // If you do not enable versioning or suspend it on the destination bucket, + // the version ID that Amazon S3 generates in the x-amz-version-id response + // header is always null. + // + // Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. + // // CopySource is a required field CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"` // Copies the object if its entity tag (ETag) matches the specified tag. + // + // If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // + // * x-amz-copy-source-if-match condition evaluates to true + // + // * x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"` // Copies the object if it has been modified since the specified time. + // + // If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // the 412 Precondition Failed response code: + // + // * x-amz-copy-source-if-none-match condition evaluates to false + // + // * x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"` // Copies the object if its entity tag (ETag) is different than the specified // ETag. + // + // If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // the 412 Precondition Failed response code: + // + // * x-amz-copy-source-if-none-match condition evaluates to false + // + // * x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"` // Copies the object if it hasn't been modified since the specified time. + // + // If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // + // * x-amz-copy-source-if-match condition evaluates to true + // + // * x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` // Specifies the algorithm to use when decrypting the source object (for example, // AES256). + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt - // the source object. The encryption key provided in this header must be one - // that was used when the source object was created. + // the source object. The encryption key provided in this header must be the + // same one that was used when the source object was created. + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. // // CopySourceSSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's @@ -13575,16 +14719,23 @@ type CopyObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` - // The account ID of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request fails with the HTTP status - // code 403 Forbidden (access denied). + // The account ID of the expected destination bucket owner. If the account ID + // that you provide does not match the actual owner of the destination bucket, + // the request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The account ID of the expected source bucket owner. If the source bucket - // is owned by a different account, the request fails with the HTTP status code - // 403 Forbidden (access denied). + // The account ID of the expected source bucket owner. If the account ID that + // you provide does not match the actual owner of the source bucket, the request + // fails with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. @@ -13592,22 +14743,30 @@ type CopyObjectInput struct { // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // The key of the destination object. @@ -13619,35 +14778,69 @@ type CopyObjectInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether the metadata is copied from the source object or replaced - // with metadata provided in the request. + // with metadata that's provided in the request. When copying an object, you + // can preserve all metadata (the default) or specify new metadata. If this + // header isn’t specified, COPY is the default behavior. + // + // General purpose bucket - For general purpose buckets, when you grant permissions, + // you can use the s3:x-amz-metadata-directive condition key to enforce certain + // metadata behavior when objects are uploaded. For more information, see Amazon + // S3 condition key examples (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) + // in the Amazon S3 User Guide. + // + // x-amz-website-redirect-location is unique to each object and is not copied + // when using the x-amz-metadata-directive header. To copy the value, you must + // specify x-amz-website-redirect-location in the request header. MetadataDirective *string `location:"header" locationName:"x-amz-metadata-directive" type:"string" enum:"MetadataDirective"` - // Specifies whether you want to apply a legal hold to the copied object. + // Specifies whether you want to apply a legal hold to the object copy. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode that you want to apply to the copied object. + // The Object Lock mode that you want to apply to the object copy. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when you want the copied object's Object Lock to expire. + // The date and time when you want the Object Lock of the object copy to expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting + // in your request is different from the default encryption configuration of + // the destination bucket, the encryption setting in your request takes precedence. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting - // data. This value is used to store the object and then it is discarded; Amazon + // data. This value is used to store the object and then it is discarded. Amazon // S3 does not store the encryption key. The key must be appropriate for use // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. @@ -13656,55 +14849,201 @@ type CopyObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding - // JSON with the encryption context key-value pairs. + // JSON with the encryption context key-value pairs. This value must be explicitly + // added to specify encryption context for CopyObject requests. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the KMS key ID to use for object encryption. All GET and PUT requests - // for an object protected by KMS will fail if they're not made via SSL or using - // SigV4. For information about configuring any of the officially supported - // Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the - // Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) + // Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object encryption. + // All GET and PUT requests for an object protected by KMS will fail if they're + // not made via SSL or using SigV4. For information about configuring any of + // the officially supported Amazon Web Services SDKs and Amazon Web Services + // CLI, see Specifying the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) // in the Amazon S3 User Guide. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // S3 (for example, AES256, aws:kms, aws:kms:dsse). Unrecognized or unsupported + // values won’t write a destination object and will receive a 400 Bad Request + // response. + // + // Amazon S3 automatically encrypts all new objects that are copied to an S3 + // bucket. When copying an object, if you don't specify encryption information + // in your copy request, the encryption setting of the target object is set + // to the default encryption configuration of the destination bucket. By default, + // all buckets have a base level of encryption configuration that uses server-side + // encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket + // has a default encryption configuration that uses server-side encryption with + // Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption + // with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with + // customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding + // KMS key, or a customer-provided key to encrypt the target object copy. + // + // When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting + // in your request is different from the default encryption configuration of + // the destination bucket, the encryption setting in your request takes precedence. + // + // With server-side encryption, Amazon S3 encrypts your data as it writes your + // data to disks in its data centers and decrypts the data when you access it. + // For more information about server-side encryption, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) + // in the Amazon S3 User Guide. + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` - // By default, Amazon S3 uses the STANDARD Storage Class to store newly created - // objects. The STANDARD storage class provides high durability and high availability. - // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // If the x-amz-storage-class header is not used, the copied object will be + // stored in the STANDARD Storage Class by default. The STANDARD storage class + // provides high durability and high availability. Depending on performance + // needs, you can specify a different Storage Class. + // + // * Directory buckets - For directory buckets, only the S3 Express One Zone + // storage class is supported to store newly created objects. Unsupported + // storage class values won't write a destination object and will respond + // with the HTTP status code 400 Bad Request. + // + // * Amazon S3 on Outposts - S3 on Outposts only uses the OUTPOSTS Storage + // Class. + // + // You can use the CopyObject action to change the storage class of an object + // that is already stored in Amazon S3 by using the x-amz-storage-class header. + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // in the Amazon S3 User Guide. + // + // Before using an object as a source object for the copy operation, you must + // restore a copy of it if it meets any of the following conditions: + // + // * The storage class of the source object is GLACIER or DEEP_ARCHIVE. + // + // * The storage class of the source object is INTELLIGENT_TIERING and it's + // S3 Intelligent-Tiering access tier (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition) + // is Archive Access or Deep Archive Access. + // + // For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) + // and Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html) // in the Amazon S3 User Guide. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The tag-set for the object destination object this value must be used in - // conjunction with the TaggingDirective. The tag-set must be encoded as URL - // Query parameters. + // The tag-set for the object copy in the destination bucket. This value must + // be used in conjunction with the x-amz-tagging-directive if you choose REPLACE + // for the x-amz-tagging-directive. If you choose COPY for the x-amz-tagging-directive, + // you don't need to set the x-amz-tagging header, because the tag-set will + // be copied from the source object directly. The tag-set must be encoded as + // URL Query parameters. + // + // The default value is the empty value. + // + // Directory buckets - For directory buckets in a CopyObject operation, only + // the empty tag-set is supported. Any requests that attempt to write non-empty + // tags into directory buckets will receive a 501 Not Implemented status code. + // When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // + // * When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // + // * When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging. + // + // * When you don't set the x-amz-tagging-directive header and the source + // object has non-empty tags. This is because the default value of x-amz-tagging-directive + // is COPY. + // + // Because only the empty tag-set is supported for directory buckets in a CopyObject + // operation, the following situations are allowed: + // + // * When you attempt to COPY the tag-set from a directory bucket source + // object that has no tags to a general purpose bucket. It copies an empty + // tag-set to the destination object. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and set the x-amz-tagging value of the directory bucket destination + // object to empty. + // + // * When you attempt to REPLACE the tag-set of a general purpose bucket + // source object that has non-empty tags and set the x-amz-tagging value + // of the directory bucket destination object to empty. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty + // value. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` - // Specifies whether the object tag-set are copied from the source object or - // replaced with tag-set provided in the request. + // Specifies whether the object tag-set is copied from the source object or + // replaced with the tag-set that's provided in the request. + // + // The default value is COPY. + // + // Directory buckets - For directory buckets in a CopyObject operation, only + // the empty tag-set is supported. Any requests that attempt to write non-empty + // tags into directory buckets will receive a 501 Not Implemented status code. + // When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // + // * When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // + // * When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging. + // + // * When you don't set the x-amz-tagging-directive header and the source + // object has non-empty tags. This is because the default value of x-amz-tagging-directive + // is COPY. + // + // Because only the empty tag-set is supported for directory buckets in a CopyObject + // operation, the following situations are allowed: + // + // * When you attempt to COPY the tag-set from a directory bucket source + // object that has no tags to a general purpose bucket. It copies an empty + // tag-set to the destination object. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and set the x-amz-tagging value of the directory bucket destination + // object to empty. + // + // * When you attempt to REPLACE the tag-set of a general purpose bucket + // source object that has non-empty tags and set the x-amz-tagging value + // of the directory bucket destination object to empty. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty + // value. TaggingDirective *string `location:"header" locationName:"x-amz-tagging-directive" type:"string" enum:"TaggingDirective"` - // If the bucket is configured as a website, redirects requests for this object - // to another object in the same bucket or to an external URL. Amazon S3 stores - // the value of this header in the object metadata. This value is unique to - // each object and is not copied when using the x-amz-metadata-directive header. - // Instead, you may opt to provide this header in combination with the directive. + // If the destination bucket is configured as a website, redirects requests + // for this object copy to another object in the same bucket or to an external + // URL. Amazon S3 stores the value of this header in the object metadata. This + // value is unique to each object and is not copied when using the x-amz-metadata-directive + // header. Instead, you may opt to provide this header in combination with the + // x-amz-metadata-directive header. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -14050,53 +15389,75 @@ type CopyObjectOutput struct { // Indicates whether the copied object uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. CopyObjectResult *CopyObjectResult `type:"structure"` - // Version of the copied object in the destination bucket. + // Version ID of the source object that was copied. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"` // If the object expiration is configured, the response includes this header. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 // string holding JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created copy. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -14189,34 +15550,26 @@ type CopyObjectResult struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -14287,34 +15640,42 @@ type CopyPartResult struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -14383,8 +15744,29 @@ func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult { type CreateBucketConfiguration struct { _ struct{} `type:"structure"` - // Specifies the Region where the bucket will be created. If you don't specify - // a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1). + // Specifies the information about the bucket that will be created. + // + // This functionality is only supported by directory buckets. + Bucket *BucketInfo `type:"structure"` + + // Specifies the location where the bucket will be created. + // + // For directory buckets, the location type is Availability Zone. + // + // This functionality is only supported by directory buckets. + Location *LocationInfo `type:"structure"` + + // Specifies the Region where the bucket will be created. You might choose a + // Region to optimize latency, minimize costs, or address regulatory requirements. + // For example, if you reside in Europe, you will probably find it advantageous + // to create buckets in the Europe (Ireland) Region. For more information, see + // Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro) + // in the Amazon S3 User Guide. + // + // If you don't specify a Region, the bucket is created in the US East (N. Virginia) + // Region (us-east-1) by default. + // + // This functionality is not supported for directory buckets. LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"` } @@ -14406,6 +15788,22 @@ func (s CreateBucketConfiguration) GoString() string { return s.String() } +// SetBucket sets the Bucket field's value. +func (s *CreateBucketConfiguration) SetBucket(v *BucketInfo) *CreateBucketConfiguration { + s.Bucket = v + return s +} + +func (s *CreateBucketConfiguration) getBucket() (v *BucketInfo) { + return s.Bucket +} + +// SetLocation sets the Location field's value. +func (s *CreateBucketConfiguration) SetLocation(v *LocationInfo) *CreateBucketConfiguration { + s.Location = v + return s +} + // SetLocationConstraint sets the LocationConstraint field's value. func (s *CreateBucketConfiguration) SetLocationConstraint(v string) *CreateBucketConfiguration { s.LocationConstraint = &v @@ -14416,10 +15814,25 @@ type CreateBucketInput struct { _ struct{} `locationName:"CreateBucketRequest" type:"structure" payload:"CreateBucketConfiguration"` // The canned ACL to apply to the bucket. + // + // This functionality is not supported for directory buckets. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"` // The name of the bucket to create. // + // General purpose buckets - For information about bucket naming restrictions, + // see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -14428,24 +15841,36 @@ type CreateBucketInput struct { // Allows grantee the read, write, read ACP, and write ACP permissions on the // bucket. + // + // This functionality is not supported for directory buckets. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to list the objects in the bucket. + // + // This functionality is not supported for directory buckets. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the bucket ACL. + // + // This functionality is not supported for directory buckets. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to create new objects in the bucket. // // For the bucket and object owners of existing objects, also allows deletions // and overwrites of those objects. + // + // This functionality is not supported for directory buckets. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. + // + // This functionality is not supported for directory buckets. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Specifies whether you want S3 Object Lock to be enabled for the new bucket. + // + // This functionality is not supported for directory buckets. ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"` // The container element for object ownership for a bucket's ownership controls. @@ -14460,8 +15885,19 @@ type CreateBucketInput struct { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that - // don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control - // canned ACL or an equivalent form of this ACL expressed in the XML format. + // don't specify an ACL or specify bucket owner full control ACLs (such as the + // predefined bucket-owner-full-control canned ACL or a custom ACL in XML format + // that grants the same permissions). + // + // By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. + // We recommend keeping ACLs disabled, except in uncommon use cases where you + // must control access for each object individually. For more information about + // S3 Object Ownership, see Controlling ownership of objects and disabling ACLs + // for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Directory buckets + // use the bucket owner enforced setting for S3 Object Ownership. ObjectOwnership *string `location:"header" locationName:"x-amz-object-ownership" type:"string" enum:"ObjectOwnership"` } @@ -14600,26 +16036,54 @@ func (s *CreateBucketOutput) SetLocation(v string) *CreateBucketOutput { type CreateMultipartUploadInput struct { _ struct{} `locationName:"CreateMultipartUploadRequest" type:"structure"` - // The canned ACL to apply to the object. + // The canned ACL to apply to the object. Amazon S3 supports a set of predefined + // ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees + // and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can grant access permissions to individual + // Amazon Web Services accounts or to predefined groups defined by Amazon S3. + // These permissions are then added to the access control list (ACL) on the + // new object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). + // One way to grant the permissions using the request headers is to specify + // a canned ACL with the x-amz-acl request header. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` - // The name of the bucket to which to initiate the upload + // The name of the bucket where the multipart upload is initiated and where + // the object is uploaded. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -14632,12 +16096,14 @@ type CreateMultipartUploadInput struct { // // Specifying this header with an object action doesn’t affect bucket-level // settings for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm you want Amazon S3 to use to create the checksum + // Indicates the algorithm that you want Amazon S3 to use to create the checksum // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` @@ -14648,40 +16114,175 @@ type CreateMultipartUploadInput struct { // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. + // + // For directory buckets, only the aws-chunked value is supported in this header + // field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` - // The language the content is in. + // The language that the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` // A standard MIME type describing the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"` - // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. + // Specify access permissions explicitly to give the grantee READ, READ_ACP, + // and WRITE_ACP permissions on the object. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account // - // This action is not supported by Amazon S3 on Outposts. + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` - // Allows grantee to read the object data and its metadata. + // Specify access permissions explicitly to allow grantee to read the object + // data and its metadata. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. // - // This action is not supported by Amazon S3 on Outposts. + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` - // Allows grantee to read the object ACL. + // Specify access permissions explicitly to allows grantee to read the object + // ACL. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to write the ACL for the applicable object. + // Specify access permissions explicitly to allows grantee to allow grantee + // to write the ACL for the applicable object. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. // - // This action is not supported by Amazon S3 on Outposts. + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Object key for which the multipart upload is to be initiated. @@ -14693,23 +16294,34 @@ type CreateMultipartUploadInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether you want to apply a legal hold to the uploaded object. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // Specifies the Object Lock mode that you want to apply to the uploaded object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // Specifies the date and time when you want the Object Lock to expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -14718,56 +16330,70 @@ type CreateMultipartUploadInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity + // check to ensure that the encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding // JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the ID of the symmetric encryption customer managed key to use - // for object encryption. All GET and PUT requests for an object protected by - // KMS will fail if they're not made via SSL or using SigV4. For information - // about configuring any of the officially supported Amazon Web Services SDKs - // and Amazon Web Services CLI, see Specifying the Signature Version in Request - // Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 User Guide. + // Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric encryption + // customer managed key to use for object encryption. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -15040,38 +16666,32 @@ type CreateMultipartUploadOutput struct { // name in the request, the response includes this header. The header indicates // when the initiated multipart upload becomes eligible for an abort operation. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // in the Amazon S3 User Guide. // // The response also includes the x-amz-abort-rule-id header that provides the - // ID of the lifecycle configuration rule that defines this action. + // ID of the lifecycle configuration rule that defines the abort action. + // + // This functionality is not supported for directory buckets. AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"` // This header is returned along with the x-amz-abort-date header. It identifies // the applicable lifecycle configuration rule that defines the action to abort // incomplete multipart uploads. + // + // This functionality is not supported for directory buckets. AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` // The name of the bucket to which the multipart upload was initiated. Does // not return the access point ARN or access point alias if used. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // Access points are not supported by directory buckets. Bucket *string `locationName:"Bucket" type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The algorithm that was used to create a checksum of the object. @@ -15082,37 +16702,50 @@ type CreateMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 // string holding JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // ID for the initiated multipart upload. @@ -15222,6 +16855,136 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo return s } +type CreateSessionInput struct { + _ struct{} `locationName:"CreateSessionRequest" type:"structure"` + + // The name of the bucket that you create a session for. + // + // Bucket is a required field + Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + + // Specifies the mode of the session that will be created, either ReadWrite + // or ReadOnly. By default, a ReadWrite session is created. A ReadWrite session + // is capable of executing all the Zonal endpoint APIs on a directory bucket. + // A ReadOnly session is constrained to execute the following Zonal endpoint + // APIs: GetObject, HeadObject, ListObjectsV2, GetObjectAttributes, ListParts, + // and ListMultipartUploads. + SessionMode *string `location:"header" locationName:"x-amz-create-session-mode" type:"string" enum:"SessionMode"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSessionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSessionInput"} + if s.Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("Bucket")) + } + if s.Bucket != nil && len(*s.Bucket) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Bucket", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBucket sets the Bucket field's value. +func (s *CreateSessionInput) SetBucket(v string) *CreateSessionInput { + s.Bucket = &v + return s +} + +func (s *CreateSessionInput) getBucket() (v string) { + if s.Bucket == nil { + return v + } + return *s.Bucket +} + +// SetSessionMode sets the SessionMode field's value. +func (s *CreateSessionInput) SetSessionMode(v string) *CreateSessionInput { + s.SessionMode = &v + return s +} + +func (s *CreateSessionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *CreateSessionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + +// updateArnableField updates the value of the input field that +// takes an ARN as an input. This method is useful to backfill +// the parsed resource name from ARN into the input member. +// It returns a pointer to a modified copy of input and an error. +// Note that original input is not modified. +func (s CreateSessionInput) updateArnableField(v string) (interface{}, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + s.Bucket = aws.String(v) + return &s, nil +} + +type CreateSessionOutput struct { + _ struct{} `type:"structure"` + + // The established temporary security credentials for the created session.. + // + // Credentials is a required field + Credentials *SessionCredentials `locationName:"Credentials" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionOutput) GoString() string { + return s.String() +} + +// SetCredentials sets the Credentials field's value. +func (s *CreateSessionOutput) SetCredentials(v *SessionCredentials) *CreateSessionOutput { + s.Credentials = v + return s +} + // The container element for specifying the default Object Lock retention settings // for new objects placed in the specified bucket. // @@ -15287,6 +17050,11 @@ type Delete struct { // The object to delete. // + // Directory buckets - For directory buckets, an object that's composed entirely + // of whitespace characters is not supported by the DeleteObjects API operation. + // The request will receive a 400 Bad Request error and none of the objects + // in the request will be deleted. + // // Objects is a required field Objects []*ObjectIdentifier `locationName:"Object" type:"list" flattened:"true" required:"true"` @@ -15356,9 +17124,9 @@ type DeleteBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -15486,9 +17254,9 @@ type DeleteBucketCorsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15603,9 +17371,9 @@ type DeleteBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15716,12 +17484,25 @@ type DeleteBucketInput struct { // Specifies the bucket being deleted. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15933,9 +17714,9 @@ type DeleteBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -16063,9 +17844,9 @@ type DeleteBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16179,9 +17960,9 @@ type DeleteBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the metrics configuration. The ID has a 64 character @@ -16332,9 +18113,9 @@ type DeleteBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16445,12 +18226,25 @@ type DeleteBucketPolicyInput struct { // The bucket name. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16564,9 +18358,9 @@ type DeleteBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16680,9 +18474,9 @@ type DeleteBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16796,9 +18590,9 @@ type DeleteBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16915,7 +18709,7 @@ type DeleteMarkerEntry struct { // The object key. Key *string `min:"1" type:"string"` - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time `type:"timestamp"` // The account that created the delete marker.> @@ -17024,19 +18818,33 @@ type DeleteObjectInput struct { // The bucket name of the bucket containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -17045,11 +18853,13 @@ type DeleteObjectInput struct { // Indicates whether S3 Object Lock should bypass Governance-mode restrictions // to process this operation. To use this header, you must have the s3:BypassGovernanceRetention // permission. + // + // This functionality is not supported for directory buckets. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Key name of the object to delete. @@ -17061,16 +18871,25 @@ type DeleteObjectInput struct { // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA // delete enabled. + // + // This functionality is not supported for directory buckets. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // For directory buckets in this API operation, only the null value of the version + // ID is supported. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -17193,16 +19012,24 @@ func (s DeleteObjectInput) updateArnableField(v string) (interface{}, error) { type DeleteObjectOutput struct { _ struct{} `type:"structure"` - // Specifies whether the versioned object that was permanently deleted was (true) - // or was not (false) a delete marker. + // Indicates whether the specified object version that was permanently deleted + // was (true) or was not (false) a delete marker before deletion. In a simple + // DELETE, this header indicates whether (true) or not (false) the current version + // of the object is a delete marker. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Returns the version ID of the delete marker created as a result of the DELETE // operation. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -17247,27 +19074,30 @@ type DeleteObjectTaggingInput struct { // The bucket name containing the objects from which to remove the tags. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key that identifies the object in the bucket from which to remove all @@ -17414,19 +19244,33 @@ type DeleteObjectsInput struct { // The bucket name containing the objects to delete. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -17435,22 +19279,38 @@ type DeleteObjectsInput struct { // Specifies whether you want to delete this object even if it has a Governance-type // Object Lock in place. To use this header, you must have the s3:BypassGovernanceRetention // permission. + // + // This functionality is not supported for directory buckets. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm // parameter. // - // This checksum algorithm must be the same for all parts and it match the checksum - // value supplied in the CreateMultipartUpload request. - // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value // is specified for this parameter, the matching algorithm's checksum member @@ -17466,22 +19326,37 @@ type DeleteObjectsInput struct { // Delete is a required field Delete *Delete `locationName:"Delete" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The concatenation of the authentication device's serial number, a space, // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA // delete enabled. + // + // When performing the DeleteObjects operation on an MFA delete enabled bucket, + // which attempts to delete the specified versioned objects, you must include + // an MFA token. If you don't provide an MFA token, the entire request will + // fail, even if there are non-versioned objects that you are trying to delete. + // If you provide an invalid token, whether there are versioned object keys + // in the request or not, the entire Multi-Object Delete request will fail. + // For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -17616,6 +19491,8 @@ type DeleteObjectsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -17663,9 +19540,9 @@ type DeletePublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -17775,20 +19652,27 @@ func (s DeletePublicAccessBlockOutput) GoString() string { type DeletedObject struct { _ struct{} `type:"structure"` - // Specifies whether the versioned object that was permanently deleted was (true) - // or was not (false) a delete marker. In a simple DELETE, this header indicates - // whether (true) or not (false) a delete marker was created. + // Indicates whether the specified object version that was permanently deleted + // was (true) or was not (false) a delete marker before deletion. In a simple + // DELETE, this header indicates whether (true) or not (false) the current version + // of the object is a delete marker. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `type:"boolean"` // The version ID of the delete marker created as a result of the DELETE operation. // If you delete a specific object version, the value returned by this header // is the version ID of the object version deleted. + // + // This functionality is not supported for directory buckets. DeleteMarkerVersionId *string `type:"string"` // The name of the deleted object. Key *string `min:"1" type:"string"` // The version ID of the deleted object. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -18504,6 +20388,8 @@ type Error struct { Message *string `type:"string"` // The version ID of the error. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -18729,16 +20615,20 @@ type GetBucketAccelerateConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -18833,6 +20723,8 @@ type GetBucketAccelerateConfigurationOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // The accelerate configuration of the bucket. @@ -18874,10 +20766,10 @@ type GetBucketAclInput struct { // Specifies the S3 bucket whose ACL is being requested. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. // - // To use this API operation against an Object Lambda access point, provide + // When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -18886,9 +20778,9 @@ type GetBucketAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19020,9 +20912,9 @@ type GetBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -19156,10 +21048,10 @@ type GetBucketCorsInput struct { // The bucket name for which to get the cors configuration. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. // - // To use this API operation against an Object Lambda access point, provide + // When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -19168,9 +21060,9 @@ type GetBucketCorsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19295,9 +21187,9 @@ type GetBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19549,9 +21441,9 @@ type GetBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -19688,9 +21580,9 @@ type GetBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19813,9 +21705,9 @@ type GetBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19935,10 +21827,10 @@ type GetBucketLocationInput struct { // The name of the bucket for which to get the location. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. // - // To use this API operation against an Object Lambda access point, provide + // When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -19947,9 +21839,9 @@ type GetBucketLocationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20074,9 +21966,9 @@ type GetBucketLoggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20202,9 +22094,9 @@ type GetBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the metrics configuration. The ID has a 64 character @@ -20339,10 +22231,10 @@ type GetBucketNotificationConfigurationRequest struct { // The name of the bucket for which to get the notification configuration. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. // - // To use this API operation against an Object Lambda access point, provide + // When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -20351,9 +22243,9 @@ type GetBucketNotificationConfigurationRequest struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20445,9 +22337,9 @@ type GetBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20566,23 +22458,40 @@ func (s *GetBucketOwnershipControlsOutput) SetOwnershipControls(v *OwnershipCont type GetBucketPolicyInput struct { _ struct{} `locationName:"GetBucketPolicyRequest" type:"structure"` - // The bucket name for which to get the bucket policy. + // The bucket name to get the bucket policy for. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide // - // To use this API operation against an Object Lambda access point, provide - // the alias of the Object Lambda access point in place of the bucket name. - // If the Object Lambda access point alias in a request is not valid, the error - // code InvalidAccessPointAliasError is returned. For more information about - // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // Access points - When you use this API operation with an access point, provide + // the alias of the access point in place of the bucket name. + // + // Object Lambda access points - When you use this API operation with an Object + // Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError, see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // + // Access points and Object Lambda access points are not supported by directory + // buckets. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20705,9 +22614,9 @@ type GetBucketPolicyStatusInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20830,9 +22739,9 @@ type GetBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20956,9 +22865,9 @@ type GetBucketRequestPaymentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21081,9 +22990,9 @@ type GetBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21208,9 +23117,9 @@ type GetBucketVersioningInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21344,9 +23253,9 @@ type GetBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21494,8 +23403,10 @@ type GetObjectAclInput struct { // The bucket name that contains the object for which to get the ACL information. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -21504,9 +23415,9 @@ type GetObjectAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key of the object for which to get the ACL information. @@ -21515,13 +23426,19 @@ type GetObjectAclInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -21640,6 +23557,8 @@ type GetObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -21684,27 +23603,41 @@ type GetObjectAttributesInput struct { // The name of the bucket that contains the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The object key. @@ -21726,13 +23659,19 @@ type GetObjectAttributesInput struct { PartNumberMarker *int64 `location:"header" locationName:"x-amz-part-number-marker" type:"integer"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -21741,6 +23680,8 @@ type GetObjectAttributesInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectAttributesInput's // String and GoString methods. @@ -21749,9 +23690,16 @@ type GetObjectAttributesInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // The version ID used to reference a specific version of the object. + // + // S3 Versioning isn't enabled and supported for directory buckets. For this + // API operation, only the null value of the version ID is supported by directory + // buckets. You can only specify null to the versionId query parameter in the + // request. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -21913,6 +23861,8 @@ type GetObjectAttributesOutput struct { // Specifies whether the object retrieved was (true) or was not (false) a delete // marker. If false, this response header does not appear in the response. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An ETag is an opaque identifier assigned by a web server to a specific version @@ -21930,15 +23880,22 @@ type GetObjectAttributesOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Provides the storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. // // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // The version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -22036,6 +23993,15 @@ type GetObjectAttributesParts struct { // A container for elements related to a particular part. A response can contain // zero or more Parts elements. + // + // * General purpose buckets - For GetObjectAttributes, if a additional checksum + // (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, + // or x-amz-checksum-sha256) isn't applied to the object specified in the + // request, the response doesn't return Part. + // + // * Directory buckets - For GetObjectAttributes, no matter whether a additional + // checksum is applied to the object specified in the request, the response + // returns Part. Parts []*ObjectPart `locationName:"Part" type:"list" flattened:"true"` // The total number of parts. @@ -22101,21 +24067,37 @@ type GetObjectInput struct { // The bucket name containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. + // Object Lambda access points - When you use this action with an Object Lambda + // access point, you must direct requests to the Object Lambda access point + // hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -22127,25 +24109,50 @@ type GetObjectInput struct { // validation. This feature is available in the AWS SDK for Go v2. ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Return the object only if its entity tag (ETag) is the same as the one specified; - // otherwise, return a 412 (precondition failed) error. + // Return the object only if its entity tag (ETag) is the same as the one specified + // in this header; otherwise, return a 412 Precondition Failed error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since + // condition evaluates to false; then, S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfMatch *string `location:"header" locationName:"If-Match" type:"string"` // Return the object only if it has been modified since the specified time; - // otherwise, return a 304 (not modified) error. + // otherwise, return a 304 Not Modified error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since + // condition evaluates to true; then, S3 returns 304 Not Modified status code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"` // Return the object only if its entity tag (ETag) is different from the one - // specified; otherwise, return a 304 (not modified) error. + // specified in this header; otherwise, return a 304 Not Modified error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since + // condition evaluates to true; then, S3 returns 304 Not Modified HTTP status + // code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"` // Return the object only if it has not been modified since the specified time; - // otherwise, return a 412 (precondition failed) error. + // otherwise, return a 412 Precondition Failed error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since + // condition evaluates to false; then, S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"` // Key of the object to get. @@ -22158,7 +24165,7 @@ type GetObjectInput struct { // Useful for downloading just a part of an object. PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` - // Downloads the specified range bytes of an object. For more information about + // Downloads the specified byte range of an object. For more information about // the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range // (https://www.rfc-editor.org/rfc/rfc9110.html#name-range). // @@ -22166,16 +24173,20 @@ type GetObjectInput struct { Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Sets the Cache-Control header of the response. ResponseCacheControl *string `location:"querystring" locationName:"response-cache-control" type:"string"` - // Sets the Content-Disposition header of the response + // Sets the Content-Disposition header of the response. ResponseContentDisposition *string `location:"querystring" locationName:"response-content-disposition" type:"string"` // Sets the Content-Encoding header of the response. @@ -22190,27 +24201,92 @@ type GetObjectInput struct { // Sets the Expires header of the response. ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"` - // Specifies the algorithm to use to when decrypting the object (for example, - // AES256). + // Specifies the algorithm to use when decrypting the object (for example, AES256). + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` - // Specifies the customer-provided encryption key for Amazon S3 used to encrypt - // the data. This value is used to decrypt the object when recovering it and - // must match the one used when storing the data. The key must be appropriate - // for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - // header. + // Specifies the customer-provided encryption key that you originally provided + // for Amazon S3 to encrypt the data before storing it. This value is used to + // decrypt the object when recovering it and must match the one used when storing + // the data. The key must be appropriate for use with the algorithm specified + // in the x-amz-server-side-encryption-customer-algorithm header. + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectInput's // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity + // check to ensure that the encryption key was transmitted without error. + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // By default, the GetObject operation returns the current version of an object. + // To return a different version, use the versionId subresource. + // + // * If you include a versionId in your request header, you must have the + // s3:GetObjectVersion permission to access a specific version of an object. + // The s3:GetObject permission is not required in this scenario. + // + // * If you request the current version of an object without a specific versionId + // in the request header, only the s3:GetObject permission is required. The + // s3:GetObjectVersion permission is not required in this scenario. + // + // * Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. For this API operation, only the null value of the version ID + // is supported by directory buckets. You can only specify null to the versionId + // query parameter in the request. + // + // For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -22427,8 +24503,10 @@ type GetObjectLegalHoldInput struct { // The bucket name containing the object whose legal hold status you want to // retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -22437,9 +24515,9 @@ type GetObjectLegalHoldInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object whose legal hold status you want to retrieve. @@ -22448,10 +24526,14 @@ type GetObjectLegalHoldInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object whose legal hold status you want to retrieve. @@ -22598,8 +24680,10 @@ type GetObjectLockConfigurationInput struct { // The bucket whose Object Lock configuration you want to retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -22608,9 +24692,9 @@ type GetObjectLockConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -22728,7 +24812,7 @@ func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectL type GetObjectOutput struct { _ struct{} `type:"structure" payload:"Body"` - // Indicates that a range of bytes was specified. + // Indicates that a range of bytes was specified in the request. AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // Object data. @@ -22736,47 +24820,41 @@ type GetObjectOutput struct { // Indicates whether the object uses an S3 Bucket Key for server-side encryption // with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` - // Specifies what content encodings have been applied to the object and thus + // Indicates what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` @@ -22793,23 +24871,40 @@ type GetObjectOutput struct { // A standard MIME type describing the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // Specifies whether the object retrieved was (true) or was not (false) a Delete + // Indicates whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. + // + // * If the current version of the object is a delete marker, Amazon S3 behaves + // as if the object was deleted and includes x-amz-delete-marker: true in + // the response. + // + // * If the specified version in the request is a delete marker, the response + // returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An entity tag (ETag) is an opaque identifier assigned by a web server to // a specific version of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is URL-encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), + // the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The date and time at which the object is no longer cacheable. Expires *string `location:"header" locationName:"Expires" type:"string"` - // Creation date of the object. + // Date and time when the object was last modified. + // + // General purpose buckets - When you specify a versionId of the object in your + // request, if the specified version in the request is a delete marker, the + // response returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. @@ -22819,20 +24914,29 @@ type GetObjectOutput struct { // Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase. Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` - // This is set to the number of metadata entries not returned in x-amz-meta - // headers. This can happen if you create metadata using an API like SOAP that - // supports more flexible metadata than the REST API. For example, using SOAP, - // you can create metadata whose values are not legal HTTP headers. + // This is set to the number of metadata entries not returned in the headers + // that are prefixed with x-amz-meta-. This can happen if you create metadata + // using an API like SOAP that supports more flexible metadata than the REST + // API. For example, using SOAP, you can create metadata whose values are not + // legal HTTP headers. + // + // This functionality is not supported for directory buckets. MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"` // Indicates whether this object has an active legal hold. This field is only // returned if you have permission to view an object's legal hold status. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode currently in place for this object. + // The Object Lock mode that's currently in place for this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when this object's Object Lock will expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // The count of parts this object has. This value is only returned if you specify @@ -22841,51 +24945,80 @@ type GetObjectOutput struct { // Amazon S3 can return this if your request involves a bucket that is either // a source or destination in a replication rule. + // + // This functionality is not supported for directory buckets. ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Provides information about object restoration action and expiration time // of the restored object copy. + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string `location:"header" locationName:"x-amz-restore" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The number of tags, if any, on the object. + // The number of tags, if any, on the object, when you have the relevant permission + // to read object tags. + // + // You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) + // to retrieve the tag set associated with an object. + // + // This functionality is not supported for directory buckets. TagCount *int64 `location:"header" locationName:"x-amz-tagging-count" type:"integer"` - // Version of the object. + // Version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -23129,8 +25262,10 @@ type GetObjectRetentionInput struct { // The bucket name containing the object whose retention settings you want to // retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -23139,9 +25274,9 @@ type GetObjectRetentionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object whose retention settings you want to retrieve. @@ -23150,10 +25285,14 @@ type GetObjectRetentionInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID for the object whose retention settings you want to retrieve. @@ -23300,27 +25439,30 @@ type GetObjectTaggingInput struct { // The bucket name containing the object for which to get the tagging information. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which to get the tagging information. @@ -23329,10 +25471,14 @@ type GetObjectTaggingInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The versionId of the object for which to get the tagging information. @@ -23494,9 +25640,9 @@ type GetObjectTorrentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The object key for which to get the information. @@ -23505,10 +25651,14 @@ type GetObjectTorrentInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -23618,6 +25768,8 @@ type GetObjectTorrentOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -23660,9 +25812,9 @@ type GetPublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -23992,33 +26144,48 @@ type HeadBucketInput struct { // The bucket name. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with an Object Lambda access point, provide the - // alias of the Object Lambda access point in place of the bucket name. If the - // Object Lambda access point alias in a request is not valid, the error code - // InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, - // see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Object Lambda access points - When you use this API operation with an Object + // Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError, see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -24104,6 +26271,30 @@ func (s HeadBucketInput) updateArnableField(v string) (interface{}, error) { type HeadBucketOutput struct { _ struct{} `type:"structure"` + + // Indicates whether the bucket name used in the request is an access point + // alias. + // + // This functionality is not supported for directory buckets. + AccessPointAlias *bool `location:"header" locationName:"x-amz-access-point-alias" type:"boolean"` + + // The name of the location where the bucket will be created. + // + // For directory buckets, the AZ ID of the Availability Zone where the bucket + // is created. An example AZ ID value is usw2-az2. + // + // This functionality is only supported by directory buckets. + BucketLocationName *string `location:"header" locationName:"x-amz-bucket-location-name" type:"string"` + + // The type of location where the bucket is created. + // + // This functionality is only supported by directory buckets. + BucketLocationType *string `location:"header" locationName:"x-amz-bucket-location-type" type:"string" enum:"LocationType"` + + // The Region that the bucket is located. + // + // This functionality is not supported for directory buckets. + BucketRegion *string `location:"header" locationName:"x-amz-bucket-region" type:"string"` } // String returns the string representation. @@ -24124,24 +26315,62 @@ func (s HeadBucketOutput) GoString() string { return s.String() } +// SetAccessPointAlias sets the AccessPointAlias field's value. +func (s *HeadBucketOutput) SetAccessPointAlias(v bool) *HeadBucketOutput { + s.AccessPointAlias = &v + return s +} + +// SetBucketLocationName sets the BucketLocationName field's value. +func (s *HeadBucketOutput) SetBucketLocationName(v string) *HeadBucketOutput { + s.BucketLocationName = &v + return s +} + +// SetBucketLocationType sets the BucketLocationType field's value. +func (s *HeadBucketOutput) SetBucketLocationType(v string) *HeadBucketOutput { + s.BucketLocationType = &v + return s +} + +// SetBucketRegion sets the BucketRegion field's value. +func (s *HeadBucketOutput) SetBucketRegion(v string) *HeadBucketOutput { + s.BucketRegion = &v + return s +} + type HeadObjectInput struct { _ struct{} `locationName:"HeadObjectRequest" type:"structure"` - // The name of the bucket containing the object. + // The name of the bucket that contains the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -24154,25 +26383,69 @@ type HeadObjectInput struct { // must have permission to use the kms:Decrypt action for the request to succeed. ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Return the object only if its entity tag (ETag) is the same as the one specified; // otherwise, return a 412 (precondition failed) error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: + // + // * If-Match condition evaluates to true, and; + // + // * If-Unmodified-Since condition evaluates to false; + // + // Then Amazon S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfMatch *string `location:"header" locationName:"If-Match" type:"string"` // Return the object only if it has been modified since the specified time; // otherwise, return a 304 (not modified) error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows: + // + // * If-None-Match condition evaluates to false, and; + // + // * If-Modified-Since condition evaluates to true; + // + // Then Amazon S3 returns the 304 Not Modified response code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"` // Return the object only if its entity tag (ETag) is different from the one // specified; otherwise, return a 304 (not modified) error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows: + // + // * If-None-Match condition evaluates to false, and; + // + // * If-Modified-Since condition evaluates to true; + // + // Then Amazon S3 returns the 304 Not Modified response code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"` // Return the object only if it has not been modified since the specified time; // otherwise, return a 412 (precondition failed) error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: + // + // * If-Match condition evaluates to true, and; + // + // * If-Unmodified-Since condition evaluates to false; + // + // Then Amazon S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"` // The object key. @@ -24192,14 +26465,19 @@ type HeadObjectInput struct { Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -24208,6 +26486,8 @@ type HeadObjectInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by HeadObjectInput's // String and GoString methods. @@ -24216,9 +26496,14 @@ type HeadObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // For directory buckets in this API operation, only the null value of the version + // ID is supported. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -24400,51 +26685,63 @@ type HeadObjectOutput struct { AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // The archive state of the head object. + // + // This functionality is not supported for directory buckets. ArchiveStatus *string `location:"header" locationName:"x-amz-archive-status" type:"string" enum:"ArchiveStatus"` // Indicates whether the object uses an S3 Bucket Key for server-side encryption // with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` - // Specifies what content encodings have been applied to the object and thus + // Indicates what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` @@ -24460,21 +26757,27 @@ type HeadObjectOutput struct { // Specifies whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An entity tag (ETag) is an opaque identifier assigned by a web server to // a specific version of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is URL-encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), + // the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The date and time at which the object is no longer cacheable. Expires *string `location:"header" locationName:"Expires" type:"string"` - // Creation date of the object. + // Date and time when the object was last modified. LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. @@ -24488,6 +26791,8 @@ type HeadObjectOutput struct { // headers. This can happen if you create metadata using an API like SOAP that // supports more flexible metadata than the REST API. For example, using SOAP, // you can create metadata whose values are not legal HTTP headers. + // + // This functionality is not supported for directory buckets. MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"` // Specifies whether a legal hold is in effect for this object. This header @@ -24495,15 +26800,21 @@ type HeadObjectOutput struct { // This header is not returned if the specified version of this object has never // had a legal hold applied. For more information about S3 Object Lock, see // Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode, if any, that's in effect for this object. This header // is only returned if the requester has the s3:GetObjectRetention permission. // For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when the Object Lock retention period expires. This header // is only returned if the requester has the s3:GetObjectRetention permission. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // The count of parts this object has. This value is only returned if you specify @@ -24542,10 +26853,14 @@ type HeadObjectOutput struct { // header will return FAILED. // // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). + // + // This functionality is not supported for directory buckets. ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If the object is an archived object (an object whose storage class is GLACIER), @@ -24563,42 +26878,61 @@ type HeadObjectOutput struct { // // For more information about archiving objects, see Transitioning Objects: // General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations). + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string `location:"header" locationName:"x-amz-restore" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by HeadObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. // // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // Version of the object. + // Version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -24884,10 +27218,16 @@ type Initiator struct { _ struct{} `type:"structure"` // Name of the Principal. + // + // This functionality is not supported for directory buckets. DisplayName *string `type:"string"` // If the principal is an Amazon Web Services account, it provides the Canonical // User ID. If the principal is an IAM User, it provides a user ARN value. + // + // Directory buckets - If the principal is an Amazon Web Services account, it + // provides the Amazon Web Services account ID. If the principal is an IAM User, + // it provides a user ARN value. ID *string `type:"string"` } @@ -26323,9 +28663,9 @@ type ListBucketAnalyticsConfigurationsInput struct { // should begin. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -26649,9 +28989,9 @@ type ListBucketInventoryConfigurationsInput struct { // that Amazon S3 understands. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -26818,9 +29158,9 @@ type ListBucketMetricsConfigurationsInput struct { // value that Amazon S3 understands. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -27036,24 +29376,123 @@ func (s *ListBucketsOutput) SetOwner(v *Owner) *ListBucketsOutput { return s } +type ListDirectoryBucketsInput struct { + _ struct{} `locationName:"ListDirectoryBucketsRequest" type:"structure"` + + // ContinuationToken indicates to Amazon S3 that the list is being continued + // on this bucket with a token. ContinuationToken is obfuscated and is not a + // real key. You can use this ContinuationToken for pagination of the list results. + ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` + + // Maximum number of buckets to be returned in response. When the number is + // more than the count of buckets that are owned by an Amazon Web Services account, + // return all the buckets in response. + MaxDirectoryBuckets *int64 `location:"querystring" locationName:"max-directory-buckets" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsInput) GoString() string { + return s.String() +} + +// SetContinuationToken sets the ContinuationToken field's value. +func (s *ListDirectoryBucketsInput) SetContinuationToken(v string) *ListDirectoryBucketsInput { + s.ContinuationToken = &v + return s +} + +// SetMaxDirectoryBuckets sets the MaxDirectoryBuckets field's value. +func (s *ListDirectoryBucketsInput) SetMaxDirectoryBuckets(v int64) *ListDirectoryBucketsInput { + s.MaxDirectoryBuckets = &v + return s +} + +type ListDirectoryBucketsOutput struct { + _ struct{} `type:"structure"` + + // The list of buckets owned by the requester. + Buckets []*Bucket `locationNameList:"Bucket" type:"list"` + + // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + ContinuationToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsOutput) GoString() string { + return s.String() +} + +// SetBuckets sets the Buckets field's value. +func (s *ListDirectoryBucketsOutput) SetBuckets(v []*Bucket) *ListDirectoryBucketsOutput { + s.Buckets = v + return s +} + +// SetContinuationToken sets the ContinuationToken field's value. +func (s *ListDirectoryBucketsOutput) SetContinuationToken(v string) *ListDirectoryBucketsOutput { + s.ContinuationToken = &v + return s +} + type ListMultipartUploadsInput struct { _ struct{} `locationName:"ListMultipartUploadsRequest" type:"structure"` // The name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -27067,6 +29506,8 @@ type ListMultipartUploadsInput struct { // parameter, then the substring starts at the beginning of the key. The keys // that are grouped under CommonPrefixes result element are not returned elsewhere // in the response. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Requests Amazon S3 to encode the object keys in the response and specifies @@ -27077,20 +29518,28 @@ type ListMultipartUploadsInput struct { // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Together with upload-id-marker, this parameter specifies the multipart upload - // after which listing should begin. - // - // If upload-id-marker is not specified, only the keys lexicographically greater - // than the specified key-marker will be included in the list. - // - // If upload-id-marker is specified, any multipart uploads for a key equal to - // the key-marker might also be included, provided those multipart uploads have - // upload IDs lexicographically greater than the specified upload-id-marker. + // Specifies the multipart upload after which listing should begin. + // + // * General purpose buckets - For general purpose buckets, key-marker is + // an object key. Together with upload-id-marker, this parameter specifies + // the multipart upload after which listing should begin. If upload-id-marker + // is not specified, only the keys lexicographically greater than the specified + // key-marker will be included in the list. If upload-id-marker is specified, + // any multipart uploads for a key equal to the key-marker might also be + // included, provided those multipart uploads have upload IDs lexicographically + // greater than the specified upload-id-marker. + // + // * Directory buckets - For directory buckets, key-marker is obfuscated + // and isn't a real object key. The upload-id-marker parameter isn't supported + // by directory buckets. To list the additional multipart uploads, you only + // need to set the value of key-marker to the NextKeyMarker value from the + // previous response. In the ListMultipartUploads response, the multipart + // uploads aren't sorted lexicographically based on the object keys. KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"` // Sets the maximum number of multipart uploads, from 1 to 1,000, to return @@ -27102,13 +29551,20 @@ type ListMultipartUploadsInput struct { // prefix. You can use prefixes to separate a bucket into different grouping // of keys. (You can think of using prefix to make groups in the same way that // you'd use a folder in a file system.) + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Together with key-marker, specifies the multipart upload after which listing @@ -27116,6 +29572,8 @@ type ListMultipartUploadsInput struct { // is ignored. Otherwise, any multipart uploads for a key equal to the key-marker // might be included in the list only if they have an upload ID lexicographically // greater than the specified upload-id-marker. + // + // This functionality is not supported for directory buckets. UploadIdMarker *string `location:"querystring" locationName:"upload-id-marker" type:"string"` } @@ -27251,10 +29709,15 @@ type ListMultipartUploadsOutput struct { // If you specify a delimiter in the request, then the result returns each distinct // key prefix containing the delimiter in a CommonPrefixes element. The distinct // key prefixes are returned in the Prefix child element. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"` // Contains the delimiter you specified in the request. If you don't specify // a delimiter in your request, this element is absent from the response. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `type:"string"` // Encoding type used by Amazon S3 to encode object keys in the response. @@ -27285,17 +29748,26 @@ type ListMultipartUploadsOutput struct { // When a list is truncated, this element specifies the value that should be // used for the upload-id-marker request parameter in a subsequent request. + // + // This functionality is not supported for directory buckets. NextUploadIdMarker *string `type:"string"` // When a prefix is provided in the request, this field contains the specified // prefix. The result contains only keys starting with the specified prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Upload ID after which listing began. + // + // This functionality is not supported for directory buckets. UploadIdMarker *string `type:"string"` // Container for elements related to a particular multipart upload. A response @@ -27429,9 +29901,9 @@ type ListObjectVersionsInput struct { // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Specifies the key to start with when listing objects in a bucket. @@ -27457,10 +29929,14 @@ type ListObjectVersionsInput struct { Prefix *string `location:"querystring" locationName:"prefix" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the object version you want to start listing from. @@ -27654,6 +30130,8 @@ type ListObjectVersionsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Marks the last version of the key returned in a truncated response. @@ -27770,19 +30248,33 @@ type ListObjectsInput struct { // The name of the bucket containing the objects. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -27799,9 +30291,9 @@ type ListObjectsInput struct { // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Marker is where you want Amazon S3 to start listing from. Amazon S3 starts @@ -28012,6 +30504,8 @@ type ListObjectsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -28102,21 +30596,33 @@ func (s *ListObjectsOutput) SetRequestCharged(v string) *ListObjectsOutput { type ListObjectsV2Input struct { _ struct{} `locationName:"ListObjectsV2Request" type:"structure"` - // Bucket name to list. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -28124,23 +30630,35 @@ type ListObjectsV2Input struct { // ContinuationToken indicates to Amazon S3 that the list is being continued // on this bucket with a token. ContinuationToken is obfuscated and is not a - // real key. + // real key. You can use this ContinuationToken for pagination of the list results. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` // A delimiter is a character that you use to group keys. + // + // * Directory buckets - For directory buckets, / is the only supported delimiter. + // + // * Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. + // For more information about multipart uploads, see Multipart Upload Overview + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in + // the Amazon S3 User Guide. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Encoding type used by Amazon S3 to encode object keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The owner field is not present in ListObjectsV2 by default. If you want to // return the owner field with each key in the result, then set the FetchOwner // field to true. + // + // Directory buckets - For directory buckets, the bucket owner is returned as + // the object owner for all objects. FetchOwner *bool `location:"querystring" locationName:"fetch-owner" type:"boolean"` // Sets the maximum number of keys returned in the response. By default, the @@ -28150,18 +30668,27 @@ type ListObjectsV2Input struct { // Specifies the optional fields that you want returned in the response. Fields // that you do not specify are not returned. + // + // This functionality is not supported for directory buckets. OptionalObjectAttributes []*string `location:"header" locationName:"x-amz-optional-object-attributes" type:"list" enum:"OptionalObjectAttributes"` // Limits the response to keys that begin with the specified prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` // Confirms that the requester knows that she or he will be charged for the // list objects request in V2 style. Bucket owners need not specify this parameter // in their requests. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts // listing after this specified key. StartAfter can be any key in the bucket. + // + // This functionality is not supported for directory buckets. StartAfter *string `location:"querystring" locationName:"start-after" type:"string"` } @@ -28302,8 +30829,9 @@ func (s ListObjectsV2Input) updateArnableField(v string) (interface{}, error) { type ListObjectsV2Output struct { _ struct{} `type:"structure"` - // All of the keys (up to 1,000) rolled up into a common prefix count as a single - // return when calculating the number of returns. + // All of the keys (up to 1,000) that share the same prefix are grouped together. + // When counting the total numbers of returns by this API operation, this group + // of keys is considered as one item. // // A response can contain CommonPrefixes only if you specify a delimiter. // @@ -28317,12 +30845,24 @@ type ListObjectsV2Output struct { // in notes/summer/july, the common prefix is notes/summer/. All of the keys // that roll up into a common prefix count as a single return when calculating // the number of returns. + // + // * Directory buckets - For directory buckets, only prefixes that end in + // a delimiter (/) are supported. + // + // * Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. + // For more information about multipart uploads, see Multipart Upload Overview + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in + // the Amazon S3 User Guide. CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"` // Metadata about each object returned. Contents []*Object `type:"list" flattened:"true"` // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + // You can use this ContinuationToken for pagination of the list results. ContinuationToken *string `type:"string"` // Causes keys that contain the same string between the prefix and the first @@ -28330,6 +30870,8 @@ type ListObjectsV2Output struct { // in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere // in the response. Each rolled-up result counts as only one return against // the MaxKeys value. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `type:"string"` // Encoding type used by Amazon S3 to encode object key names in the XML response. @@ -28357,21 +30899,6 @@ type ListObjectsV2Output struct { MaxKeys *int64 `type:"integer"` // The bucket name. - // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. Name *string `type:"string"` // NextContinuationToken is sent when isTruncated is true, which means there @@ -28381,13 +30908,20 @@ type ListObjectsV2Output struct { NextContinuationToken *string `type:"string"` // Keys that begin with the indicated prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If StartAfter was sent with the request, it is included in the response. + // + // This functionality is not supported for directory buckets. StartAfter *string `type:"string"` } @@ -28492,27 +31026,41 @@ type ListPartsInput struct { // The name of the bucket to which the parts are being uploaded. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -28528,16 +31076,22 @@ type ListPartsInput struct { PartNumberMarker *int64 `location:"querystring" locationName:"part-number-marker" type:"integer"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The server-side encryption (SSE) algorithm used to encrypt the object. This // parameter is needed only when the object was created using a checksum algorithm. // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // The server-side encryption (SSE) customer managed key. This parameter is @@ -28545,6 +31099,8 @@ type ListPartsInput struct { // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ListPartsInput's // String and GoString methods. @@ -28554,6 +31110,8 @@ type ListPartsInput struct { // is needed only when the object was created using a checksum algorithm. For // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose parts are being listed. @@ -28718,11 +31276,15 @@ type ListPartsOutput struct { // // The response will also include the x-amz-abort-rule-id header that will provide // the ID of the lifecycle configuration rule that defines this action. + // + // This functionality is not supported for directory buckets. AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"` // This header is returned along with the x-amz-abort-date header. It identifies // applicable lifecycle configuration rule that defines the action to abort // incomplete multipart uploads. + // + // This functionality is not supported for directory buckets. AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` // The name of the bucket to which the multipart upload was initiated. Does @@ -28757,6 +31319,9 @@ type ListPartsOutput struct { // Container element that identifies the object owner, after the object is created. // If multipart upload is initiated by an IAM user, this element provides the // parent account ID and display name. + // + // Directory buckets - The bucket owner is returned as the object owner for + // all the parts. Owner *Owner `type:"structure"` // When a list is truncated, this element specifies the last part in the list, @@ -28770,10 +31335,14 @@ type ListPartsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded - // object. + // The class of storage used to store the uploaded object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // Upload ID identifying the multipart upload whose parts are being listed. @@ -29031,6 +31600,56 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location { return s } +// Specifies the location where the bucket will be created. +// +// For directory buckets, the location type is Availability Zone. For more information +// about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// This functionality is only supported by directory buckets. +type LocationInfo struct { + _ struct{} `type:"structure"` + + // The name of the location where the bucket will be created. + // + // For directory buckets, the AZ ID of the Availability Zone where the bucket + // will be created. An example AZ ID value is usw2-az2. + Name *string `type:"string"` + + // The type of location where the bucket will be created. + Type *string `type:"string" enum:"LocationType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LocationInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LocationInfo) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *LocationInfo) SetName(v string) *LocationInfo { + s.Name = &v + return s +} + +// SetType sets the Type field's value. +func (s *LocationInfo) SetType(v string) *LocationInfo { + s.Type = &v + return s +} + // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) @@ -29056,6 +31675,9 @@ type LoggingEnabled struct { // in the Amazon S3 User Guide. TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"` + // Amazon S3 key format for log objects. + TargetObjectKeyFormat *TargetObjectKeyFormat `type:"structure"` + // A prefix for all log object keys. If you store log files from multiple Amazon // S3 buckets in a single bucket, you can use a prefix to distinguish which // log files came from which bucket. @@ -29120,6 +31742,12 @@ func (s *LoggingEnabled) SetTargetGrants(v []*TargetGrant) *LoggingEnabled { return s } +// SetTargetObjectKeyFormat sets the TargetObjectKeyFormat field's value. +func (s *LoggingEnabled) SetTargetObjectKeyFormat(v *TargetObjectKeyFormat) *LoggingEnabled { + s.TargetObjectKeyFormat = v + return s +} + // SetTargetPrefix sets the TargetPrefix field's value. func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled { s.TargetPrefix = &v @@ -29467,9 +32095,15 @@ type MultipartUpload struct { Key *string `min:"1" type:"string"` // Specifies the owner of the object that is part of the multipart upload. + // + // Directory buckets - The bucket owner is returned as the object owner for + // all the objects. Owner *Owner `type:"structure"` // The class of storage used to store the object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // Upload ID that identifies the multipart upload. @@ -29544,9 +32178,10 @@ func (s *MultipartUpload) SetUploadId(v string) *MultipartUpload { type NoncurrentVersionExpiration struct { _ struct{} `type:"structure"` - // Specifies how many noncurrent versions Amazon S3 will retain. If there are - // this many more recent noncurrent versions, Amazon S3 will take the associated - // action. For more information about noncurrent versions, see Lifecycle configuration + // Specifies how many newer noncurrent versions must exist before Amazon S3 + // can perform the associated action on a given version. If there are this many + // more recent noncurrent versions, Amazon S3 will take the associated action. + // For more information about noncurrent versions, see Lifecycle configuration // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) // in the Amazon S3 User Guide. NewerNoncurrentVersions *int64 `type:"integer"` @@ -29599,9 +32234,10 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers type NoncurrentVersionTransition struct { _ struct{} `type:"structure"` - // Specifies how many noncurrent versions Amazon S3 will retain. If there are - // this many more recent noncurrent versions, Amazon S3 will take the associated - // action. For more information about noncurrent versions, see Lifecycle configuration + // Specifies how many newer noncurrent versions must exist before Amazon S3 + // can perform the associated action on a given version. If there are this many + // more recent noncurrent versions, Amazon S3 will take the associated action. + // For more information about noncurrent versions, see Lifecycle configuration // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) // in the Amazon S3 User Guide. NewerNoncurrentVersions *int64 `type:"integer"` @@ -29871,6 +32507,8 @@ type Object struct { // encryption. If an object is larger than 16 MB, the Amazon Web Services // Management Console will upload or copy that object as a Multipart Upload, // and therefore the ETag will not be an MD5 digest. + // + // Directory buckets - MD5 is not supported by directory buckets. ETag *string `type:"string"` // The name that you assign to an object. You use the object key to retrieve @@ -29881,6 +32519,8 @@ type Object struct { LastModified *time.Time `type:"timestamp"` // The owner of the object + // + // Directory buckets - The bucket owner is returned as the object owner. Owner *Owner `type:"structure"` // Specifies the restoration status of an object. Objects in certain storage @@ -29888,12 +32528,18 @@ type Object struct { // about these storage classes and how to work with archived objects, see Working // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. RestoreStatus *RestoreStatus `type:"structure"` // Size in bytes of the object - Size *int64 `type:"integer"` + Size *int64 `type:"long"` // The class of storage used to store the object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"ObjectStorageClass"` } @@ -29976,7 +32622,9 @@ type ObjectIdentifier struct { // Key is a required field Key *string `min:"1" type:"string" required:"true"` - // VersionId for the specific version of the object to delete. + // Version ID for the specific version of the object to delete. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -30191,26 +32839,32 @@ type ObjectPart struct { ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -30219,7 +32873,7 @@ type ObjectPart struct { PartNumber *int64 `type:"integer"` // The size of the uploaded part in bytes. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` } // String returns the string representation. @@ -30293,7 +32947,7 @@ type ObjectVersion struct { // The object key. Key *string `min:"1" type:"string"` - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time `type:"timestamp"` // Specifies the owner of the object. @@ -30307,7 +32961,7 @@ type ObjectVersion struct { RestoreStatus *RestoreStatus `type:"structure"` // Size in bytes of the object. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` // The class of storage used to store the object. StorageClass *string `type:"string" enum:"ObjectVersionStorageClass"` @@ -30504,6 +33158,8 @@ type Owner struct { // * Europe (Ireland) // // * South America (São Paulo) + // + // This functionality is not supported for directory buckets. DisplayName *string `type:"string"` // Container for the ID of the owner. @@ -30613,8 +33269,19 @@ type OwnershipControlsRule struct { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that - // don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control - // canned ACL or an equivalent form of this ACL expressed in the XML format. + // don't specify an ACL or specify bucket owner full control ACLs (such as the + // predefined bucket-owner-full-control canned ACL or a custom ACL in XML format + // that grants the same permissions). + // + // By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. + // We recommend keeping ACLs disabled, except in uncommon use cases where you + // must control access for each object individually. For more information about + // S3 Object Ownership, see Controlling ownership of objects and disabling ACLs + // for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Directory buckets + // use the bucket owner enforced setting for S3 Object Ownership. // // ObjectOwnership is a required field ObjectOwnership *string `type:"string" required:"true" enum:"ObjectOwnership"` @@ -30692,18 +33359,22 @@ type Part struct { ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` @@ -30725,7 +33396,7 @@ type Part struct { PartNumber *int64 `type:"integer"` // Size in bytes of the uploaded part data. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` } // String returns the string representation. @@ -30794,6 +33465,44 @@ func (s *Part) SetSize(v int64) *Part { return s } +// Amazon S3 keys for log objects are partitioned in the following format: +// +// [DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +// +// PartitionedPrefix defaults to EventTime delivery when server access logs +// are delivered. +type PartitionedPrefix struct { + _ struct{} `locationName:"PartitionedPrefix" type:"structure"` + + // Specifies the partition date source for the partitioned prefix. PartitionDateSource + // can be EventTime or DeliveryTime. + PartitionDateSource *string `type:"string" enum:"PartitionDateSource"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionedPrefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionedPrefix) GoString() string { + return s.String() +} + +// SetPartitionDateSource sets the PartitionDateSource field's value. +func (s *PartitionedPrefix) SetPartitionDateSource(v string) *PartitionedPrefix { + s.PartitionDateSource = &v + return s +} + // The container element for a bucket's policy status. type PolicyStatus struct { _ struct{} `type:"structure"` @@ -31041,12 +33750,12 @@ type PutBucketAccelerateConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31058,9 +33767,9 @@ type PutBucketAccelerateConfigurationInput struct { // must be populated with the algorithm's checksum of the request payload. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -31195,12 +33904,12 @@ type PutBucketAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31216,9 +33925,9 @@ type PutBucketAclInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Allows grantee the read, write, read ACP, and write ACP permissions on the @@ -31409,9 +34118,9 @@ type PutBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -31561,12 +34270,12 @@ type PutBucketCorsInput struct { // CORSConfiguration is a required field CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31582,9 +34291,9 @@ type PutBucketCorsInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -31725,12 +34434,12 @@ type PutBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31746,9 +34455,9 @@ type PutBucketEncryptionInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Specifies the default server-side-encryption configuration. @@ -32026,9 +34735,9 @@ type PutBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -32175,12 +34884,12 @@ type PutBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32196,9 +34905,9 @@ type PutBucketLifecycleConfigurationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1,000 rules. @@ -32330,12 +35039,12 @@ type PutBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32351,9 +35060,9 @@ type PutBucketLifecycleInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1000 rules. @@ -32495,12 +35204,12 @@ type PutBucketLoggingInput struct { // BucketLoggingStatus is a required field BucketLoggingStatus *BucketLoggingStatus `locationName:"BucketLoggingStatus" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32516,9 +35225,9 @@ type PutBucketLoggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -32652,9 +35361,9 @@ type PutBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the metrics configuration. The ID has a 64 character @@ -32802,9 +35511,9 @@ type PutBucketNotificationConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // A container for specifying the notification configuration of the bucket. @@ -32948,12 +35657,12 @@ type PutBucketNotificationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32969,9 +35678,9 @@ type PutBucketNotificationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The container for the configuration. @@ -33105,9 +35814,9 @@ type PutBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) @@ -33238,19 +35947,45 @@ type PutBucketPolicyInput struct { // The name of the bucket. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // - // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - // parameter. + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value @@ -33264,15 +35999,24 @@ type PutBucketPolicyInput struct { // Set this parameter to true to confirm that you want to remove your permissions // to change this bucket policy in the future. + // + // This functionality is not supported for directory buckets. ConfirmRemoveSelfBucketAccess *bool `location:"header" locationName:"x-amz-confirm-remove-self-bucket-access" type:"boolean"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The bucket policy as a JSON document. // + // For directory buckets, the only IAM action supported in the bucket policy + // is s3express:CreateSession. + // // Policy is a required field Policy *string `type:"string" required:"true"` } @@ -33408,12 +36152,12 @@ type PutBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33429,9 +36173,9 @@ type PutBucketReplicationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // A container for replication rules. You can add up to 1,000 rules. The maximum @@ -33580,12 +36324,12 @@ type PutBucketRequestPaymentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33601,9 +36345,9 @@ type PutBucketRequestPaymentInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for Payer. @@ -33742,12 +36486,12 @@ type PutBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33763,9 +36507,9 @@ type PutBucketTaggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for the TagSet and Tag elements. @@ -33904,12 +36648,12 @@ type PutBucketVersioningInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33925,9 +36669,9 @@ type PutBucketVersioningInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The concatenation of the authentication device's serial number, a space, @@ -34071,12 +36815,12 @@ type PutBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -34092,9 +36836,9 @@ type PutBucketWebsiteInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for the request. @@ -34238,22 +36982,33 @@ type PutObjectAclInput struct { // The bucket name that contains the object to which you want to attach the // ACL. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -34269,25 +37024,25 @@ type PutObjectAclInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Allows grantee the read, write, read ACP, and write ACP permissions on the // bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to list the objects in the bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the bucket ACL. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to create new objects in the bucket. @@ -34298,37 +37053,28 @@ type PutObjectAclInput struct { // Allows grantee to write the ACL for the applicable bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Key for which the PUT action was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. - // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -34494,6 +37240,8 @@ type PutObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -34525,9 +37273,32 @@ type PutObjectInput struct { _ struct{} `locationName:"PutObjectRequest" type:"structure" payload:"Body"` // The canned ACL to apply to the object. For more information, see Canned ACL - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. + // + // When adding a new object, you can use headers to grant ACL-based permissions + // to individual Amazon Web Services accounts or to predefined groups defined + // by Amazon S3. These permissions are then added to the ACL on the object. + // By default, all objects are private. Only the owner has full access control. + // For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) + // in the Amazon S3 User Guide. + // + // If the bucket that you're uploading objects to uses the bucket owner enforced + // setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. + // Buckets that use this setting only accept PUT requests that don't specify + // an ACL or PUT requests that specify bucket owner full control ACLs, such + // as the bucket-owner-full-control canned ACL or an equivalent form of this + // ACL expressed in the XML format. PUT requests that contain other ACLs (for + // example, custom grants to certain Amazon Web Services accounts) fail and + // return a 400 error with the error code AccessControlListNotSupported. For + // more information, see Controlling ownership of objects and disabling ACLs + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // Object data. @@ -34535,19 +37306,33 @@ type PutObjectInput struct { // The bucket name to which the PUT action was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -34560,6 +37345,8 @@ type PutObjectInput struct { // // Specifying this header with a PUT action doesn’t affect bucket-level settings // for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Can be used to specify caching behavior along the request/reply chain. For @@ -34567,16 +37354,33 @@ type PutObjectInput struct { // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9). CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // - // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - // parameter. + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value @@ -34636,15 +37440,22 @@ type PutObjectInput struct { // it is optional, we recommend using the Content-MD5 mechanism as an end-to-end // integrity check. For more information about REST request authentication, // see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). + // + // The Content-MD5 header is required for any request to upload an object with + // a retention period configured using Amazon S3 Object Lock. For more information + // about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` // A standard MIME type describing the format of the contents. For more information, // see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type). ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. For more information, @@ -34653,22 +37464,30 @@ type PutObjectInput struct { // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Object key for which the PUT action was initiated. @@ -34680,25 +37499,37 @@ type PutObjectInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether a legal hold will be applied to this object. For more information - // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode that you want to apply to this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when you want this object's Object Lock to expire. Must // be formatted as a timestamp parameter. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -34707,6 +37538,8 @@ type PutObjectInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's // String and GoString methods. @@ -34715,13 +37548,18 @@ type PutObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding // JSON with the encryption context key-value pairs. This value is stored as // object metadata and automatically gets passed on to Amazon Web Services KMS - // for future GetObject or CopyObject operations on this object. + // for future GetObject or CopyObject operations on this object. This value + // must be explicitly added during CopyObject operations. + // + // This functionality is not supported for directory buckets. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's @@ -34729,39 +37567,62 @@ type PutObjectInput struct { SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, - // this header specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. If you specify - // x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, + // this header specifies the ID (Key ID, Key ARN, or Key Alias) of the Key Management + // Service (KMS) symmetric encryption customer managed key that was used for + // the object. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, // but do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 // uses the Amazon Web Services managed key (aws/s3) to protect the data. If // the KMS key does not exist in the same account that's issuing the command, // you must use the full ARN and not just the ID. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // The server-side encryption algorithm that was used when you store this object + // in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // General purpose buckets - You have four mutually exclusive options to protect + // data using server-side encryption in Amazon S3, depending on how you choose + // to manage the encryption keys. Specifically, the encryption key options are + // Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or + // DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with + // server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. + // You can optionally tell Amazon S3 to encrypt data at rest by using server-side + // encryption with other key options. For more information, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - For directory buckets, only the server-side encryption + // with Amazon S3 managed keys (SSE-S3) (AES256) value is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. // (For example, "Key1=Value1") + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. For information about object - // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html). + // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html) + // in the Amazon S3 User Guide. // // In the following example, the request header sets the redirect to an object // (anotherPage.html) in the same bucket: @@ -34775,7 +37636,10 @@ type PutObjectInput struct { // // For more information about website hosting in Amazon S3, see Hosting Websites // on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) - // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html). + // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -35088,8 +37952,10 @@ type PutObjectLegalHoldInput struct { // The bucket name containing the object that you want to place a legal hold // on. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -35098,12 +37964,12 @@ type PutObjectLegalHoldInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35119,9 +37985,9 @@ type PutObjectLegalHoldInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object that you want to place a legal hold on. @@ -35134,10 +38000,14 @@ type PutObjectLegalHoldInput struct { LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object that you want to place a legal hold on. @@ -35265,6 +38135,8 @@ type PutObjectLegalHoldOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -35300,12 +38172,12 @@ type PutObjectLockConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35321,19 +38193,23 @@ type PutObjectLockConfigurationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The Object Lock configuration that you want to apply to the specified bucket. ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // A token to allow Object Lock to be enabled for an existing bucket. @@ -35449,6 +38325,8 @@ type PutObjectLockConfigurationOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -35481,89 +38359,133 @@ type PutObjectOutput struct { // Indicates whether the uploaded object uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Entity tag for the uploaded object. + // + // General purpose buckets - To ensure that data is not corrupted traversing + // the network, for objects where the ETag is the MD5 digest of the object, + // you can calculate the MD5 while putting an object to Amazon S3 and compare + // the returned ETag to the calculated MD5 value. + // + // Directory buckets - The ETag for the object in a directory bucket isn't the + // MD5 digest of the object. ETag *string `location:"header" locationName:"ETag" type:"string"` // If the expiration is configured for the object (see PutBucketLifecycleConfiguration - // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), - // the response includes this header. It includes the expiry-date and rule-id - // key-value pairs that provide information about object expiration. The value - // of the rule-id is URL-encoded. + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)) + // in the Amazon S3 User Guide, the response includes this header. It includes + // the expiry-date and rule-id key-value pairs that provide information about + // object expiration. The value of the rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 // string holding JSON with the encryption context key-value pairs. This value // is stored as object metadata and automatically gets passed on to Amazon Web // Services KMS for future GetObject or CopyObject operations on this object. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, - // this header specifies the ID of the Key Management Service (KMS) symmetric + // this header indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` - // Version of the object. + // Version ID of the object. + // + // If you enable versioning for a bucket, Amazon S3 automatically generates + // a unique version ID for the object being stored. Amazon S3 returns this ID + // in the response. When you enable versioning for a bucket, if Amazon S3 receives + // multiple write requests for the same object simultaneously, it stores all + // of the objects. For more information about versioning, see Adding Objects + // to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) + // in the Amazon S3 User Guide. For information about returning the versioning + // state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -35675,8 +38597,10 @@ type PutObjectRetentionInput struct { // The bucket name that contains the object you want to apply this Object Retention // configuration to. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -35688,12 +38612,12 @@ type PutObjectRetentionInput struct { // Indicates whether this action should bypass Governance-mode restrictions. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35709,9 +38633,9 @@ type PutObjectRetentionInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object that you want to apply this Object Retention @@ -35721,10 +38645,14 @@ type PutObjectRetentionInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The container element for the Object Retention configuration. @@ -35862,6 +38790,8 @@ type PutObjectRetentionOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -35894,30 +38824,33 @@ type PutObjectTaggingInput struct { // The bucket name containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35933,9 +38866,9 @@ type PutObjectTaggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Name of the object key. @@ -35944,10 +38877,14 @@ type PutObjectTaggingInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for the TagSet and Tag elements @@ -36123,12 +39060,12 @@ type PutPublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -36144,9 +39081,9 @@ type PutPublicAccessBlockInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The PublicAccessBlock configuration that you want to apply to this Amazon @@ -37281,30 +40218,33 @@ type RestoreObjectInput struct { // The bucket name containing the object to restore. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -37316,9 +40256,9 @@ type RestoreObjectInput struct { // must be populated with the algorithm's checksum of the request payload. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the action was initiated. @@ -37327,10 +40267,14 @@ type RestoreObjectInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for restore job parameters. @@ -37466,6 +40410,8 @@ type RestoreObjectOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Indicates the path in the provided S3 output location where Select results @@ -37624,6 +40570,9 @@ func (s *RestoreRequest) SetType(v string) *RestoreRequest { // about these storage classes and how to work with archived objects, see Working // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) // in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. Only the S3 Express +// One Zone storage class is supported by directory buckets to store objects. type RestoreStatus struct { _ struct{} `type:"structure"` @@ -38191,9 +41140,9 @@ type SelectObjectContentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The expression that is used to query the object. @@ -38572,7 +41521,15 @@ type ServerSideEncryptionByDefault struct { // KMS key ID to use for the default encryption. This parameter is allowed if // and only if SSEAlgorithm is set to aws:kms. // - // You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. + // You can specify the key ID, key alias, or the Amazon Resource Name (ARN) + // of the KMS key. + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key Alias: alias/alias-name + // // If you use a key ID, you can run into a LogDestination undeliverable error // when creating a VPC flow log. // @@ -38580,10 +41537,6 @@ type ServerSideEncryptionByDefault struct { // operations you must use a fully qualified KMS key ARN. For more information, // see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). // - // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab - // - // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab - // // Amazon S3 only supports symmetric encryption KMS keys. For more information, // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Amazon Web Services Key Management Service Developer Guide. @@ -38764,6 +41717,118 @@ func (s *ServerSideEncryptionRule) SetBucketKeyEnabled(v bool) *ServerSideEncryp return s } +// The established temporary security credentials of the session. +// +// Directory buckets - These session credentials are only supported for the +// authentication and authorization of Zonal endpoint APIs on directory buckets. +type SessionCredentials struct { + _ struct{} `type:"structure"` + + // A unique identifier that's associated with a secret access key. The access + // key ID and the secret access key are used together to sign programmatic Amazon + // Web Services requests cryptographically. + // + // AccessKeyId is a required field + AccessKeyId *string `locationName:"AccessKeyId" type:"string" required:"true"` + + // Temporary security credentials expire after a specified interval. After temporary + // credentials expire, any calls that you make with those credentials will fail. + // So you must generate a new set of temporary credentials. Temporary credentials + // cannot be extended or refreshed beyond the original specified interval. + // + // Expiration is a required field + Expiration *time.Time `locationName:"Expiration" type:"timestamp" required:"true"` + + // A key that's used with the access key ID to cryptographically sign programmatic + // Amazon Web Services requests. Signing a request identifies the sender and + // prevents the request from being altered. + // + // SecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionCredentials's + // String and GoString methods. + // + // SecretAccessKey is a required field + SecretAccessKey *string `locationName:"SecretAccessKey" type:"string" required:"true" sensitive:"true"` + + // A part of the temporary security credentials. The session token is used to + // validate the temporary security credentials. + // + // SessionToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionCredentials's + // String and GoString methods. + // + // SessionToken is a required field + SessionToken *string `locationName:"SessionToken" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionCredentials) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionCredentials) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *SessionCredentials) SetAccessKeyId(v string) *SessionCredentials { + s.AccessKeyId = &v + return s +} + +// SetExpiration sets the Expiration field's value. +func (s *SessionCredentials) SetExpiration(v time.Time) *SessionCredentials { + s.Expiration = &v + return s +} + +// SetSecretAccessKey sets the SecretAccessKey field's value. +func (s *SessionCredentials) SetSecretAccessKey(v string) *SessionCredentials { + s.SecretAccessKey = &v + return s +} + +// SetSessionToken sets the SessionToken field's value. +func (s *SessionCredentials) SetSessionToken(v string) *SessionCredentials { + s.SessionToken = &v + return s +} + +// To use simple format for S3 keys for log objects, set SimplePrefix to an +// empty object. +// +// [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +type SimplePrefix struct { + _ struct{} `locationName:"SimplePrefix" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SimplePrefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SimplePrefix) GoString() string { + return s.String() +} + // A container that describes additional filters for identifying the source // objects that you want to replicate. You can choose to enable or disable the // replication of these objects. Currently, Amazon S3 supports only the filter @@ -39300,6 +42365,49 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant { return s } +// Amazon S3 key format for log objects. Only one format, PartitionedPrefix +// or SimplePrefix, is allowed. +type TargetObjectKeyFormat struct { + _ struct{} `type:"structure"` + + // Partitioned S3 key for log objects. + PartitionedPrefix *PartitionedPrefix `locationName:"PartitionedPrefix" type:"structure"` + + // To use the simple format for S3 keys for log objects. To specify SimplePrefix + // format, set SimplePrefix to {}. + SimplePrefix *SimplePrefix `locationName:"SimplePrefix" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetObjectKeyFormat) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetObjectKeyFormat) GoString() string { + return s.String() +} + +// SetPartitionedPrefix sets the PartitionedPrefix field's value. +func (s *TargetObjectKeyFormat) SetPartitionedPrefix(v *PartitionedPrefix) *TargetObjectKeyFormat { + s.PartitionedPrefix = v + return s +} + +// SetSimplePrefix sets the SimplePrefix field's value. +func (s *TargetObjectKeyFormat) SetSimplePrefix(v *SimplePrefix) *TargetObjectKeyFormat { + s.SimplePrefix = v + return s +} + // The S3 Intelligent-Tiering storage class is designed to optimize storage // costs by automatically moving data to the most cost-effective storage access // tier, without additional operational overhead. @@ -39584,19 +42692,33 @@ type UploadPartCopyInput struct { // The bucket name. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -39618,34 +42740,81 @@ type UploadPartCopyInput struct { // my-access-point owned by account 123456789012 in Region us-west-2, use // the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. // The value must be URL encoded. Amazon S3 supports copy operations using - // access points only when the source and destination buckets are in the - // same Amazon Web Services Region. Alternatively, for objects accessed through - // Amazon S3 on Outposts, specify the ARN of the object as accessed in the - // format arn:aws:s3-outposts:::outpost//object/. + // Access points only when the source and destination buckets are in the + // same Amazon Web Services Region. Access points are not supported by directory + // buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, + // specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. // For example, to copy the object reports/january.pdf through outpost my-outpost // owned by account 123456789012 in Region us-west-2, use the URL encoding // of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. // The value must be URL-encoded. // - // To copy a specific version of an object, append ?versionId= to - // the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). - // If you don't specify a version ID, Amazon S3 copies the latest version of - // the source object. + // If your bucket has versioning enabled, you could have multiple versions of + // the same object. By default, x-amz-copy-source identifies the current version + // of the source object to copy. To copy a specific version of the source object + // to copy, append ?versionId= to the x-amz-copy-source request + // header (for example, x-amz-copy-source: /awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + // + // If the current version is a delete marker and you don't specify a versionId + // in the x-amz-copy-source request header, Amazon S3 returns a 404 Not Found + // error, because the object does not exist. If you specify versionId in the + // x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns + // an HTTP 400 Bad Request error, because you are not allowed to specify a delete + // marker as a version for the x-amz-copy-source. + // + // Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. // // CopySource is a required field CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"` // Copies the object if its entity tag (ETag) matches the specified tag. + // + // If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-match condition evaluates to true, and; + // + // x-amz-copy-source-if-unmodified-since condition evaluates to false; + // + // Amazon S3 returns 200 OK and copies the data. CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"` // Copies the object if it has been modified since the specified time. + // + // If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-none-match condition evaluates to false, and; + // + // x-amz-copy-source-if-modified-since condition evaluates to true; + // + // Amazon S3 returns 412 Precondition Failed response code. CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"` // Copies the object if its entity tag (ETag) is different than the specified // ETag. + // + // If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-none-match condition evaluates to false, and; + // + // x-amz-copy-source-if-modified-since condition evaluates to true; + // + // Amazon S3 returns 412 Precondition Failed response code. CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"` // Copies the object if it hasn't been modified since the specified time. + // + // If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-match condition evaluates to true, and; + // + // x-amz-copy-source-if-unmodified-since condition evaluates to false; + // + // Amazon S3 returns 200 OK and copies the data. CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` // The range of bytes to copy from the source object. The range value must use @@ -39657,12 +42826,18 @@ type UploadPartCopyInput struct { // Specifies the algorithm to use when decrypting the source object (for example, // AES256). + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt // the source object. The encryption key provided in this header must be one // that was used when the source object was created. // + // This functionality is not supported when the source object is in a directory + // bucket. + // // CopySourceSSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyInput's // String and GoString methods. @@ -39671,16 +42846,19 @@ type UploadPartCopyInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` - // The account ID of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request fails with the HTTP status - // code 403 Forbidden (access denied). + // The account ID of the expected destination bucket owner. If the account ID + // that you provide does not match the actual owner of the destination bucket, + // the request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The account ID of the expected source bucket owner. If the source bucket - // is owned by a different account, the request fails with the HTTP status code - // 403 Forbidden (access denied). + // The account ID of the expected source bucket owner. If the account ID that + // you provide does not match the actual owner of the source bucket, the request + // fails with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -39695,14 +42873,20 @@ type UploadPartCopyInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -39712,6 +42896,9 @@ type UploadPartCopyInput struct { // header. This must be the same encryption key specified in the initiate multipart // upload request. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyInput's // String and GoString methods. @@ -39720,6 +42907,9 @@ type UploadPartCopyInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being copied. @@ -39944,6 +43134,8 @@ type UploadPartCopyOutput struct { // Indicates whether the multipart upload uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. @@ -39951,32 +43143,46 @@ type UploadPartCopyOutput struct { // The version of the source object that was copied, if you have enabled versioning // on the source bucket. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } @@ -40054,30 +43260,44 @@ type UploadPartInput struct { // The name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -40127,11 +43347,13 @@ type UploadPartInput struct { // The base64-encoded 128-bit MD5 digest of the part data. This parameter is // auto-populated when using the command from the CLI. This parameter is required // if object lock parameters are specified. + // + // This functionality is not supported for directory buckets. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -40146,14 +43368,19 @@ type UploadPartInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -40163,6 +43390,8 @@ type UploadPartInput struct { // header. This must be the same encryption key specified in the initiate multipart // upload request. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartInput's // String and GoString methods. @@ -40171,6 +43400,8 @@ type UploadPartInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being uploaded. @@ -40373,37 +43604,47 @@ type UploadPartOutput struct { // Indicates whether the multipart upload uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` @@ -40412,28 +43653,39 @@ type UploadPartOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } @@ -40817,6 +44069,8 @@ type WriteGetObjectResponseInput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-fwd-header-x-amz-request-charged" type:"string" enum:"RequestCharged"` // Route prefix to the HTTP URL generated. @@ -40843,9 +44097,9 @@ type WriteGetObjectResponseInput struct { // server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html). SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric encryption customer managed key that - // was used for stored in Amazon S3 object. + // If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the Amazon + // Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption + // customer managed key that was used for stored in Amazon S3 object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by WriteGetObjectResponseInput's @@ -41293,6 +44547,9 @@ const ( // BucketLocationConstraintApSouth1 is a BucketLocationConstraint enum value BucketLocationConstraintApSouth1 = "ap-south-1" + // BucketLocationConstraintApSouth2 is a BucketLocationConstraint enum value + BucketLocationConstraintApSouth2 = "ap-south-2" + // BucketLocationConstraintApSoutheast1 is a BucketLocationConstraint enum value BucketLocationConstraintApSoutheast1 = "ap-southeast-1" @@ -41323,6 +44580,9 @@ const ( // BucketLocationConstraintEuSouth1 is a BucketLocationConstraint enum value BucketLocationConstraintEuSouth1 = "eu-south-1" + // BucketLocationConstraintEuSouth2 is a BucketLocationConstraint enum value + BucketLocationConstraintEuSouth2 = "eu-south-2" + // BucketLocationConstraintEuWest1 is a BucketLocationConstraint enum value BucketLocationConstraintEuWest1 = "eu-west-1" @@ -41363,6 +44623,7 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintApNortheast2, BucketLocationConstraintApNortheast3, BucketLocationConstraintApSouth1, + BucketLocationConstraintApSouth2, BucketLocationConstraintApSoutheast1, BucketLocationConstraintApSoutheast2, BucketLocationConstraintApSoutheast3, @@ -41373,6 +44634,7 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintEuCentral1, BucketLocationConstraintEuNorth1, BucketLocationConstraintEuSouth1, + BucketLocationConstraintEuSouth2, BucketLocationConstraintEuWest1, BucketLocationConstraintEuWest2, BucketLocationConstraintEuWest3, @@ -41406,6 +44668,18 @@ func BucketLogsPermission_Values() []string { } } +const ( + // BucketTypeDirectory is a BucketType enum value + BucketTypeDirectory = "Directory" +) + +// BucketType_Values returns all elements of the BucketType enum +func BucketType_Values() []string { + return []string{ + BucketTypeDirectory, + } +} + const ( // BucketVersioningStatusEnabled is a BucketVersioningStatus enum value BucketVersioningStatusEnabled = "Enabled" @@ -41478,6 +44752,18 @@ func CompressionType_Values() []string { } } +const ( + // DataRedundancySingleAvailabilityZone is a DataRedundancy enum value + DataRedundancySingleAvailabilityZone = "SingleAvailabilityZone" +) + +// DataRedundancy_Values returns all elements of the DataRedundancy enum +func DataRedundancy_Values() []string { + return []string{ + DataRedundancySingleAvailabilityZone, + } +} + const ( // DeleteMarkerReplicationStatusEnabled is a DeleteMarkerReplicationStatus enum value DeleteMarkerReplicationStatusEnabled = "Enabled" @@ -41832,6 +45118,12 @@ const ( // InventoryOptionalFieldChecksumAlgorithm is a InventoryOptionalField enum value InventoryOptionalFieldChecksumAlgorithm = "ChecksumAlgorithm" + + // InventoryOptionalFieldObjectAccessControlList is a InventoryOptionalField enum value + InventoryOptionalFieldObjectAccessControlList = "ObjectAccessControlList" + + // InventoryOptionalFieldObjectOwner is a InventoryOptionalField enum value + InventoryOptionalFieldObjectOwner = "ObjectOwner" ) // InventoryOptionalField_Values returns all elements of the InventoryOptionalField enum @@ -41850,6 +45142,8 @@ func InventoryOptionalField_Values() []string { InventoryOptionalFieldIntelligentTieringAccessTier, InventoryOptionalFieldBucketKeyStatus, InventoryOptionalFieldChecksumAlgorithm, + InventoryOptionalFieldObjectAccessControlList, + InventoryOptionalFieldObjectOwner, } } @@ -41869,6 +45163,18 @@ func JSONType_Values() []string { } } +const ( + // LocationTypeAvailabilityZone is a LocationType enum value + LocationTypeAvailabilityZone = "AvailabilityZone" +) + +// LocationType_Values returns all elements of the LocationType enum +func LocationType_Values() []string { + return []string{ + LocationTypeAvailabilityZone, + } +} + const ( // MFADeleteEnabled is a MFADelete enum value MFADeleteEnabled = "Enabled" @@ -42069,8 +45375,19 @@ func ObjectLockRetentionMode_Values() []string { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that -// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control -// canned ACL or an equivalent form of this ACL expressed in the XML format. +// don't specify an ACL or specify bucket owner full control ACLs (such as the +// predefined bucket-owner-full-control canned ACL or a custom ACL in XML format +// that grants the same permissions). +// +// By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. +// We recommend keeping ACLs disabled, except in uncommon use cases where you +// must control access for each object individually. For more information about +// S3 Object Ownership, see Controlling ownership of objects and disabling ACLs +// for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. Directory buckets +// use the bucket owner enforced setting for S3 Object Ownership. const ( // ObjectOwnershipBucketOwnerPreferred is a ObjectOwnership enum value ObjectOwnershipBucketOwnerPreferred = "BucketOwnerPreferred" @@ -42121,6 +45438,9 @@ const ( // ObjectStorageClassSnow is a ObjectStorageClass enum value ObjectStorageClassSnow = "SNOW" + + // ObjectStorageClassExpressOnezone is a ObjectStorageClass enum value + ObjectStorageClassExpressOnezone = "EXPRESS_ONEZONE" ) // ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum @@ -42136,6 +45456,7 @@ func ObjectStorageClass_Values() []string { ObjectStorageClassOutposts, ObjectStorageClassGlacierIr, ObjectStorageClassSnow, + ObjectStorageClassExpressOnezone, } } @@ -42175,6 +45496,22 @@ func OwnerOverride_Values() []string { } } +const ( + // PartitionDateSourceEventTime is a PartitionDateSource enum value + PartitionDateSourceEventTime = "EventTime" + + // PartitionDateSourceDeliveryTime is a PartitionDateSource enum value + PartitionDateSourceDeliveryTime = "DeliveryTime" +) + +// PartitionDateSource_Values returns all elements of the PartitionDateSource enum +func PartitionDateSource_Values() []string { + return []string{ + PartitionDateSourceEventTime, + PartitionDateSourceDeliveryTime, + } +} + const ( // PayerRequester is a Payer enum value PayerRequester = "Requester" @@ -42295,6 +45632,9 @@ const ( // ReplicationStatusReplica is a ReplicationStatus enum value ReplicationStatusReplica = "REPLICA" + + // ReplicationStatusCompleted is a ReplicationStatus enum value + ReplicationStatusCompleted = "COMPLETED" ) // ReplicationStatus_Values returns all elements of the ReplicationStatus enum @@ -42304,6 +45644,7 @@ func ReplicationStatus_Values() []string { ReplicationStatusPending, ReplicationStatusFailed, ReplicationStatusReplica, + ReplicationStatusCompleted, } } @@ -42325,6 +45666,8 @@ func ReplicationTimeStatus_Values() []string { // If present, indicates that the requester was successfully charged for the // request. +// +// This functionality is not supported for directory buckets. const ( // RequestChargedRequester is a RequestCharged enum value RequestChargedRequester = "requester" @@ -42338,10 +45681,14 @@ func RequestCharged_Values() []string { } // Confirms that the requester knows that they will be charged for the request. -// Bucket owners need not specify this parameter in their requests. For information -// about downloading objects from Requester Pays buckets, see Downloading Objects +// Bucket owners need not specify this parameter in their requests. If either +// the source or destination S3 bucket has Requester Pays enabled, the requester +// will pay for corresponding charges to copy the object. For information about +// downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. const ( // RequestPayerRequester is a RequestPayer enum value RequestPayerRequester = "requester" @@ -42386,6 +45733,22 @@ func ServerSideEncryption_Values() []string { } } +const ( + // SessionModeReadOnly is a SessionMode enum value + SessionModeReadOnly = "ReadOnly" + + // SessionModeReadWrite is a SessionMode enum value + SessionModeReadWrite = "ReadWrite" +) + +// SessionMode_Values returns all elements of the SessionMode enum +func SessionMode_Values() []string { + return []string{ + SessionModeReadOnly, + SessionModeReadWrite, + } +} + const ( // SseKmsEncryptedObjectsStatusEnabled is a SseKmsEncryptedObjectsStatus enum value SseKmsEncryptedObjectsStatusEnabled = "Enabled" @@ -42432,6 +45795,9 @@ const ( // StorageClassSnow is a StorageClass enum value StorageClassSnow = "SNOW" + + // StorageClassExpressOnezone is a StorageClass enum value + StorageClassExpressOnezone = "EXPRESS_ONEZONE" ) // StorageClass_Values returns all elements of the StorageClass enum @@ -42447,6 +45813,7 @@ func StorageClass_Values() []string { StorageClassOutposts, StorageClassGlacierIr, StorageClassSnow, + StorageClassExpressOnezone, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go index cd6a2e8ae4952..8a67333ab2662 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go @@ -25,6 +25,15 @@ const ( // "InvalidObjectState". // // Object is archived and inaccessible until restored. + // + // If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval + // storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering + // Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, + // before you can retrieve the object you must first restore a copy using RestoreObject + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). + // Otherwise, this operation returns an InvalidObjectState error. For information + // about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) + // in the Amazon S3 User Guide. ErrCodeInvalidObjectState = "InvalidObjectState" // ErrCodeNoSuchBucket for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go index 844e7b66c8574..3850f80a8857d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go @@ -9,7 +9,7 @@ import ( "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/private/protocol" - "github.com/aws/aws-sdk-go/private/protocol/query" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" ) const opAddPermission = "AddPermission" @@ -50,7 +50,7 @@ func (c *SQS) AddPermissionRequest(input *AddPermissionInput) (req *request.Requ output = &AddPermissionOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -89,13 +89,41 @@ func (c *SQS) AddPermissionRequest(input *AddPermissionInput) (req *request.Requ // See the AWS API reference guide for Amazon Simple Queue Service's // API operation AddPermission for usage and error information. // -// Returned Error Codes: -// - ErrCodeOverLimit "OverLimit" +// Returned Error Types: +// +// - OverLimit // The specified action violates a limit. For example, ReceiveMessage returns // this error if the maximum number of in flight messages is reached and AddPermission // returns this error if the maximum number of permissions for the queue is // reached. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/AddPermission func (c *SQS) AddPermission(input *AddPermissionInput) (*AddPermissionOutput, error) { req, out := c.AddPermissionRequest(input) @@ -161,14 +189,22 @@ func (c *SQS) CancelMessageMoveTaskRequest(input *CancelMessageMoveTaskInput) (r // CancelMessageMoveTask API operation for Amazon Simple Queue Service. // -// Cancels a specified message movement task. +// Cancels a specified message movement task. A message movement can only be +// cancelled when the current status is RUNNING. Cancelling a message movement +// task does not revert the messages that have already been moved. It can only +// stop the messages that have not been moved yet. +// +// - This action is currently limited to supporting message redrive from +// dead-letter queues (DLQs) (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) +// only. In this context, the source queue is the dead-letter queue (DLQ), +// while the destination queue can be the original source queue (from which +// the messages were driven to the dead-letter-queue), or a custom destination +// queue. // -// - A message movement can only be cancelled when the current status is -// RUNNING. +// - Currently, only standard queues are supported. // -// - Cancelling a message movement task does not revert the messages that -// have already been moved. It can only stop the messages that have not been -// moved yet. +// - Only one active message movement task is supported per queue at any +// given time. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -177,12 +213,33 @@ func (c *SQS) CancelMessageMoveTaskRequest(input *CancelMessageMoveTaskInput) (r // See the AWS API reference guide for Amazon Simple Queue Service's // API operation CancelMessageMoveTask for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// - ResourceNotFoundException // One or more specified resources don't exist. // -// - ErrCodeUnsupportedOperation "AWS.SimpleQueueService.UnsupportedOperation" +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation // Error code 400. Unsupported operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/CancelMessageMoveTask @@ -245,7 +302,7 @@ func (c *SQS) ChangeMessageVisibilityRequest(input *ChangeMessageVisibilityInput output = &ChangeMessageVisibilityOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -313,14 +370,41 @@ func (c *SQS) ChangeMessageVisibilityRequest(input *ChangeMessageVisibilityInput // See the AWS API reference guide for Amazon Simple Queue Service's // API operation ChangeMessageVisibility for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeMessageNotInflight "AWS.SimpleQueueService.MessageNotInflight" +// - MessageNotInflight // The specified message isn't in flight. // -// - ErrCodeReceiptHandleIsInvalid "ReceiptHandleIsInvalid" +// - ReceiptHandleIsInvalid // The specified receipt handle isn't valid. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ChangeMessageVisibility func (c *SQS) ChangeMessageVisibility(input *ChangeMessageVisibilityInput) (*ChangeMessageVisibilityOutput, error) { req, out := c.ChangeMessageVisibilityRequest(input) @@ -402,20 +486,47 @@ func (c *SQS) ChangeMessageVisibilityBatchRequest(input *ChangeMessageVisibility // See the AWS API reference guide for Amazon Simple Queue Service's // API operation ChangeMessageVisibilityBatch for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeTooManyEntriesInBatchRequest "AWS.SimpleQueueService.TooManyEntriesInBatchRequest" +// - TooManyEntriesInBatchRequest // The batch request contains more entries than permissible. // -// - ErrCodeEmptyBatchRequest "AWS.SimpleQueueService.EmptyBatchRequest" +// - EmptyBatchRequest // The batch request doesn't contain any entries. // -// - ErrCodeBatchEntryIdsNotDistinct "AWS.SimpleQueueService.BatchEntryIdsNotDistinct" +// - BatchEntryIdsNotDistinct // Two or more batch entries in the request have the same Id. // -// - ErrCodeInvalidBatchEntryId "AWS.SimpleQueueService.InvalidBatchEntryId" +// - InvalidBatchEntryId // The Id of a batch entry in a batch request doesn't abide by the specification. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ChangeMessageVisibilityBatch func (c *SQS) ChangeMessageVisibilityBatch(input *ChangeMessageVisibilityBatchInput) (*ChangeMessageVisibilityBatchOutput, error) { req, out := c.ChangeMessageVisibilityBatchRequest(input) @@ -526,17 +637,47 @@ func (c *SQS) CreateQueueRequest(input *CreateQueueInput) (req *request.Request, // See the AWS API reference guide for Amazon Simple Queue Service's // API operation CreateQueue for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeQueueDeletedRecently "AWS.SimpleQueueService.QueueDeletedRecently" +// - QueueDeletedRecently // You must wait 60 seconds after deleting a queue before you can create another // queue with the same name. // -// - ErrCodeQueueNameExists "QueueAlreadyExists" +// - QueueNameExists // A queue with this name already exists. Amazon SQS returns this error only // if the request includes attributes whose values differ from those of the // existing queue. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidAttributeName +// The specified attribute doesn't exist. +// +// - InvalidAttributeValue +// A queue attribute value is invalid. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/CreateQueue func (c *SQS) CreateQueue(input *CreateQueueInput) (*CreateQueueOutput, error) { req, out := c.CreateQueueRequest(input) @@ -597,7 +738,7 @@ func (c *SQS) DeleteMessageRequest(input *DeleteMessageInput) (req *request.Requ output = &DeleteMessageOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -631,14 +772,41 @@ func (c *SQS) DeleteMessageRequest(input *DeleteMessageInput) (req *request.Requ // See the AWS API reference guide for Amazon Simple Queue Service's // API operation DeleteMessage for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeInvalidIdFormat "InvalidIdFormat" +// - InvalidIdFormat // The specified receipt handle isn't valid for the current version. // -// - ErrCodeReceiptHandleIsInvalid "ReceiptHandleIsInvalid" +// - ReceiptHandleIsInvalid // The specified receipt handle isn't valid. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - InvalidAddress +// The accountId is invalid. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/DeleteMessage func (c *SQS) DeleteMessage(input *DeleteMessageInput) (*DeleteMessageOutput, error) { req, out := c.DeleteMessageRequest(input) @@ -719,20 +887,47 @@ func (c *SQS) DeleteMessageBatchRequest(input *DeleteMessageBatchInput) (req *re // See the AWS API reference guide for Amazon Simple Queue Service's // API operation DeleteMessageBatch for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeTooManyEntriesInBatchRequest "AWS.SimpleQueueService.TooManyEntriesInBatchRequest" +// - TooManyEntriesInBatchRequest // The batch request contains more entries than permissible. // -// - ErrCodeEmptyBatchRequest "AWS.SimpleQueueService.EmptyBatchRequest" +// - EmptyBatchRequest // The batch request doesn't contain any entries. // -// - ErrCodeBatchEntryIdsNotDistinct "AWS.SimpleQueueService.BatchEntryIdsNotDistinct" +// - BatchEntryIdsNotDistinct // Two or more batch entries in the request have the same Id. // -// - ErrCodeInvalidBatchEntryId "AWS.SimpleQueueService.InvalidBatchEntryId" +// - InvalidBatchEntryId // The Id of a batch entry in a batch request doesn't abide by the specification. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/DeleteMessageBatch func (c *SQS) DeleteMessageBatch(input *DeleteMessageBatchInput) (*DeleteMessageBatchOutput, error) { req, out := c.DeleteMessageBatchRequest(input) @@ -793,7 +988,7 @@ func (c *SQS) DeleteQueueRequest(input *DeleteQueueInput) (req *request.Request, output = &DeleteQueueOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -824,6 +1019,36 @@ func (c *SQS) DeleteQueueRequest(input *DeleteQueueInput) (req *request.Request, // // See the AWS API reference guide for Amazon Simple Queue Service's // API operation DeleteQueue for usage and error information. +// +// Returned Error Types: +// +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - InvalidAddress +// The accountId is invalid. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/DeleteQueue func (c *SQS) DeleteQueue(input *DeleteQueueInput) (*DeleteQueueOutput, error) { req, out := c.DeleteQueueRequest(input) @@ -901,10 +1126,38 @@ func (c *SQS) GetQueueAttributesRequest(input *GetQueueAttributesInput) (req *re // See the AWS API reference guide for Amazon Simple Queue Service's // API operation GetQueueAttributes for usage and error information. // -// Returned Error Codes: -// - ErrCodeInvalidAttributeName "InvalidAttributeName" +// Returned Error Types: +// +// - InvalidAttributeName // The specified attribute doesn't exist. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - InvalidAddress +// The accountId is invalid. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/GetQueueAttributes func (c *SQS) GetQueueAttributes(input *GetQueueAttributesInput) (*GetQueueAttributesOutput, error) { req, out := c.GetQueueAttributesRequest(input) @@ -986,10 +1239,35 @@ func (c *SQS) GetQueueUrlRequest(input *GetQueueUrlInput) (req *request.Request, // See the AWS API reference guide for Amazon Simple Queue Service's // API operation GetQueueUrl for usage and error information. // -// Returned Error Codes: -// - ErrCodeQueueDoesNotExist "AWS.SimpleQueueService.NonExistentQueue" +// Returned Error Types: +// +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist // The specified queue doesn't exist. // +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/GetQueueUrl func (c *SQS) GetQueueUrl(input *GetQueueUrlInput) (*GetQueueUrlOutput, error) { req, out := c.GetQueueUrlRequest(input) @@ -1083,10 +1361,35 @@ func (c *SQS) ListDeadLetterSourceQueuesRequest(input *ListDeadLetterSourceQueue // See the AWS API reference guide for Amazon Simple Queue Service's // API operation ListDeadLetterSourceQueues for usage and error information. // -// Returned Error Codes: -// - ErrCodeQueueDoesNotExist "AWS.SimpleQueueService.NonExistentQueue" +// Returned Error Types: +// +// - QueueDoesNotExist // The specified queue doesn't exist. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - InvalidAddress +// The accountId is invalid. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ListDeadLetterSourceQueues func (c *SQS) ListDeadLetterSourceQueues(input *ListDeadLetterSourceQueuesInput) (*ListDeadLetterSourceQueuesOutput, error) { req, out := c.ListDeadLetterSourceQueuesRequest(input) @@ -1206,6 +1509,18 @@ func (c *SQS) ListMessageMoveTasksRequest(input *ListMessageMoveTasksInput) (req // Gets the most recent message movement tasks (up to 10) under a specific source // queue. // +// - This action is currently limited to supporting message redrive from +// dead-letter queues (DLQs) (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) +// only. In this context, the source queue is the dead-letter queue (DLQ), +// while the destination queue can be the original source queue (from which +// the messages were driven to the dead-letter-queue), or a custom destination +// queue. +// +// - Currently, only standard queues are supported. +// +// - Only one active message movement task is supported per queue at any +// given time. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1213,12 +1528,33 @@ func (c *SQS) ListMessageMoveTasksRequest(input *ListMessageMoveTasksInput) (req // See the AWS API reference guide for Amazon Simple Queue Service's // API operation ListMessageMoveTasks for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// - ResourceNotFoundException // One or more specified resources don't exist. // -// - ErrCodeUnsupportedOperation "AWS.SimpleQueueService.UnsupportedOperation" +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation // Error code 400. Unsupported operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ListMessageMoveTasks @@ -1300,6 +1636,36 @@ func (c *SQS) ListQueueTagsRequest(input *ListQueueTagsInput) (req *request.Requ // // See the AWS API reference guide for Amazon Simple Queue Service's // API operation ListQueueTags for usage and error information. +// +// Returned Error Types: +// +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ListQueueTags func (c *SQS) ListQueueTags(input *ListQueueTagsInput) (*ListQueueTagsOutput, error) { req, out := c.ListQueueTagsRequest(input) @@ -1393,6 +1759,33 @@ func (c *SQS) ListQueuesRequest(input *ListQueuesInput) (req *request.Request, o // // See the AWS API reference guide for Amazon Simple Queue Service's // API operation ListQueues for usage and error information. +// +// Returned Error Types: +// +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - InvalidAddress +// The accountId is invalid. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ListQueues func (c *SQS) ListQueues(input *ListQueuesInput) (*ListQueuesOutput, error) { req, out := c.ListQueuesRequest(input) @@ -1504,13 +1897,14 @@ func (c *SQS) PurgeQueueRequest(input *PurgeQueueInput) (req *request.Request, o output = &PurgeQueueOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // PurgeQueue API operation for Amazon Simple Queue Service. // -// Deletes the messages in a queue specified by the QueueURL parameter. +// Deletes available messages in a queue (including in-flight messages) specified +// by the QueueURL parameter. // // When you use the PurgeQueue action, you can't retrieve any messages deleted // from a queue. @@ -1531,16 +1925,40 @@ func (c *SQS) PurgeQueueRequest(input *PurgeQueueInput) (req *request.Request, o // See the AWS API reference guide for Amazon Simple Queue Service's // API operation PurgeQueue for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeQueueDoesNotExist "AWS.SimpleQueueService.NonExistentQueue" +// - QueueDoesNotExist // The specified queue doesn't exist. // -// - ErrCodePurgeQueueInProgress "AWS.SimpleQueueService.PurgeQueueInProgress" +// - PurgeQueueInProgress // Indicates that the specified queue previously received a PurgeQueue request // within the last 60 seconds (the time it can take to delete the messages in // the queue). // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/PurgeQueue func (c *SQS) PurgeQueue(input *PurgeQueueInput) (*PurgeQueueOutput, error) { req, out := c.PurgeQueueRequest(input) @@ -1661,13 +2079,70 @@ func (c *SQS) ReceiveMessageRequest(input *ReceiveMessageInput) (req *request.Re // See the AWS API reference guide for Amazon Simple Queue Service's // API operation ReceiveMessage for usage and error information. // -// Returned Error Codes: -// - ErrCodeOverLimit "OverLimit" +// Returned Error Types: +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - OverLimit // The specified action violates a limit. For example, ReceiveMessage returns // this error if the maximum number of in flight messages is reached and AddPermission // returns this error if the maximum number of permissions for the queue is // reached. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - KmsDisabled +// The request was denied due to request throttling. +// +// - KmsInvalidState +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// - KmsNotFound +// The request was rejected because the specified entity or resource could not +// be found. +// +// - KmsOptInRequired +// The request was rejected because the specified key policy isn't syntactically +// or semantically correct. +// +// - KmsThrottled +// Amazon Web Services KMS throttles requests for the following conditions. +// +// - KmsAccessDenied +// The caller doesn't have the required KMS access. +// +// - KmsInvalidKeyUsage +// The request was rejected for one of the following reasons: +// +// - The KeyUsage value of the KMS key is incompatible with the API operation. +// +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). +// +// - InvalidAddress +// The accountId is invalid. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ReceiveMessage func (c *SQS) ReceiveMessage(input *ReceiveMessageInput) (*ReceiveMessageOutput, error) { req, out := c.ReceiveMessageRequest(input) @@ -1728,7 +2203,7 @@ func (c *SQS) RemovePermissionRequest(input *RemovePermissionInput) (req *reques output = &RemovePermissionOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -1753,6 +2228,36 @@ func (c *SQS) RemovePermissionRequest(input *RemovePermissionInput) (req *reques // // See the AWS API reference guide for Amazon Simple Queue Service's // API operation RemovePermission for usage and error information. +// +// Returned Error Types: +// +// - InvalidAddress +// The accountId is invalid. +// +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/RemovePermission func (c *SQS) RemovePermission(input *RemovePermissionInput) (*RemovePermissionOutput, error) { req, out := c.RemovePermissionRequest(input) @@ -1835,14 +2340,67 @@ func (c *SQS) SendMessageRequest(input *SendMessageInput) (req *request.Request, // See the AWS API reference guide for Amazon Simple Queue Service's // API operation SendMessage for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeInvalidMessageContents "InvalidMessageContents" +// - InvalidMessageContents // The message contains characters outside the allowed set. // -// - ErrCodeUnsupportedOperation "AWS.SimpleQueueService.UnsupportedOperation" +// - UnsupportedOperation // Error code 400. Unsupported operation. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - KmsDisabled +// The request was denied due to request throttling. +// +// - KmsInvalidState +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// - KmsNotFound +// The request was rejected because the specified entity or resource could not +// be found. +// +// - KmsOptInRequired +// The request was rejected because the specified key policy isn't syntactically +// or semantically correct. +// +// - KmsThrottled +// Amazon Web Services KMS throttles requests for the following conditions. +// +// - KmsAccessDenied +// The caller doesn't have the required KMS access. +// +// - KmsInvalidKeyUsage +// The request was rejected for one of the following reasons: +// +// - The KeyUsage value of the KMS key is incompatible with the API operation. +// +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). +// +// - InvalidAddress +// The accountId is invalid. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/SendMessage func (c *SQS) SendMessage(input *SendMessageInput) (*SendMessageOutput, error) { req, out := c.SendMessageRequest(input) @@ -1941,26 +2499,79 @@ func (c *SQS) SendMessageBatchRequest(input *SendMessageBatchInput) (req *reques // See the AWS API reference guide for Amazon Simple Queue Service's // API operation SendMessageBatch for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeTooManyEntriesInBatchRequest "AWS.SimpleQueueService.TooManyEntriesInBatchRequest" +// - TooManyEntriesInBatchRequest // The batch request contains more entries than permissible. // -// - ErrCodeEmptyBatchRequest "AWS.SimpleQueueService.EmptyBatchRequest" +// - EmptyBatchRequest // The batch request doesn't contain any entries. // -// - ErrCodeBatchEntryIdsNotDistinct "AWS.SimpleQueueService.BatchEntryIdsNotDistinct" +// - BatchEntryIdsNotDistinct // Two or more batch entries in the request have the same Id. // -// - ErrCodeBatchRequestTooLong "AWS.SimpleQueueService.BatchRequestTooLong" +// - BatchRequestTooLong // The length of all the messages put together is more than the limit. // -// - ErrCodeInvalidBatchEntryId "AWS.SimpleQueueService.InvalidBatchEntryId" +// - InvalidBatchEntryId // The Id of a batch entry in a batch request doesn't abide by the specification. // -// - ErrCodeUnsupportedOperation "AWS.SimpleQueueService.UnsupportedOperation" +// - UnsupportedOperation // Error code 400. Unsupported operation. // +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - KmsDisabled +// The request was denied due to request throttling. +// +// - KmsInvalidState +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// - KmsNotFound +// The request was rejected because the specified entity or resource could not +// be found. +// +// - KmsOptInRequired +// The request was rejected because the specified key policy isn't syntactically +// or semantically correct. +// +// - KmsThrottled +// Amazon Web Services KMS throttles requests for the following conditions. +// +// - KmsAccessDenied +// The caller doesn't have the required KMS access. +// +// - KmsInvalidKeyUsage +// The request was rejected for one of the following reasons: +// +// - The KeyUsage value of the KMS key is incompatible with the API operation. +// +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). +// +// - InvalidAddress +// The accountId is invalid. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/SendMessageBatch func (c *SQS) SendMessageBatch(input *SendMessageBatchInput) (*SendMessageBatchOutput, error) { req, out := c.SendMessageBatchRequest(input) @@ -2021,7 +2632,7 @@ func (c *SQS) SetQueueAttributesRequest(input *SetQueueAttributesInput) (req *re output = &SetQueueAttributesOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -2053,10 +2664,47 @@ func (c *SQS) SetQueueAttributesRequest(input *SetQueueAttributesInput) (req *re // See the AWS API reference guide for Amazon Simple Queue Service's // API operation SetQueueAttributes for usage and error information. // -// Returned Error Codes: -// - ErrCodeInvalidAttributeName "InvalidAttributeName" +// Returned Error Types: +// +// - InvalidAttributeName // The specified attribute doesn't exist. // +// - InvalidAttributeValue +// A queue attribute value is invalid. +// +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// - OverLimit +// The specified action violates a limit. For example, ReceiveMessage returns +// this error if the maximum number of in flight messages is reached and AddPermission +// returns this error if the maximum number of permissions for the queue is +// reached. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/SetQueueAttributes func (c *SQS) SetQueueAttributes(input *SetQueueAttributesInput) (*SetQueueAttributesOutput, error) { req, out := c.SetQueueAttributesRequest(input) @@ -2126,12 +2774,17 @@ func (c *SQS) StartMessageMoveTaskRequest(input *StartMessageMoveTaskInput) (req // to a specified destination queue. // // - This action is currently limited to supporting message redrive from -// dead-letter queues (DLQs) only. In this context, the source queue is the -// dead-letter queue (DLQ), while the destination queue can be the original +// queues that are configured as dead-letter queues (DLQs) (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) +// of other Amazon SQS queues only. Non-SQS queue sources of dead-letter +// queues, such as Lambda or Amazon SNS topics, are currently not supported. +// +// - In dead-letter queues redrive context, the StartMessageMoveTask the +// source queue is the DLQ, while the destination queue can be the original // source queue (from which the messages were driven to the dead-letter-queue), // or a custom destination queue. // -// - Currently, only standard queues are supported. +// - Currently, only standard queues support redrive. FIFO queues don't support +// redrive. // // - Only one active message movement task is supported per queue at any // given time. @@ -2143,12 +2796,33 @@ func (c *SQS) StartMessageMoveTaskRequest(input *StartMessageMoveTaskInput) (req // See the AWS API reference guide for Amazon Simple Queue Service's // API operation StartMessageMoveTask for usage and error information. // -// Returned Error Codes: +// Returned Error Types: // -// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// - ResourceNotFoundException // One or more specified resources don't exist. // -// - ErrCodeUnsupportedOperation "AWS.SimpleQueueService.UnsupportedOperation" +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - InvalidAddress +// The accountId is invalid. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation // Error code 400. Unsupported operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/StartMessageMoveTask @@ -2211,7 +2885,7 @@ func (c *SQS) TagQueueRequest(input *TagQueueInput) (req *request.Request, outpu output = &TagQueueOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -2246,14 +2920,44 @@ func (c *SQS) TagQueueRequest(input *TagQueueInput) (req *request.Request, outpu // // See the AWS API reference guide for Amazon Simple Queue Service's // API operation TagQueue for usage and error information. -// See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/TagQueue -func (c *SQS) TagQueue(input *TagQueueInput) (*TagQueueOutput, error) { - req, out := c.TagQueueRequest(input) - return out, req.Send() -} - -// TagQueueWithContext is the same as TagQueue with the addition of -// the ability to pass a context and additional request options. +// +// Returned Error Types: +// +// - InvalidAddress +// The accountId is invalid. +// +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/TagQueue +func (c *SQS) TagQueue(input *TagQueueInput) (*TagQueueOutput, error) { + req, out := c.TagQueueRequest(input) + return out, req.Send() +} + +// TagQueueWithContext is the same as TagQueue with the addition of +// the ability to pass a context and additional request options. // // See TagQueue for details on how to use this API operation. // @@ -2306,7 +3010,7 @@ func (c *SQS) UntagQueueRequest(input *UntagQueueInput) (req *request.Request, o output = &UntagQueueOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -2326,6 +3030,36 @@ func (c *SQS) UntagQueueRequest(input *UntagQueueInput) (req *request.Request, o // // See the AWS API reference guide for Amazon Simple Queue Service's // API operation UntagQueue for usage and error information. +// +// Returned Error Types: +// +// - InvalidAddress +// The accountId is invalid. +// +// - RequestThrottled +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +// +// - QueueDoesNotExist +// The specified queue doesn't exist. +// +// - InvalidSecurity +// When the request to a queue is not HTTPS and SigV4. +// +// - UnsupportedOperation +// Error code 400. Unsupported operation. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/UntagQueue func (c *SQS) UntagQueue(input *UntagQueueInput) (*UntagQueueOutput, error) { req, out := c.UntagQueueRequest(input) @@ -2358,7 +3092,7 @@ type AddPermissionInput struct { // in the Amazon SQS Developer Guide. // // AWSAccountIds is a required field - AWSAccountIds []*string `locationNameList:"AWSAccountId" type:"list" flattened:"true" required:"true"` + AWSAccountIds []*string `type:"list" flattened:"true" required:"true"` // The action the client wants to allow for the specified principal. Valid values: // the name of any action or *. @@ -2372,7 +3106,7 @@ type AddPermissionInput struct { // SendMessageBatch, DeleteMessageBatch, and ChangeMessageVisibilityBatch. // // Actions is a required field - Actions []*string `locationNameList:"ActionName" type:"list" flattened:"true" required:"true"` + Actions []*string `type:"list" flattened:"true" required:"true"` // The unique identification of the permission you're setting (for example, // AliceSendMessage). Maximum 80 characters. Allowed characters include alphanumeric @@ -2475,6 +3209,154 @@ func (s AddPermissionOutput) GoString() string { return s.String() } +// Two or more batch entries in the request have the same Id. +type BatchEntryIdsNotDistinct struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchEntryIdsNotDistinct) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchEntryIdsNotDistinct) GoString() string { + return s.String() +} + +func newErrorBatchEntryIdsNotDistinct(v protocol.ResponseMetadata) error { + return &BatchEntryIdsNotDistinct{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorBatchEntryIdsNotDistinct(v protocol.ResponseMetadata, code string) error { + return &BatchEntryIdsNotDistinct{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *BatchEntryIdsNotDistinct) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "BatchEntryIdsNotDistinct" +} + +// Message returns the exception's message. +func (s *BatchEntryIdsNotDistinct) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *BatchEntryIdsNotDistinct) OrigErr() error { + return nil +} + +func (s *BatchEntryIdsNotDistinct) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *BatchEntryIdsNotDistinct) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *BatchEntryIdsNotDistinct) RequestID() string { + return s.RespMetadata.RequestID +} + +// The length of all the messages put together is more than the limit. +type BatchRequestTooLong struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchRequestTooLong) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchRequestTooLong) GoString() string { + return s.String() +} + +func newErrorBatchRequestTooLong(v protocol.ResponseMetadata) error { + return &BatchRequestTooLong{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorBatchRequestTooLong(v protocol.ResponseMetadata, code string) error { + return &BatchRequestTooLong{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *BatchRequestTooLong) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "BatchRequestTooLong" +} + +// Message returns the exception's message. +func (s *BatchRequestTooLong) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *BatchRequestTooLong) OrigErr() error { + return nil +} + +func (s *BatchRequestTooLong) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *BatchRequestTooLong) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *BatchRequestTooLong) RequestID() string { + return s.RespMetadata.RequestID +} + // Gives a detailed description of the result of an action on each entry in // the request. type BatchResultErrorEntry struct { @@ -2625,7 +3507,7 @@ type ChangeMessageVisibilityBatchInput struct { // must be changed. // // Entries is a required field - Entries []*ChangeMessageVisibilityBatchRequestEntry `locationNameList:"ChangeMessageVisibilityBatchRequestEntry" type:"list" flattened:"true" required:"true"` + Entries []*ChangeMessageVisibilityBatchRequestEntry `type:"list" flattened:"true" required:"true"` // The URL of the Amazon SQS queue whose messages' visibility is changed. // @@ -2700,12 +3582,12 @@ type ChangeMessageVisibilityBatchOutput struct { // A list of BatchResultErrorEntry items. // // Failed is a required field - Failed []*BatchResultErrorEntry `locationNameList:"BatchResultErrorEntry" type:"list" flattened:"true" required:"true"` + Failed []*BatchResultErrorEntry `type:"list" flattened:"true" required:"true"` // A list of ChangeMessageVisibilityBatchResultEntry items. // // Successful is a required field - Successful []*ChangeMessageVisibilityBatchResultEntry `locationNameList:"ChangeMessageVisibilityBatchResultEntry" type:"list" flattened:"true" required:"true"` + Successful []*ChangeMessageVisibilityBatchResultEntry `type:"list" flattened:"true" required:"true"` } // String returns the string representation. @@ -3097,7 +3979,7 @@ type CreateQueueInput struct { // // For information on throughput quotas, see Quotas related to messages (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) // in the Amazon SQS Developer Guide. - Attributes map[string]*string `locationName:"Attribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` + Attributes map[string]*string `type:"map" flattened:"true"` // The name of the new queue. The following limits apply to this name: // @@ -3138,7 +4020,7 @@ type CreateQueueInput struct { // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. - Tags map[string]*string `locationName:"Tag" locationNameKey:"Key" locationNameValue:"Value" type:"map" flattened:"true"` + Tags map[string]*string `locationName:"tags" type:"map" flattened:"true"` } // String returns the string representation. @@ -3228,7 +4110,7 @@ type DeleteMessageBatchInput struct { // Lists the receipt handles for the messages to be deleted. // // Entries is a required field - Entries []*DeleteMessageBatchRequestEntry `locationNameList:"DeleteMessageBatchRequestEntry" type:"list" flattened:"true" required:"true"` + Entries []*DeleteMessageBatchRequestEntry `type:"list" flattened:"true" required:"true"` // The URL of the Amazon SQS queue from which messages are deleted. // @@ -3303,12 +4185,12 @@ type DeleteMessageBatchOutput struct { // A list of BatchResultErrorEntry items. // // Failed is a required field - Failed []*BatchResultErrorEntry `locationNameList:"BatchResultErrorEntry" type:"list" flattened:"true" required:"true"` + Failed []*BatchResultErrorEntry `type:"list" flattened:"true" required:"true"` // A list of DeleteMessageBatchResultEntry items. // // Successful is a required field - Successful []*DeleteMessageBatchResultEntry `locationNameList:"DeleteMessageBatchResultEntry" type:"list" flattened:"true" required:"true"` + Successful []*DeleteMessageBatchResultEntry `type:"list" flattened:"true" required:"true"` } // String returns the string representation. @@ -3596,6 +4478,80 @@ func (s DeleteQueueOutput) GoString() string { return s.String() } +// The batch request doesn't contain any entries. +type EmptyBatchRequest struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EmptyBatchRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EmptyBatchRequest) GoString() string { + return s.String() +} + +func newErrorEmptyBatchRequest(v protocol.ResponseMetadata) error { + return &EmptyBatchRequest{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorEmptyBatchRequest(v protocol.ResponseMetadata, code string) error { + return &EmptyBatchRequest{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *EmptyBatchRequest) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "EmptyBatchRequest" +} + +// Message returns the exception's message. +func (s *EmptyBatchRequest) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *EmptyBatchRequest) OrigErr() error { + return nil +} + +func (s *EmptyBatchRequest) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *EmptyBatchRequest) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *EmptyBatchRequest) RequestID() string { + return s.RespMetadata.RequestID +} + type GetQueueAttributesInput struct { _ struct{} `type:"structure"` @@ -3746,7 +4702,7 @@ type GetQueueAttributesInput struct { // // For information on throughput quotas, see Quotas related to messages (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) // in the Amazon SQS Developer Guide. - AttributeNames []*string `locationNameList:"AttributeName" type:"list" flattened:"true" enum:"QueueAttributeName"` + AttributeNames []*string `type:"list" flattened:"true" enum:"QueueAttributeName"` // The URL of the Amazon SQS queue whose attribute information is retrieved. // @@ -3804,7 +4760,7 @@ type GetQueueAttributesOutput struct { _ struct{} `type:"structure"` // A map of attributes to their respective values. - Attributes map[string]*string `locationName:"Attribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` + Attributes map[string]*string `type:"map" flattened:"true"` } // String returns the string representation. @@ -3922,22 +4878,13 @@ func (s *GetQueueUrlOutput) SetQueueUrl(v string) *GetQueueUrlOutput { return s } -type ListDeadLetterSourceQueuesInput struct { - _ struct{} `type:"structure"` - - // Maximum number of results to include in the response. Value range is 1 to - // 1000. You must set MaxResults to receive a value for NextToken in the response. - MaxResults *int64 `type:"integer"` - - // Pagination token to request the next set of results. - NextToken *string `type:"string"` +// The accountId is invalid. +type InvalidAddress struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string - // The URL of a dead-letter queue. - // - // Queue URLs and names are case-sensitive. - // - // QueueUrl is a required field - QueueUrl *string `type:"string" required:"true"` + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -3945,7 +4892,7 @@ type ListDeadLetterSourceQueuesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListDeadLetterSourceQueuesInput) String() string { +func (s InvalidAddress) String() string { return awsutil.Prettify(s) } @@ -3954,55 +4901,64 @@ func (s ListDeadLetterSourceQueuesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListDeadLetterSourceQueuesInput) GoString() string { +func (s InvalidAddress) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *ListDeadLetterSourceQueuesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListDeadLetterSourceQueuesInput"} - if s.QueueUrl == nil { - invalidParams.Add(request.NewErrParamRequired("QueueUrl")) +func newErrorInvalidAddress(v protocol.ResponseMetadata) error { + return &InvalidAddress{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorInvalidAddress(v protocol.ResponseMetadata, code string) error { + return &InvalidAddress{ + RespMetadata: v, + Code_: &code, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *InvalidAddress) Code() string { + if s.Code_ != nil { + return *s.Code_ } - return nil + return "InvalidAddress" } -// SetMaxResults sets the MaxResults field's value. -func (s *ListDeadLetterSourceQueuesInput) SetMaxResults(v int64) *ListDeadLetterSourceQueuesInput { - s.MaxResults = &v - return s +// Message returns the exception's message. +func (s *InvalidAddress) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// SetNextToken sets the NextToken field's value. -func (s *ListDeadLetterSourceQueuesInput) SetNextToken(v string) *ListDeadLetterSourceQueuesInput { - s.NextToken = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidAddress) OrigErr() error { + return nil } -// SetQueueUrl sets the QueueUrl field's value. -func (s *ListDeadLetterSourceQueuesInput) SetQueueUrl(v string) *ListDeadLetterSourceQueuesInput { - s.QueueUrl = &v - return s +func (s *InvalidAddress) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// A list of your dead letter source queues. -type ListDeadLetterSourceQueuesOutput struct { - _ struct{} `type:"structure"` +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidAddress) StatusCode() int { + return s.RespMetadata.StatusCode +} - // Pagination token to include in the next request. Token value is null if there - // are no additional results to request, or if you did not set MaxResults in - // the request. - NextToken *string `type:"string"` +// RequestID returns the service's response RequestID for request. +func (s *InvalidAddress) RequestID() string { + return s.RespMetadata.RequestID +} - // A list of source queue URLs that have the RedrivePolicy queue attribute configured - // with a dead-letter queue. - // - // QueueUrls is a required field - QueueUrls []*string `locationName:"queueUrls" locationNameList:"QueueUrl" type:"list" flattened:"true" required:"true"` +// The specified attribute doesn't exist. +type InvalidAttributeName struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4010,7 +4966,7 @@ type ListDeadLetterSourceQueuesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListDeadLetterSourceQueuesOutput) String() string { +func (s InvalidAttributeName) String() string { return awsutil.Prettify(s) } @@ -4019,34 +4975,64 @@ func (s ListDeadLetterSourceQueuesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListDeadLetterSourceQueuesOutput) GoString() string { +func (s InvalidAttributeName) GoString() string { return s.String() } -// SetNextToken sets the NextToken field's value. -func (s *ListDeadLetterSourceQueuesOutput) SetNextToken(v string) *ListDeadLetterSourceQueuesOutput { - s.NextToken = &v - return s +func newErrorInvalidAttributeName(v protocol.ResponseMetadata) error { + return &InvalidAttributeName{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorInvalidAttributeName(v protocol.ResponseMetadata, code string) error { + return &InvalidAttributeName{ + RespMetadata: v, + Code_: &code, + } } -// SetQueueUrls sets the QueueUrls field's value. -func (s *ListDeadLetterSourceQueuesOutput) SetQueueUrls(v []*string) *ListDeadLetterSourceQueuesOutput { - s.QueueUrls = v - return s +// Code returns the exception type name. +func (s *InvalidAttributeName) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "InvalidAttributeName" } -type ListMessageMoveTasksInput struct { - _ struct{} `type:"structure"` +// Message returns the exception's message. +func (s *InvalidAttributeName) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} - // The maximum number of results to include in the response. The default is - // 1, which provides the most recent message movement task. The upper limit - // is 10. - MaxResults *int64 `type:"integer"` +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidAttributeName) OrigErr() error { + return nil +} - // The ARN of the queue whose message movement tasks are to be listed. - // - // SourceArn is a required field - SourceArn *string `type:"string" required:"true"` +func (s *InvalidAttributeName) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidAttributeName) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidAttributeName) RequestID() string { + return s.RespMetadata.RequestID +} + +// A queue attribute value is invalid. +type InvalidAttributeValue struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4054,7 +5040,7 @@ type ListMessageMoveTasksInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListMessageMoveTasksInput) String() string { +func (s InvalidAttributeValue) String() string { return awsutil.Prettify(s) } @@ -4063,40 +5049,64 @@ func (s ListMessageMoveTasksInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListMessageMoveTasksInput) GoString() string { +func (s InvalidAttributeValue) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *ListMessageMoveTasksInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListMessageMoveTasksInput"} - if s.SourceArn == nil { - invalidParams.Add(request.NewErrParamRequired("SourceArn")) +func newErrorInvalidAttributeValue(v protocol.ResponseMetadata) error { + return &InvalidAttributeValue{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorInvalidAttributeValue(v protocol.ResponseMetadata, code string) error { + return &InvalidAttributeValue{ + RespMetadata: v, + Code_: &code, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *InvalidAttributeValue) Code() string { + if s.Code_ != nil { + return *s.Code_ } - return nil + return "InvalidAttributeValue" } -// SetMaxResults sets the MaxResults field's value. -func (s *ListMessageMoveTasksInput) SetMaxResults(v int64) *ListMessageMoveTasksInput { - s.MaxResults = &v - return s +// Message returns the exception's message. +func (s *InvalidAttributeValue) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// SetSourceArn sets the SourceArn field's value. -func (s *ListMessageMoveTasksInput) SetSourceArn(v string) *ListMessageMoveTasksInput { - s.SourceArn = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidAttributeValue) OrigErr() error { + return nil } -type ListMessageMoveTasksOutput struct { - _ struct{} `type:"structure"` +func (s *InvalidAttributeValue) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} - // A list of message movement tasks and their attributes. - Results []*ListMessageMoveTasksResultEntry `locationNameList:"ListMessageMoveTasksResultEntry" type:"list" flattened:"true"` +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidAttributeValue) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidAttributeValue) RequestID() string { + return s.RespMetadata.RequestID +} + +// The Id of a batch entry in a batch request doesn't abide by the specification. +type InvalidBatchEntryId struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4104,7 +5114,7 @@ type ListMessageMoveTasksOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListMessageMoveTasksOutput) String() string { +func (s InvalidBatchEntryId) String() string { return awsutil.Prettify(s) } @@ -4113,55 +5123,66 @@ func (s ListMessageMoveTasksOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListMessageMoveTasksOutput) GoString() string { +func (s InvalidBatchEntryId) GoString() string { return s.String() } -// SetResults sets the Results field's value. -func (s *ListMessageMoveTasksOutput) SetResults(v []*ListMessageMoveTasksResultEntry) *ListMessageMoveTasksOutput { - s.Results = v - return s +func newErrorInvalidBatchEntryId(v protocol.ResponseMetadata) error { + return &InvalidBatchEntryId{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorInvalidBatchEntryId(v protocol.ResponseMetadata, code string) error { + return &InvalidBatchEntryId{ + RespMetadata: v, + Code_: &code, + } } -// Contains the details of a message movement task. -type ListMessageMoveTasksResultEntry struct { - _ struct{} `type:"structure"` - - // The approximate number of messages already moved to the destination queue. - ApproximateNumberOfMessagesMoved *int64 `type:"long"` - - // The number of messages to be moved from the source queue. This number is - // obtained at the time of starting the message movement task. - ApproximateNumberOfMessagesToMove *int64 `type:"long"` +// Code returns the exception type name. +func (s *InvalidBatchEntryId) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "InvalidBatchEntryId" +} - // The ARN of the destination queue if it has been specified in the StartMessageMoveTask - // request. If a DestinationArn has not been specified in the StartMessageMoveTask - // request, this field value will be NULL. - DestinationArn *string `type:"string"` +// Message returns the exception's message. +func (s *InvalidBatchEntryId) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} - // The task failure reason (only included if the task status is FAILED). - FailureReason *string `type:"string"` +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidBatchEntryId) OrigErr() error { + return nil +} - // The number of messages to be moved per second (the message movement rate), - // if it has been specified in the StartMessageMoveTask request. If a MaxNumberOfMessagesPerSecond - // has not been specified in the StartMessageMoveTask request, this field value - // will be NULL. - MaxNumberOfMessagesPerSecond *int64 `type:"integer"` +func (s *InvalidBatchEntryId) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} - // The ARN of the queue that contains the messages to be moved to another queue. - SourceArn *string `type:"string"` +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidBatchEntryId) StatusCode() int { + return s.RespMetadata.StatusCode +} - // The timestamp of starting the message movement task. - StartedTimestamp *int64 `type:"long"` +// RequestID returns the service's response RequestID for request. +func (s *InvalidBatchEntryId) RequestID() string { + return s.RespMetadata.RequestID +} - // The status of the message movement task. Possible values are: RUNNING, COMPLETED, - // CANCELLING, CANCELLED, and FAILED. - Status *string `type:"string"` +// The specified receipt handle isn't valid for the current version. +// +// Deprecated: exception has been included in ReceiptHandleIsInvalid +type InvalidIdFormat struct { + _ struct{} `deprecated:"true" type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string - // An identifier associated with a message movement task. When this field is - // returned in the response of the ListMessageMoveTasks action, it is only populated - // for tasks that are in RUNNING status. - TaskHandle *string `type:"string"` + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4169,7 +5190,7 @@ type ListMessageMoveTasksResultEntry struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListMessageMoveTasksResultEntry) String() string { +func (s InvalidIdFormat) String() string { return awsutil.Prettify(s) } @@ -4178,71 +5199,64 @@ func (s ListMessageMoveTasksResultEntry) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListMessageMoveTasksResultEntry) GoString() string { +func (s InvalidIdFormat) GoString() string { return s.String() } -// SetApproximateNumberOfMessagesMoved sets the ApproximateNumberOfMessagesMoved field's value. -func (s *ListMessageMoveTasksResultEntry) SetApproximateNumberOfMessagesMoved(v int64) *ListMessageMoveTasksResultEntry { - s.ApproximateNumberOfMessagesMoved = &v - return s -} - -// SetApproximateNumberOfMessagesToMove sets the ApproximateNumberOfMessagesToMove field's value. -func (s *ListMessageMoveTasksResultEntry) SetApproximateNumberOfMessagesToMove(v int64) *ListMessageMoveTasksResultEntry { - s.ApproximateNumberOfMessagesToMove = &v - return s +func newErrorInvalidIdFormat(v protocol.ResponseMetadata) error { + return &InvalidIdFormat{ + RespMetadata: v, + } } - -// SetDestinationArn sets the DestinationArn field's value. -func (s *ListMessageMoveTasksResultEntry) SetDestinationArn(v string) *ListMessageMoveTasksResultEntry { - s.DestinationArn = &v - return s +func newQueryCompatibleErrorInvalidIdFormat(v protocol.ResponseMetadata, code string) error { + return &InvalidIdFormat{ + RespMetadata: v, + Code_: &code, + } } -// SetFailureReason sets the FailureReason field's value. -func (s *ListMessageMoveTasksResultEntry) SetFailureReason(v string) *ListMessageMoveTasksResultEntry { - s.FailureReason = &v - return s +// Code returns the exception type name. +func (s *InvalidIdFormat) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "InvalidIdFormat" } -// SetMaxNumberOfMessagesPerSecond sets the MaxNumberOfMessagesPerSecond field's value. -func (s *ListMessageMoveTasksResultEntry) SetMaxNumberOfMessagesPerSecond(v int64) *ListMessageMoveTasksResultEntry { - s.MaxNumberOfMessagesPerSecond = &v - return s +// Message returns the exception's message. +func (s *InvalidIdFormat) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// SetSourceArn sets the SourceArn field's value. -func (s *ListMessageMoveTasksResultEntry) SetSourceArn(v string) *ListMessageMoveTasksResultEntry { - s.SourceArn = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidIdFormat) OrigErr() error { + return nil } -// SetStartedTimestamp sets the StartedTimestamp field's value. -func (s *ListMessageMoveTasksResultEntry) SetStartedTimestamp(v int64) *ListMessageMoveTasksResultEntry { - s.StartedTimestamp = &v - return s +func (s *InvalidIdFormat) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetStatus sets the Status field's value. -func (s *ListMessageMoveTasksResultEntry) SetStatus(v string) *ListMessageMoveTasksResultEntry { - s.Status = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidIdFormat) StatusCode() int { + return s.RespMetadata.StatusCode } -// SetTaskHandle sets the TaskHandle field's value. -func (s *ListMessageMoveTasksResultEntry) SetTaskHandle(v string) *ListMessageMoveTasksResultEntry { - s.TaskHandle = &v - return s +// RequestID returns the service's response RequestID for request. +func (s *InvalidIdFormat) RequestID() string { + return s.RespMetadata.RequestID } -type ListQueueTagsInput struct { - _ struct{} `type:"structure"` +// The message contains characters outside the allowed set. +type InvalidMessageContents struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string - // The URL of the queue. - // - // QueueUrl is a required field - QueueUrl *string `type:"string" required:"true"` + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4250,7 +5264,7 @@ type ListQueueTagsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListQueueTagsInput) String() string { +func (s InvalidMessageContents) String() string { return awsutil.Prettify(s) } @@ -4259,34 +5273,64 @@ func (s ListQueueTagsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListQueueTagsInput) GoString() string { +func (s InvalidMessageContents) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *ListQueueTagsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListQueueTagsInput"} - if s.QueueUrl == nil { - invalidParams.Add(request.NewErrParamRequired("QueueUrl")) +func newErrorInvalidMessageContents(v protocol.ResponseMetadata) error { + return &InvalidMessageContents{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorInvalidMessageContents(v protocol.ResponseMetadata, code string) error { + return &InvalidMessageContents{ + RespMetadata: v, + Code_: &code, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *InvalidMessageContents) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "InvalidMessageContents" +} + +// Message returns the exception's message. +func (s *InvalidMessageContents) Message() string { + if s.Message_ != nil { + return *s.Message_ } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidMessageContents) OrigErr() error { return nil } -// SetQueueUrl sets the QueueUrl field's value. -func (s *ListQueueTagsInput) SetQueueUrl(v string) *ListQueueTagsInput { - s.QueueUrl = &v - return s +func (s *InvalidMessageContents) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -type ListQueueTagsOutput struct { - _ struct{} `type:"structure"` +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidMessageContents) StatusCode() int { + return s.RespMetadata.StatusCode +} - // The list of all tags added to the specified queue. - Tags map[string]*string `locationName:"Tag" locationNameKey:"Key" locationNameValue:"Value" type:"map" flattened:"true"` +// RequestID returns the service's response RequestID for request. +func (s *InvalidMessageContents) RequestID() string { + return s.RespMetadata.RequestID +} + +// When the request to a queue is not HTTPS and SigV4. +type InvalidSecurity struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4294,7 +5338,7 @@ type ListQueueTagsOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListQueueTagsOutput) String() string { +func (s InvalidSecurity) String() string { return awsutil.Prettify(s) } @@ -4303,31 +5347,64 @@ func (s ListQueueTagsOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListQueueTagsOutput) GoString() string { +func (s InvalidSecurity) GoString() string { return s.String() } -// SetTags sets the Tags field's value. -func (s *ListQueueTagsOutput) SetTags(v map[string]*string) *ListQueueTagsOutput { - s.Tags = v - return s +func newErrorInvalidSecurity(v protocol.ResponseMetadata) error { + return &InvalidSecurity{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorInvalidSecurity(v protocol.ResponseMetadata, code string) error { + return &InvalidSecurity{ + RespMetadata: v, + Code_: &code, + } } -type ListQueuesInput struct { - _ struct{} `type:"structure"` +// Code returns the exception type name. +func (s *InvalidSecurity) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "InvalidSecurity" +} - // Maximum number of results to include in the response. Value range is 1 to - // 1000. You must set MaxResults to receive a value for NextToken in the response. - MaxResults *int64 `type:"integer"` +// Message returns the exception's message. +func (s *InvalidSecurity) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} - // Pagination token to request the next set of results. - NextToken *string `type:"string"` +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidSecurity) OrigErr() error { + return nil +} - // A string to use for filtering the list results. Only those queues whose name - // begins with the specified string are returned. - // - // Queue URLs and names are case-sensitive. - QueueNamePrefix *string `type:"string"` +func (s *InvalidSecurity) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidSecurity) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidSecurity) RequestID() string { + return s.RespMetadata.RequestID +} + +// The caller doesn't have the required KMS access. +type KmsAccessDenied struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4335,7 +5412,7 @@ type ListQueuesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListQueuesInput) String() string { +func (s KmsAccessDenied) String() string { return awsutil.Prettify(s) } @@ -4344,40 +5421,64 @@ func (s ListQueuesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListQueuesInput) GoString() string { +func (s KmsAccessDenied) GoString() string { return s.String() } -// SetMaxResults sets the MaxResults field's value. -func (s *ListQueuesInput) SetMaxResults(v int64) *ListQueuesInput { - s.MaxResults = &v - return s +func newErrorKmsAccessDenied(v protocol.ResponseMetadata) error { + return &KmsAccessDenied{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorKmsAccessDenied(v protocol.ResponseMetadata, code string) error { + return &KmsAccessDenied{ + RespMetadata: v, + Code_: &code, + } } -// SetNextToken sets the NextToken field's value. -func (s *ListQueuesInput) SetNextToken(v string) *ListQueuesInput { - s.NextToken = &v - return s +// Code returns the exception type name. +func (s *KmsAccessDenied) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "KmsAccessDenied" } -// SetQueueNamePrefix sets the QueueNamePrefix field's value. -func (s *ListQueuesInput) SetQueueNamePrefix(v string) *ListQueuesInput { - s.QueueNamePrefix = &v - return s +// Message returns the exception's message. +func (s *KmsAccessDenied) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// A list of your queues. -type ListQueuesOutput struct { - _ struct{} `type:"structure"` +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *KmsAccessDenied) OrigErr() error { + return nil +} - // Pagination token to include in the next request. Token value is null if there - // are no additional results to request, or if you did not set MaxResults in - // the request. - NextToken *string `type:"string"` +func (s *KmsAccessDenied) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} - // A list of queue URLs, up to 1,000 entries, or the value of MaxResults that - // you sent in the request. - QueueUrls []*string `locationNameList:"QueueUrl" type:"list" flattened:"true"` +// Status code returns the HTTP status code for the request's response error. +func (s *KmsAccessDenied) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *KmsAccessDenied) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was denied due to request throttling. +type KmsDisabled struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4385,7 +5486,7 @@ type ListQueuesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListQueuesOutput) String() string { +func (s KmsDisabled) String() string { return awsutil.Prettify(s) } @@ -4394,47 +5495,948 @@ func (s ListQueuesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListQueuesOutput) GoString() string { +func (s KmsDisabled) GoString() string { return s.String() } -// SetNextToken sets the NextToken field's value. -func (s *ListQueuesOutput) SetNextToken(v string) *ListQueuesOutput { - s.NextToken = &v - return s +func newErrorKmsDisabled(v protocol.ResponseMetadata) error { + return &KmsDisabled{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorKmsDisabled(v protocol.ResponseMetadata, code string) error { + return &KmsDisabled{ + RespMetadata: v, + Code_: &code, + } } -// SetQueueUrls sets the QueueUrls field's value. -func (s *ListQueuesOutput) SetQueueUrls(v []*string) *ListQueuesOutput { - s.QueueUrls = v - return s +// Code returns the exception type name. +func (s *KmsDisabled) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "KmsDisabled" } -// An Amazon SQS message. -type Message struct { - _ struct{} `type:"structure"` +// Message returns the exception's message. +func (s *KmsDisabled) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} - // A map of the attributes requested in ReceiveMessage to their respective values. - // Supported attributes: - // - // * ApproximateReceiveCount - // - // * ApproximateFirstReceiveTimestamp - // - // * MessageDeduplicationId - // - // * MessageGroupId - // - // * SenderId - // - // * SentTimestamp - // - // * SequenceNumber - // - // ApproximateFirstReceiveTimestamp and SentTimestamp are each returned as an - // integer representing the epoch time (http://en.wikipedia.org/wiki/Unix_time) - // in milliseconds. - Attributes map[string]*string `locationName:"Attribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *KmsDisabled) OrigErr() error { + return nil +} + +func (s *KmsDisabled) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *KmsDisabled) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *KmsDisabled) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected for one of the following reasons: +// +// - The KeyUsage value of the KMS key is incompatible with the API operation. +// +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). +type KmsInvalidKeyUsage struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsInvalidKeyUsage) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsInvalidKeyUsage) GoString() string { + return s.String() +} + +func newErrorKmsInvalidKeyUsage(v protocol.ResponseMetadata) error { + return &KmsInvalidKeyUsage{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorKmsInvalidKeyUsage(v protocol.ResponseMetadata, code string) error { + return &KmsInvalidKeyUsage{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *KmsInvalidKeyUsage) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "KmsInvalidKeyUsage" +} + +// Message returns the exception's message. +func (s *KmsInvalidKeyUsage) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *KmsInvalidKeyUsage) OrigErr() error { + return nil +} + +func (s *KmsInvalidKeyUsage) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *KmsInvalidKeyUsage) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *KmsInvalidKeyUsage) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the state of the specified resource is not +// valid for this request. +type KmsInvalidState struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsInvalidState) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsInvalidState) GoString() string { + return s.String() +} + +func newErrorKmsInvalidState(v protocol.ResponseMetadata) error { + return &KmsInvalidState{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorKmsInvalidState(v protocol.ResponseMetadata, code string) error { + return &KmsInvalidState{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *KmsInvalidState) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "KmsInvalidState" +} + +// Message returns the exception's message. +func (s *KmsInvalidState) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *KmsInvalidState) OrigErr() error { + return nil +} + +func (s *KmsInvalidState) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *KmsInvalidState) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *KmsInvalidState) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the specified entity or resource could not +// be found. +type KmsNotFound struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsNotFound) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsNotFound) GoString() string { + return s.String() +} + +func newErrorKmsNotFound(v protocol.ResponseMetadata) error { + return &KmsNotFound{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorKmsNotFound(v protocol.ResponseMetadata, code string) error { + return &KmsNotFound{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *KmsNotFound) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "KmsNotFound" +} + +// Message returns the exception's message. +func (s *KmsNotFound) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *KmsNotFound) OrigErr() error { + return nil +} + +func (s *KmsNotFound) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *KmsNotFound) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *KmsNotFound) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the specified key policy isn't syntactically +// or semantically correct. +type KmsOptInRequired struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsOptInRequired) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsOptInRequired) GoString() string { + return s.String() +} + +func newErrorKmsOptInRequired(v protocol.ResponseMetadata) error { + return &KmsOptInRequired{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorKmsOptInRequired(v protocol.ResponseMetadata, code string) error { + return &KmsOptInRequired{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *KmsOptInRequired) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "KmsOptInRequired" +} + +// Message returns the exception's message. +func (s *KmsOptInRequired) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *KmsOptInRequired) OrigErr() error { + return nil +} + +func (s *KmsOptInRequired) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *KmsOptInRequired) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *KmsOptInRequired) RequestID() string { + return s.RespMetadata.RequestID +} + +// Amazon Web Services KMS throttles requests for the following conditions. +type KmsThrottled struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsThrottled) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KmsThrottled) GoString() string { + return s.String() +} + +func newErrorKmsThrottled(v protocol.ResponseMetadata) error { + return &KmsThrottled{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorKmsThrottled(v protocol.ResponseMetadata, code string) error { + return &KmsThrottled{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *KmsThrottled) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "KmsThrottled" +} + +// Message returns the exception's message. +func (s *KmsThrottled) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *KmsThrottled) OrigErr() error { + return nil +} + +func (s *KmsThrottled) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *KmsThrottled) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *KmsThrottled) RequestID() string { + return s.RespMetadata.RequestID +} + +type ListDeadLetterSourceQueuesInput struct { + _ struct{} `type:"structure"` + + // Maximum number of results to include in the response. Value range is 1 to + // 1000. You must set MaxResults to receive a value for NextToken in the response. + MaxResults *int64 `type:"integer"` + + // Pagination token to request the next set of results. + NextToken *string `type:"string"` + + // The URL of a dead-letter queue. + // + // Queue URLs and names are case-sensitive. + // + // QueueUrl is a required field + QueueUrl *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDeadLetterSourceQueuesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDeadLetterSourceQueuesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListDeadLetterSourceQueuesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListDeadLetterSourceQueuesInput"} + if s.QueueUrl == nil { + invalidParams.Add(request.NewErrParamRequired("QueueUrl")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListDeadLetterSourceQueuesInput) SetMaxResults(v int64) *ListDeadLetterSourceQueuesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListDeadLetterSourceQueuesInput) SetNextToken(v string) *ListDeadLetterSourceQueuesInput { + s.NextToken = &v + return s +} + +// SetQueueUrl sets the QueueUrl field's value. +func (s *ListDeadLetterSourceQueuesInput) SetQueueUrl(v string) *ListDeadLetterSourceQueuesInput { + s.QueueUrl = &v + return s +} + +// A list of your dead letter source queues. +type ListDeadLetterSourceQueuesOutput struct { + _ struct{} `type:"structure"` + + // Pagination token to include in the next request. Token value is null if there + // are no additional results to request, or if you did not set MaxResults in + // the request. + NextToken *string `type:"string"` + + // A list of source queue URLs that have the RedrivePolicy queue attribute configured + // with a dead-letter queue. + // + // QueueUrls is a required field + QueueUrls []*string `locationName:"queueUrls" type:"list" flattened:"true" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDeadLetterSourceQueuesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDeadLetterSourceQueuesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListDeadLetterSourceQueuesOutput) SetNextToken(v string) *ListDeadLetterSourceQueuesOutput { + s.NextToken = &v + return s +} + +// SetQueueUrls sets the QueueUrls field's value. +func (s *ListDeadLetterSourceQueuesOutput) SetQueueUrls(v []*string) *ListDeadLetterSourceQueuesOutput { + s.QueueUrls = v + return s +} + +type ListMessageMoveTasksInput struct { + _ struct{} `type:"structure"` + + // The maximum number of results to include in the response. The default is + // 1, which provides the most recent message movement task. The upper limit + // is 10. + MaxResults *int64 `type:"integer"` + + // The ARN of the queue whose message movement tasks are to be listed. + // + // SourceArn is a required field + SourceArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListMessageMoveTasksInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListMessageMoveTasksInput"} + if s.SourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("SourceArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListMessageMoveTasksInput) SetMaxResults(v int64) *ListMessageMoveTasksInput { + s.MaxResults = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *ListMessageMoveTasksInput) SetSourceArn(v string) *ListMessageMoveTasksInput { + s.SourceArn = &v + return s +} + +type ListMessageMoveTasksOutput struct { + _ struct{} `type:"structure"` + + // A list of message movement tasks and their attributes. + Results []*ListMessageMoveTasksResultEntry `type:"list" flattened:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksOutput) GoString() string { + return s.String() +} + +// SetResults sets the Results field's value. +func (s *ListMessageMoveTasksOutput) SetResults(v []*ListMessageMoveTasksResultEntry) *ListMessageMoveTasksOutput { + s.Results = v + return s +} + +// Contains the details of a message movement task. +type ListMessageMoveTasksResultEntry struct { + _ struct{} `type:"structure"` + + // The approximate number of messages already moved to the destination queue. + ApproximateNumberOfMessagesMoved *int64 `type:"long"` + + // The number of messages to be moved from the source queue. This number is + // obtained at the time of starting the message movement task. + ApproximateNumberOfMessagesToMove *int64 `type:"long"` + + // The ARN of the destination queue if it has been specified in the StartMessageMoveTask + // request. If a DestinationArn has not been specified in the StartMessageMoveTask + // request, this field value will be NULL. + DestinationArn *string `type:"string"` + + // The task failure reason (only included if the task status is FAILED). + FailureReason *string `type:"string"` + + // The number of messages to be moved per second (the message movement rate), + // if it has been specified in the StartMessageMoveTask request. If a MaxNumberOfMessagesPerSecond + // has not been specified in the StartMessageMoveTask request, this field value + // will be NULL. + MaxNumberOfMessagesPerSecond *int64 `type:"integer"` + + // The ARN of the queue that contains the messages to be moved to another queue. + SourceArn *string `type:"string"` + + // The timestamp of starting the message movement task. + StartedTimestamp *int64 `type:"long"` + + // The status of the message movement task. Possible values are: RUNNING, COMPLETED, + // CANCELLING, CANCELLED, and FAILED. + Status *string `type:"string"` + + // An identifier associated with a message movement task. When this field is + // returned in the response of the ListMessageMoveTasks action, it is only populated + // for tasks that are in RUNNING status. + TaskHandle *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksResultEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksResultEntry) GoString() string { + return s.String() +} + +// SetApproximateNumberOfMessagesMoved sets the ApproximateNumberOfMessagesMoved field's value. +func (s *ListMessageMoveTasksResultEntry) SetApproximateNumberOfMessagesMoved(v int64) *ListMessageMoveTasksResultEntry { + s.ApproximateNumberOfMessagesMoved = &v + return s +} + +// SetApproximateNumberOfMessagesToMove sets the ApproximateNumberOfMessagesToMove field's value. +func (s *ListMessageMoveTasksResultEntry) SetApproximateNumberOfMessagesToMove(v int64) *ListMessageMoveTasksResultEntry { + s.ApproximateNumberOfMessagesToMove = &v + return s +} + +// SetDestinationArn sets the DestinationArn field's value. +func (s *ListMessageMoveTasksResultEntry) SetDestinationArn(v string) *ListMessageMoveTasksResultEntry { + s.DestinationArn = &v + return s +} + +// SetFailureReason sets the FailureReason field's value. +func (s *ListMessageMoveTasksResultEntry) SetFailureReason(v string) *ListMessageMoveTasksResultEntry { + s.FailureReason = &v + return s +} + +// SetMaxNumberOfMessagesPerSecond sets the MaxNumberOfMessagesPerSecond field's value. +func (s *ListMessageMoveTasksResultEntry) SetMaxNumberOfMessagesPerSecond(v int64) *ListMessageMoveTasksResultEntry { + s.MaxNumberOfMessagesPerSecond = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *ListMessageMoveTasksResultEntry) SetSourceArn(v string) *ListMessageMoveTasksResultEntry { + s.SourceArn = &v + return s +} + +// SetStartedTimestamp sets the StartedTimestamp field's value. +func (s *ListMessageMoveTasksResultEntry) SetStartedTimestamp(v int64) *ListMessageMoveTasksResultEntry { + s.StartedTimestamp = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ListMessageMoveTasksResultEntry) SetStatus(v string) *ListMessageMoveTasksResultEntry { + s.Status = &v + return s +} + +// SetTaskHandle sets the TaskHandle field's value. +func (s *ListMessageMoveTasksResultEntry) SetTaskHandle(v string) *ListMessageMoveTasksResultEntry { + s.TaskHandle = &v + return s +} + +type ListQueueTagsInput struct { + _ struct{} `type:"structure"` + + // The URL of the queue. + // + // QueueUrl is a required field + QueueUrl *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListQueueTagsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListQueueTagsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListQueueTagsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListQueueTagsInput"} + if s.QueueUrl == nil { + invalidParams.Add(request.NewErrParamRequired("QueueUrl")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetQueueUrl sets the QueueUrl field's value. +func (s *ListQueueTagsInput) SetQueueUrl(v string) *ListQueueTagsInput { + s.QueueUrl = &v + return s +} + +type ListQueueTagsOutput struct { + _ struct{} `type:"structure"` + + // The list of all tags added to the specified queue. + Tags map[string]*string `type:"map" flattened:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListQueueTagsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListQueueTagsOutput) GoString() string { + return s.String() +} + +// SetTags sets the Tags field's value. +func (s *ListQueueTagsOutput) SetTags(v map[string]*string) *ListQueueTagsOutput { + s.Tags = v + return s +} + +type ListQueuesInput struct { + _ struct{} `type:"structure"` + + // Maximum number of results to include in the response. Value range is 1 to + // 1000. You must set MaxResults to receive a value for NextToken in the response. + MaxResults *int64 `type:"integer"` + + // Pagination token to request the next set of results. + NextToken *string `type:"string"` + + // A string to use for filtering the list results. Only those queues whose name + // begins with the specified string are returned. + // + // Queue URLs and names are case-sensitive. + QueueNamePrefix *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListQueuesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListQueuesInput) GoString() string { + return s.String() +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListQueuesInput) SetMaxResults(v int64) *ListQueuesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListQueuesInput) SetNextToken(v string) *ListQueuesInput { + s.NextToken = &v + return s +} + +// SetQueueNamePrefix sets the QueueNamePrefix field's value. +func (s *ListQueuesInput) SetQueueNamePrefix(v string) *ListQueuesInput { + s.QueueNamePrefix = &v + return s +} + +// A list of your queues. +type ListQueuesOutput struct { + _ struct{} `type:"structure"` + + // Pagination token to include in the next request. Token value is null if there + // are no additional results to request, or if you did not set MaxResults in + // the request. + NextToken *string `type:"string"` + + // A list of queue URLs, up to 1,000 entries, or the value of MaxResults that + // you sent in the request. + QueueUrls []*string `type:"list" flattened:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListQueuesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListQueuesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListQueuesOutput) SetNextToken(v string) *ListQueuesOutput { + s.NextToken = &v + return s +} + +// SetQueueUrls sets the QueueUrls field's value. +func (s *ListQueuesOutput) SetQueueUrls(v []*string) *ListQueuesOutput { + s.QueueUrls = v + return s +} + +// An Amazon SQS message. +type Message struct { + _ struct{} `type:"structure"` + + // A map of the attributes requested in ReceiveMessage to their respective values. + // Supported attributes: + // + // * ApproximateReceiveCount + // + // * ApproximateFirstReceiveTimestamp + // + // * MessageDeduplicationId + // + // * MessageGroupId + // + // * SenderId + // + // * SentTimestamp + // + // * SequenceNumber + // + // ApproximateFirstReceiveTimestamp and SentTimestamp are each returned as an + // integer representing the epoch time (http://en.wikipedia.org/wiki/Unix_time) + // in milliseconds. + Attributes map[string]*string `type:"map" flattened:"true"` // The message's contents (not URL-encoded). Body *string `type:"string"` @@ -4451,7 +6453,7 @@ type Message struct { // Each message attribute consists of a Name, Type, and Value. For more information, // see Amazon SQS message attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) // in the Amazon SQS Developer Guide. - MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` + MessageAttributes map[string]*MessageAttributeValue `type:"map" flattened:"true"` // A unique identifier for the message. A MessageIdis considered unique across // all Amazon Web Services accounts for an extended period of time. @@ -4487,54 +6489,223 @@ func (s *Message) SetAttributes(v map[string]*string) *Message { return s } -// SetBody sets the Body field's value. -func (s *Message) SetBody(v string) *Message { - s.Body = &v - return s +// SetBody sets the Body field's value. +func (s *Message) SetBody(v string) *Message { + s.Body = &v + return s +} + +// SetMD5OfBody sets the MD5OfBody field's value. +func (s *Message) SetMD5OfBody(v string) *Message { + s.MD5OfBody = &v + return s +} + +// SetMD5OfMessageAttributes sets the MD5OfMessageAttributes field's value. +func (s *Message) SetMD5OfMessageAttributes(v string) *Message { + s.MD5OfMessageAttributes = &v + return s +} + +// SetMessageAttributes sets the MessageAttributes field's value. +func (s *Message) SetMessageAttributes(v map[string]*MessageAttributeValue) *Message { + s.MessageAttributes = v + return s +} + +// SetMessageId sets the MessageId field's value. +func (s *Message) SetMessageId(v string) *Message { + s.MessageId = &v + return s +} + +// SetReceiptHandle sets the ReceiptHandle field's value. +func (s *Message) SetReceiptHandle(v string) *Message { + s.ReceiptHandle = &v + return s +} + +// The user-specified message attribute value. For string data types, the Value +// attribute has the same restrictions on the content as the message body. For +// more information, see SendMessage. +// +// Name, type, value and the message body must not be empty or null. All parts +// of the message attribute, including Name, Type, and Value, are part of the +// message size restriction (256 KiB or 262,144 bytes). +type MessageAttributeValue struct { + _ struct{} `type:"structure"` + + // Not implemented. Reserved for future use. + BinaryListValues [][]byte `type:"list" flattened:"true"` + + // Binary type attributes can store any binary data, such as compressed data, + // encrypted data, or images. + // BinaryValue is automatically base64 encoded/decoded by the SDK. + BinaryValue []byte `type:"blob"` + + // Amazon SQS supports the following logical data types: String, Number, and + // Binary. For the Number data type, you must use StringValue. + // + // You can also append custom labels. For more information, see Amazon SQS Message + // Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) + // in the Amazon SQS Developer Guide. + // + // DataType is a required field + DataType *string `type:"string" required:"true"` + + // Not implemented. Reserved for future use. + StringListValues []*string `type:"list" flattened:"true"` + + // Strings are Unicode with UTF-8 binary encoding. For a list of code values, + // see ASCII Printable Characters (http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters). + StringValue *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MessageAttributeValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MessageAttributeValue) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MessageAttributeValue) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MessageAttributeValue"} + if s.DataType == nil { + invalidParams.Add(request.NewErrParamRequired("DataType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBinaryListValues sets the BinaryListValues field's value. +func (s *MessageAttributeValue) SetBinaryListValues(v [][]byte) *MessageAttributeValue { + s.BinaryListValues = v + return s +} + +// SetBinaryValue sets the BinaryValue field's value. +func (s *MessageAttributeValue) SetBinaryValue(v []byte) *MessageAttributeValue { + s.BinaryValue = v + return s +} + +// SetDataType sets the DataType field's value. +func (s *MessageAttributeValue) SetDataType(v string) *MessageAttributeValue { + s.DataType = &v + return s +} + +// SetStringListValues sets the StringListValues field's value. +func (s *MessageAttributeValue) SetStringListValues(v []*string) *MessageAttributeValue { + s.StringListValues = v + return s +} + +// SetStringValue sets the StringValue field's value. +func (s *MessageAttributeValue) SetStringValue(v string) *MessageAttributeValue { + s.StringValue = &v + return s +} + +// The specified message isn't in flight. +type MessageNotInflight struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MessageNotInflight) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MessageNotInflight) GoString() string { + return s.String() +} + +func newErrorMessageNotInflight(v protocol.ResponseMetadata) error { + return &MessageNotInflight{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorMessageNotInflight(v protocol.ResponseMetadata, code string) error { + return &MessageNotInflight{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *MessageNotInflight) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "MessageNotInflight" } -// SetMD5OfBody sets the MD5OfBody field's value. -func (s *Message) SetMD5OfBody(v string) *Message { - s.MD5OfBody = &v - return s +// Message returns the exception's message. +func (s *MessageNotInflight) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// SetMD5OfMessageAttributes sets the MD5OfMessageAttributes field's value. -func (s *Message) SetMD5OfMessageAttributes(v string) *Message { - s.MD5OfMessageAttributes = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *MessageNotInflight) OrigErr() error { + return nil } -// SetMessageAttributes sets the MessageAttributes field's value. -func (s *Message) SetMessageAttributes(v map[string]*MessageAttributeValue) *Message { - s.MessageAttributes = v - return s +func (s *MessageNotInflight) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetMessageId sets the MessageId field's value. -func (s *Message) SetMessageId(v string) *Message { - s.MessageId = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *MessageNotInflight) StatusCode() int { + return s.RespMetadata.StatusCode } -// SetReceiptHandle sets the ReceiptHandle field's value. -func (s *Message) SetReceiptHandle(v string) *Message { - s.ReceiptHandle = &v - return s +// RequestID returns the service's response RequestID for request. +func (s *MessageNotInflight) RequestID() string { + return s.RespMetadata.RequestID } -// The user-specified message attribute value. For string data types, the Value -// attribute has the same restrictions on the content as the message body. For -// more information, see SendMessage. +// The user-specified message system attribute value. For string data types, +// the Value attribute has the same restrictions on the content as the message +// body. For more information, see SendMessage. // -// Name, type, value and the message body must not be empty or null. All parts -// of the message attribute, including Name, Type, and Value, are part of the -// message size restriction (256 KiB or 262,144 bytes). -type MessageAttributeValue struct { +// Name, type, value and the message body must not be empty or null. +type MessageSystemAttributeValue struct { _ struct{} `type:"structure"` // Not implemented. Reserved for future use. - BinaryListValues [][]byte `locationName:"BinaryListValue" locationNameList:"BinaryListValue" type:"list" flattened:"true"` + BinaryListValues [][]byte `type:"list" flattened:"true"` // Binary type attributes can store any binary data, such as compressed data, // encrypted data, or images. @@ -4552,7 +6723,7 @@ type MessageAttributeValue struct { DataType *string `type:"string" required:"true"` // Not implemented. Reserved for future use. - StringListValues []*string `locationName:"StringListValue" locationNameList:"StringListValue" type:"list" flattened:"true"` + StringListValues []*string `type:"list" flattened:"true"` // Strings are Unicode with UTF-8 binary encoding. For a list of code values, // see ASCII Printable Characters (http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters). @@ -4564,7 +6735,7 @@ type MessageAttributeValue struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s MessageAttributeValue) String() string { +func (s MessageSystemAttributeValue) String() string { return awsutil.Prettify(s) } @@ -4573,13 +6744,13 @@ func (s MessageAttributeValue) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s MessageAttributeValue) GoString() string { +func (s MessageSystemAttributeValue) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *MessageAttributeValue) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "MessageAttributeValue"} +func (s *MessageSystemAttributeValue) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MessageSystemAttributeValue"} if s.DataType == nil { invalidParams.Add(request.NewErrParamRequired("DataType")) } @@ -4591,67 +6762,340 @@ func (s *MessageAttributeValue) Validate() error { } // SetBinaryListValues sets the BinaryListValues field's value. -func (s *MessageAttributeValue) SetBinaryListValues(v [][]byte) *MessageAttributeValue { +func (s *MessageSystemAttributeValue) SetBinaryListValues(v [][]byte) *MessageSystemAttributeValue { s.BinaryListValues = v return s } // SetBinaryValue sets the BinaryValue field's value. -func (s *MessageAttributeValue) SetBinaryValue(v []byte) *MessageAttributeValue { +func (s *MessageSystemAttributeValue) SetBinaryValue(v []byte) *MessageSystemAttributeValue { s.BinaryValue = v return s } // SetDataType sets the DataType field's value. -func (s *MessageAttributeValue) SetDataType(v string) *MessageAttributeValue { +func (s *MessageSystemAttributeValue) SetDataType(v string) *MessageSystemAttributeValue { s.DataType = &v return s } // SetStringListValues sets the StringListValues field's value. -func (s *MessageAttributeValue) SetStringListValues(v []*string) *MessageAttributeValue { +func (s *MessageSystemAttributeValue) SetStringListValues(v []*string) *MessageSystemAttributeValue { s.StringListValues = v return s } // SetStringValue sets the StringValue field's value. -func (s *MessageAttributeValue) SetStringValue(v string) *MessageAttributeValue { +func (s *MessageSystemAttributeValue) SetStringValue(v string) *MessageSystemAttributeValue { s.StringValue = &v return s } -// The user-specified message system attribute value. For string data types, -// the Value attribute has the same restrictions on the content as the message -// body. For more information, see SendMessage. +// The specified action violates a limit. For example, ReceiveMessage returns +// this error if the maximum number of in flight messages is reached and AddPermission +// returns this error if the maximum number of permissions for the queue is +// reached. +type OverLimit struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. // -// Name, type, value and the message body must not be empty or null. -type MessageSystemAttributeValue struct { - _ struct{} `type:"structure"` +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OverLimit) String() string { + return awsutil.Prettify(s) +} - // Not implemented. Reserved for future use. - BinaryListValues [][]byte `locationName:"BinaryListValue" locationNameList:"BinaryListValue" type:"list" flattened:"true"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OverLimit) GoString() string { + return s.String() +} - // Binary type attributes can store any binary data, such as compressed data, - // encrypted data, or images. - // BinaryValue is automatically base64 encoded/decoded by the SDK. - BinaryValue []byte `type:"blob"` +func newErrorOverLimit(v protocol.ResponseMetadata) error { + return &OverLimit{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorOverLimit(v protocol.ResponseMetadata, code string) error { + return &OverLimit{ + RespMetadata: v, + Code_: &code, + } +} - // Amazon SQS supports the following logical data types: String, Number, and - // Binary. For the Number data type, you must use StringValue. +// Code returns the exception type name. +func (s *OverLimit) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "OverLimit" +} + +// Message returns the exception's message. +func (s *OverLimit) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *OverLimit) OrigErr() error { + return nil +} + +func (s *OverLimit) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *OverLimit) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *OverLimit) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the specified queue previously received a PurgeQueue request +// within the last 60 seconds (the time it can take to delete the messages in +// the queue). +type PurgeQueueInProgress struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurgeQueueInProgress) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurgeQueueInProgress) GoString() string { + return s.String() +} + +func newErrorPurgeQueueInProgress(v protocol.ResponseMetadata) error { + return &PurgeQueueInProgress{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorPurgeQueueInProgress(v protocol.ResponseMetadata, code string) error { + return &PurgeQueueInProgress{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *PurgeQueueInProgress) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "PurgeQueueInProgress" +} + +// Message returns the exception's message. +func (s *PurgeQueueInProgress) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *PurgeQueueInProgress) OrigErr() error { + return nil +} + +func (s *PurgeQueueInProgress) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *PurgeQueueInProgress) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *PurgeQueueInProgress) RequestID() string { + return s.RespMetadata.RequestID +} + +type PurgeQueueInput struct { + _ struct{} `type:"structure"` + + // The URL of the queue from which the PurgeQueue action deletes messages. // - // You can also append custom labels. For more information, see Amazon SQS Message - // Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) - // in the Amazon SQS Developer Guide. + // Queue URLs and names are case-sensitive. // - // DataType is a required field - DataType *string `type:"string" required:"true"` + // QueueUrl is a required field + QueueUrl *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurgeQueueInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurgeQueueInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PurgeQueueInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PurgeQueueInput"} + if s.QueueUrl == nil { + invalidParams.Add(request.NewErrParamRequired("QueueUrl")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetQueueUrl sets the QueueUrl field's value. +func (s *PurgeQueueInput) SetQueueUrl(v string) *PurgeQueueInput { + s.QueueUrl = &v + return s +} + +type PurgeQueueOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurgeQueueOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PurgeQueueOutput) GoString() string { + return s.String() +} + +// You must wait 60 seconds after deleting a queue before you can create another +// queue with the same name. +type QueueDeletedRecently struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueueDeletedRecently) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueueDeletedRecently) GoString() string { + return s.String() +} + +func newErrorQueueDeletedRecently(v protocol.ResponseMetadata) error { + return &QueueDeletedRecently{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorQueueDeletedRecently(v protocol.ResponseMetadata, code string) error { + return &QueueDeletedRecently{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *QueueDeletedRecently) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "QueueDeletedRecently" +} + +// Message returns the exception's message. +func (s *QueueDeletedRecently) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *QueueDeletedRecently) OrigErr() error { + return nil +} + +func (s *QueueDeletedRecently) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *QueueDeletedRecently) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *QueueDeletedRecently) RequestID() string { + return s.RespMetadata.RequestID +} - // Not implemented. Reserved for future use. - StringListValues []*string `locationName:"StringListValue" locationNameList:"StringListValue" type:"list" flattened:"true"` +// The specified queue doesn't exist. +type QueueDoesNotExist struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string - // Strings are Unicode with UTF-8 binary encoding. For a list of code values, - // see ASCII Printable Characters (http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters). - StringValue *string `type:"string"` + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4659,7 +7103,7 @@ type MessageSystemAttributeValue struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s MessageSystemAttributeValue) String() string { +func (s QueueDoesNotExist) String() string { return awsutil.Prettify(s) } @@ -4668,62 +7112,66 @@ func (s MessageSystemAttributeValue) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s MessageSystemAttributeValue) GoString() string { +func (s QueueDoesNotExist) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *MessageSystemAttributeValue) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "MessageSystemAttributeValue"} - if s.DataType == nil { - invalidParams.Add(request.NewErrParamRequired("DataType")) +func newErrorQueueDoesNotExist(v protocol.ResponseMetadata) error { + return &QueueDoesNotExist{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorQueueDoesNotExist(v protocol.ResponseMetadata, code string) error { + return &QueueDoesNotExist{ + RespMetadata: v, + Code_: &code, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *QueueDoesNotExist) Code() string { + if s.Code_ != nil { + return *s.Code_ } - return nil + return "QueueDoesNotExist" } -// SetBinaryListValues sets the BinaryListValues field's value. -func (s *MessageSystemAttributeValue) SetBinaryListValues(v [][]byte) *MessageSystemAttributeValue { - s.BinaryListValues = v - return s +// Message returns the exception's message. +func (s *QueueDoesNotExist) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// SetBinaryValue sets the BinaryValue field's value. -func (s *MessageSystemAttributeValue) SetBinaryValue(v []byte) *MessageSystemAttributeValue { - s.BinaryValue = v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *QueueDoesNotExist) OrigErr() error { + return nil } -// SetDataType sets the DataType field's value. -func (s *MessageSystemAttributeValue) SetDataType(v string) *MessageSystemAttributeValue { - s.DataType = &v - return s +func (s *QueueDoesNotExist) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetStringListValues sets the StringListValues field's value. -func (s *MessageSystemAttributeValue) SetStringListValues(v []*string) *MessageSystemAttributeValue { - s.StringListValues = v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *QueueDoesNotExist) StatusCode() int { + return s.RespMetadata.StatusCode } -// SetStringValue sets the StringValue field's value. -func (s *MessageSystemAttributeValue) SetStringValue(v string) *MessageSystemAttributeValue { - s.StringValue = &v - return s +// RequestID returns the service's response RequestID for request. +func (s *QueueDoesNotExist) RequestID() string { + return s.RespMetadata.RequestID } -type PurgeQueueInput struct { - _ struct{} `type:"structure"` +// A queue with this name already exists. Amazon SQS returns this error only +// if the request includes attributes whose values differ from those of the +// existing queue. +type QueueNameExists struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string - // The URL of the queue from which the PurgeQueue action deletes messages. - // - // Queue URLs and names are case-sensitive. - // - // QueueUrl is a required field - QueueUrl *string `type:"string" required:"true"` + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4731,7 +7179,7 @@ type PurgeQueueInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s PurgeQueueInput) String() string { +func (s QueueNameExists) String() string { return awsutil.Prettify(s) } @@ -4740,31 +7188,64 @@ func (s PurgeQueueInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s PurgeQueueInput) GoString() string { +func (s QueueNameExists) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *PurgeQueueInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PurgeQueueInput"} - if s.QueueUrl == nil { - invalidParams.Add(request.NewErrParamRequired("QueueUrl")) +func newErrorQueueNameExists(v protocol.ResponseMetadata) error { + return &QueueNameExists{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorQueueNameExists(v protocol.ResponseMetadata, code string) error { + return &QueueNameExists{ + RespMetadata: v, + Code_: &code, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *QueueNameExists) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "QueueNameExists" +} + +// Message returns the exception's message. +func (s *QueueNameExists) Message() string { + if s.Message_ != nil { + return *s.Message_ } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *QueueNameExists) OrigErr() error { return nil } -// SetQueueUrl sets the QueueUrl field's value. -func (s *PurgeQueueInput) SetQueueUrl(v string) *PurgeQueueInput { - s.QueueUrl = &v - return s +func (s *QueueNameExists) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -type PurgeQueueOutput struct { - _ struct{} `type:"structure"` +// Status code returns the HTTP status code for the request's response error. +func (s *QueueNameExists) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *QueueNameExists) RequestID() string { + return s.RespMetadata.RequestID +} + +// The specified receipt handle isn't valid. +type ReceiptHandleIsInvalid struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` } // String returns the string representation. @@ -4772,7 +7253,7 @@ type PurgeQueueOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s PurgeQueueOutput) String() string { +func (s ReceiptHandleIsInvalid) String() string { return awsutil.Prettify(s) } @@ -4781,10 +7262,57 @@ func (s PurgeQueueOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s PurgeQueueOutput) GoString() string { +func (s ReceiptHandleIsInvalid) GoString() string { return s.String() } +func newErrorReceiptHandleIsInvalid(v protocol.ResponseMetadata) error { + return &ReceiptHandleIsInvalid{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorReceiptHandleIsInvalid(v protocol.ResponseMetadata, code string) error { + return &ReceiptHandleIsInvalid{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *ReceiptHandleIsInvalid) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "ReceiptHandleIsInvalid" +} + +// Message returns the exception's message. +func (s *ReceiptHandleIsInvalid) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ReceiptHandleIsInvalid) OrigErr() error { + return nil +} + +func (s *ReceiptHandleIsInvalid) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ReceiptHandleIsInvalid) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ReceiptHandleIsInvalid) RequestID() string { + return s.RespMetadata.RequestID +} + type ReceiveMessageInput struct { _ struct{} `type:"structure"` @@ -4821,7 +7349,7 @@ type ReceiveMessageInput struct { // in sequence. // // * SequenceNumber – Returns the value provided by Amazon SQS. - AttributeNames []*string `locationNameList:"AttributeName" type:"list" flattened:"true" enum:"QueueAttributeName"` + AttributeNames []*string `type:"list" flattened:"true" enum:"QueueAttributeName"` // The maximum number of messages to return. Amazon SQS never returns more messages // than this value (however, fewer messages might be returned). Valid values: @@ -4848,7 +7376,7 @@ type ReceiveMessageInput struct { // or you can return all of the attributes by specifying All or .* in your request. // You can also use all message attributes starting with a prefix, for example // bar.*. - MessageAttributeNames []*string `locationNameList:"MessageAttributeName" type:"list" flattened:"true"` + MessageAttributeNames []*string `type:"list" flattened:"true"` // The URL of the Amazon SQS queue from which messages are received. // @@ -5004,7 +7532,7 @@ type ReceiveMessageOutput struct { _ struct{} `type:"structure"` // A list of messages. - Messages []*Message `locationNameList:"Message" type:"list" flattened:"true"` + Messages []*Message `type:"list" flattened:"true"` } // String returns the string representation. @@ -5116,13 +7644,173 @@ func (s RemovePermissionOutput) GoString() string { return s.String() } +// The request was denied due to request throttling. +// +// - The rate of requests per second exceeds the Amazon Web Services KMS +// request quota for an account and Region. +// +// - A burst or sustained high rate of requests to change the state of the +// same KMS key. This condition is often known as a "hot key." +// +// - Requests for operations on KMS keys in a Amazon Web Services CloudHSM +// key store might be throttled at a lower-than-expected rate when the Amazon +// Web Services CloudHSM cluster associated with the Amazon Web Services +// CloudHSM key store is processing numerous commands, including those unrelated +// to the Amazon Web Services CloudHSM key store. +type RequestThrottled struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RequestThrottled) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RequestThrottled) GoString() string { + return s.String() +} + +func newErrorRequestThrottled(v protocol.ResponseMetadata) error { + return &RequestThrottled{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorRequestThrottled(v protocol.ResponseMetadata, code string) error { + return &RequestThrottled{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *RequestThrottled) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "RequestThrottled" +} + +// Message returns the exception's message. +func (s *RequestThrottled) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *RequestThrottled) OrigErr() error { + return nil +} + +func (s *RequestThrottled) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *RequestThrottled) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *RequestThrottled) RequestID() string { + return s.RespMetadata.RequestID +} + +// One or more specified resources don't exist. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorResourceNotFoundException(v protocol.ResponseMetadata, code string) error { + return &ResourceNotFoundException{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + type SendMessageBatchInput struct { _ struct{} `type:"structure"` // A list of SendMessageBatchRequestEntry items. // // Entries is a required field - Entries []*SendMessageBatchRequestEntry `locationNameList:"SendMessageBatchRequestEntry" type:"list" flattened:"true" required:"true"` + Entries []*SendMessageBatchRequestEntry `type:"list" flattened:"true" required:"true"` // The URL of the Amazon SQS queue to which batched messages are sent. // @@ -5198,12 +7886,12 @@ type SendMessageBatchOutput struct { // that can't be enqueued. // // Failed is a required field - Failed []*BatchResultErrorEntry `locationNameList:"BatchResultErrorEntry" type:"list" flattened:"true" required:"true"` + Failed []*BatchResultErrorEntry `type:"list" flattened:"true" required:"true"` // A list of SendMessageBatchResultEntry items. // // Successful is a required field - Successful []*SendMessageBatchResultEntry `locationNameList:"SendMessageBatchResultEntry" type:"list" flattened:"true" required:"true"` + Successful []*SendMessageBatchResultEntry `type:"list" flattened:"true" required:"true"` } // String returns the string representation. @@ -5262,7 +7950,7 @@ type SendMessageBatchRequestEntry struct { // Each message attribute consists of a Name, Type, and Value. For more information, // see Amazon SQS message attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) // in the Amazon SQS Developer Guide. - MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` + MessageAttributes map[string]*MessageAttributeValue `type:"map" flattened:"true"` // The body of the message. // @@ -5350,7 +8038,7 @@ type SendMessageBatchRequestEntry struct { // // * The size of a message system attribute doesn't count towards the total // size of a message. - MessageSystemAttributes map[string]*MessageSystemAttributeValue `locationName:"MessageSystemAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` + MessageSystemAttributes map[string]*MessageSystemAttributeValue `type:"map" flattened:"true"` } // String returns the string representation. @@ -5561,7 +8249,7 @@ type SendMessageInput struct { // Each message attribute consists of a Name, Type, and Value. For more information, // see Amazon SQS message attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) // in the Amazon SQS Developer Guide. - MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` + MessageAttributes map[string]*MessageAttributeValue `type:"map" flattened:"true"` // The message to send. The minimum size is one character. The maximum size // is 256 KiB. @@ -5659,7 +8347,7 @@ type SendMessageInput struct { // // * The size of a message system attribute doesn't count towards the total // size of a message. - MessageSystemAttributes map[string]*MessageSystemAttributeValue `locationName:"MessageSystemAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` + MessageSystemAttributes map[string]*MessageSystemAttributeValue `type:"map" flattened:"true"` // The URL of the Amazon SQS queue to which a message is sent. // @@ -5991,7 +8679,7 @@ type SetQueueAttributesInput struct { // in the Amazon SQS Developer Guide. // // Attributes is a required field - Attributes map[string]*string `locationName:"Attribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true" required:"true"` + Attributes map[string]*string `type:"map" flattened:"true" required:"true"` // The URL of the Amazon SQS queue whose attributes are set. // @@ -6086,7 +8774,9 @@ type StartMessageMoveTaskInput struct { MaxNumberOfMessagesPerSecond *int64 `type:"integer"` // The ARN of the queue that contains the messages to be moved to another queue. - // Currently, only dead-letter queue (DLQ) ARNs are accepted. + // Currently, only ARNs of dead-letter queues (DLQs) whose sources are other + // Amazon SQS queues are accepted. DLQs whose sources are non-SQS queues, such + // as Lambda or Amazon SNS topics, are not currently supported. // // SourceArn is a required field SourceArn *string `type:"string" required:"true"` @@ -6185,7 +8875,7 @@ type TagQueueInput struct { // The list of tags to be added to the specified queue. // // Tags is a required field - Tags map[string]*string `locationName:"Tag" locationNameKey:"Key" locationNameValue:"Value" type:"map" flattened:"true" required:"true"` + Tags map[string]*string `type:"map" flattened:"true" required:"true"` } // String returns the string representation. @@ -6256,6 +8946,154 @@ func (s TagQueueOutput) GoString() string { return s.String() } +// The batch request contains more entries than permissible. +type TooManyEntriesInBatchRequest struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyEntriesInBatchRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyEntriesInBatchRequest) GoString() string { + return s.String() +} + +func newErrorTooManyEntriesInBatchRequest(v protocol.ResponseMetadata) error { + return &TooManyEntriesInBatchRequest{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorTooManyEntriesInBatchRequest(v protocol.ResponseMetadata, code string) error { + return &TooManyEntriesInBatchRequest{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *TooManyEntriesInBatchRequest) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "TooManyEntriesInBatchRequest" +} + +// Message returns the exception's message. +func (s *TooManyEntriesInBatchRequest) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *TooManyEntriesInBatchRequest) OrigErr() error { + return nil +} + +func (s *TooManyEntriesInBatchRequest) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *TooManyEntriesInBatchRequest) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *TooManyEntriesInBatchRequest) RequestID() string { + return s.RespMetadata.RequestID +} + +// Error code 400. Unsupported operation. +type UnsupportedOperation struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + Code_ *string + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnsupportedOperation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnsupportedOperation) GoString() string { + return s.String() +} + +func newErrorUnsupportedOperation(v protocol.ResponseMetadata) error { + return &UnsupportedOperation{ + RespMetadata: v, + } +} +func newQueryCompatibleErrorUnsupportedOperation(v protocol.ResponseMetadata, code string) error { + return &UnsupportedOperation{ + RespMetadata: v, + Code_: &code, + } +} + +// Code returns the exception type name. +func (s *UnsupportedOperation) Code() string { + if s.Code_ != nil { + return *s.Code_ + } + return "UnsupportedOperation" +} + +// Message returns the exception's message. +func (s *UnsupportedOperation) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *UnsupportedOperation) OrigErr() error { + return nil +} + +func (s *UnsupportedOperation) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *UnsupportedOperation) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *UnsupportedOperation) RequestID() string { + return s.RespMetadata.RequestID +} + type UntagQueueInput struct { _ struct{} `type:"structure"` @@ -6267,7 +9105,7 @@ type UntagQueueInput struct { // The list of tags to be removed from the specified queue. // // TagKeys is a required field - TagKeys []*string `locationNameList:"TagKey" type:"list" flattened:"true" required:"true"` + TagKeys []*string `type:"list" flattened:"true" required:"true"` } // String returns the string representation. diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/errors.go index b32e6d93ada8f..8c1ff8d2504db 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/errors.go @@ -2,6 +2,10 @@ package sqs +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + const ( // ErrCodeBatchEntryIdsNotDistinct for service response error code @@ -22,12 +26,24 @@ const ( // The batch request doesn't contain any entries. ErrCodeEmptyBatchRequest = "AWS.SimpleQueueService.EmptyBatchRequest" + // ErrCodeInvalidAddress for service response error code + // "InvalidAddress". + // + // The accountId is invalid. + ErrCodeInvalidAddress = "InvalidAddress" + // ErrCodeInvalidAttributeName for service response error code // "InvalidAttributeName". // // The specified attribute doesn't exist. ErrCodeInvalidAttributeName = "InvalidAttributeName" + // ErrCodeInvalidAttributeValue for service response error code + // "InvalidAttributeValue". + // + // A queue attribute value is invalid. + ErrCodeInvalidAttributeValue = "InvalidAttributeValue" + // ErrCodeInvalidBatchEntryId for service response error code // "AWS.SimpleQueueService.InvalidBatchEntryId". // @@ -46,6 +62,62 @@ const ( // The message contains characters outside the allowed set. ErrCodeInvalidMessageContents = "InvalidMessageContents" + // ErrCodeInvalidSecurity for service response error code + // "InvalidSecurity". + // + // When the request to a queue is not HTTPS and SigV4. + ErrCodeInvalidSecurity = "InvalidSecurity" + + // ErrCodeKmsAccessDenied for service response error code + // "KmsAccessDenied". + // + // The caller doesn't have the required KMS access. + ErrCodeKmsAccessDenied = "KmsAccessDenied" + + // ErrCodeKmsDisabled for service response error code + // "KmsDisabled". + // + // The request was denied due to request throttling. + ErrCodeKmsDisabled = "KmsDisabled" + + // ErrCodeKmsInvalidKeyUsage for service response error code + // "KmsInvalidKeyUsage". + // + // The request was rejected for one of the following reasons: + // + // * The KeyUsage value of the KMS key is incompatible with the API operation. + // + // * The encryption algorithm or signing algorithm specified for the operation + // is incompatible with the type of key material in the KMS key (KeySpec). + ErrCodeKmsInvalidKeyUsage = "KmsInvalidKeyUsage" + + // ErrCodeKmsInvalidState for service response error code + // "KmsInvalidState". + // + // The request was rejected because the state of the specified resource is not + // valid for this request. + ErrCodeKmsInvalidState = "KmsInvalidState" + + // ErrCodeKmsNotFound for service response error code + // "KmsNotFound". + // + // The request was rejected because the specified entity or resource could not + // be found. + ErrCodeKmsNotFound = "KmsNotFound" + + // ErrCodeKmsOptInRequired for service response error code + // "KmsOptInRequired". + // + // The request was rejected because the specified key policy isn't syntactically + // or semantically correct. + ErrCodeKmsOptInRequired = "KmsOptInRequired" + + // ErrCodeKmsThrottled for service response error code + // "KmsThrottled". + // + // Amazon Web Services KMS throttles requests for the following conditions. + ErrCodeKmsThrottled = "KmsThrottled" + // ErrCodeMessageNotInflight for service response error code // "AWS.SimpleQueueService.MessageNotInflight". // @@ -96,6 +168,24 @@ const ( // The specified receipt handle isn't valid. ErrCodeReceiptHandleIsInvalid = "ReceiptHandleIsInvalid" + // ErrCodeRequestThrottled for service response error code + // "RequestThrottled". + // + // The request was denied due to request throttling. + // + // * The rate of requests per second exceeds the Amazon Web Services KMS + // request quota for an account and Region. + // + // * A burst or sustained high rate of requests to change the state of the + // same KMS key. This condition is often known as a "hot key." + // + // * Requests for operations on KMS keys in a Amazon Web Services CloudHSM + // key store might be throttled at a lower-than-expected rate when the Amazon + // Web Services CloudHSM cluster associated with the Amazon Web Services + // CloudHSM key store is processing numerous commands, including those unrelated + // to the Amazon Web Services CloudHSM key store. + ErrCodeRequestThrottled = "RequestThrottled" + // ErrCodeResourceNotFoundException for service response error code // "ResourceNotFoundException". // @@ -114,3 +204,64 @@ const ( // Error code 400. Unsupported operation. ErrCodeUnsupportedOperation = "AWS.SimpleQueueService.UnsupportedOperation" ) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "BatchEntryIdsNotDistinct": newErrorBatchEntryIdsNotDistinct, + "BatchRequestTooLong": newErrorBatchRequestTooLong, + "EmptyBatchRequest": newErrorEmptyBatchRequest, + "InvalidAddress": newErrorInvalidAddress, + "InvalidAttributeName": newErrorInvalidAttributeName, + "InvalidAttributeValue": newErrorInvalidAttributeValue, + "InvalidBatchEntryId": newErrorInvalidBatchEntryId, + "InvalidIdFormat": newErrorInvalidIdFormat, + "InvalidMessageContents": newErrorInvalidMessageContents, + "InvalidSecurity": newErrorInvalidSecurity, + "KmsAccessDenied": newErrorKmsAccessDenied, + "KmsDisabled": newErrorKmsDisabled, + "KmsInvalidKeyUsage": newErrorKmsInvalidKeyUsage, + "KmsInvalidState": newErrorKmsInvalidState, + "KmsNotFound": newErrorKmsNotFound, + "KmsOptInRequired": newErrorKmsOptInRequired, + "KmsThrottled": newErrorKmsThrottled, + "MessageNotInflight": newErrorMessageNotInflight, + "OverLimit": newErrorOverLimit, + "PurgeQueueInProgress": newErrorPurgeQueueInProgress, + "QueueDeletedRecently": newErrorQueueDeletedRecently, + "QueueDoesNotExist": newErrorQueueDoesNotExist, + "QueueNameExists": newErrorQueueNameExists, + "ReceiptHandleIsInvalid": newErrorReceiptHandleIsInvalid, + "RequestThrottled": newErrorRequestThrottled, + "ResourceNotFoundException": newErrorResourceNotFoundException, + "TooManyEntriesInBatchRequest": newErrorTooManyEntriesInBatchRequest, + "UnsupportedOperation": newErrorUnsupportedOperation, +} +var queryExceptionFromCode = map[string]func(protocol.ResponseMetadata, string) error{ + "BatchEntryIdsNotDistinct": newQueryCompatibleErrorBatchEntryIdsNotDistinct, + "BatchRequestTooLong": newQueryCompatibleErrorBatchRequestTooLong, + "EmptyBatchRequest": newQueryCompatibleErrorEmptyBatchRequest, + "InvalidAddress": newQueryCompatibleErrorInvalidAddress, + "InvalidAttributeName": newQueryCompatibleErrorInvalidAttributeName, + "InvalidAttributeValue": newQueryCompatibleErrorInvalidAttributeValue, + "InvalidBatchEntryId": newQueryCompatibleErrorInvalidBatchEntryId, + "InvalidIdFormat": newQueryCompatibleErrorInvalidIdFormat, + "InvalidMessageContents": newQueryCompatibleErrorInvalidMessageContents, + "InvalidSecurity": newQueryCompatibleErrorInvalidSecurity, + "KmsAccessDenied": newQueryCompatibleErrorKmsAccessDenied, + "KmsDisabled": newQueryCompatibleErrorKmsDisabled, + "KmsInvalidKeyUsage": newQueryCompatibleErrorKmsInvalidKeyUsage, + "KmsInvalidState": newQueryCompatibleErrorKmsInvalidState, + "KmsNotFound": newQueryCompatibleErrorKmsNotFound, + "KmsOptInRequired": newQueryCompatibleErrorKmsOptInRequired, + "KmsThrottled": newQueryCompatibleErrorKmsThrottled, + "MessageNotInflight": newQueryCompatibleErrorMessageNotInflight, + "OverLimit": newQueryCompatibleErrorOverLimit, + "PurgeQueueInProgress": newQueryCompatibleErrorPurgeQueueInProgress, + "QueueDeletedRecently": newQueryCompatibleErrorQueueDeletedRecently, + "QueueDoesNotExist": newQueryCompatibleErrorQueueDoesNotExist, + "QueueNameExists": newQueryCompatibleErrorQueueNameExists, + "ReceiptHandleIsInvalid": newQueryCompatibleErrorReceiptHandleIsInvalid, + "RequestThrottled": newQueryCompatibleErrorRequestThrottled, + "ResourceNotFoundException": newQueryCompatibleErrorResourceNotFoundException, + "TooManyEntriesInBatchRequest": newQueryCompatibleErrorTooManyEntriesInBatchRequest, + "UnsupportedOperation": newQueryCompatibleErrorUnsupportedOperation, +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/service.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/service.go index 32132c6be8626..a5c4df1d2d838 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/service.go @@ -8,7 +8,8 @@ import ( "github.com/aws/aws-sdk-go/aws/client/metadata" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/signer/v4" - "github.com/aws/aws-sdk-go/private/protocol/query" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" ) // SQS provides the API operation methods for making requests to @@ -70,6 +71,8 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, Endpoint: endpoint, APIVersion: "2012-11-05", ResolvedRegion: resolvedRegion, + JSONVersion: "1.0", + TargetPrefix: "AmazonSQS", }, handlers, ), @@ -77,10 +80,12 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, // Handlers svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) - svc.Handlers.Build.PushBackNamed(query.BuildHandler) - svc.Handlers.Unmarshal.PushBackNamed(query.UnmarshalHandler) - svc.Handlers.UnmarshalMeta.PushBackNamed(query.UnmarshalMetaHandler) - svc.Handlers.UnmarshalError.PushBackNamed(query.UnmarshalErrorHandler) + svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedErrorWithOptions(exceptionFromCode, jsonrpc.WithQueryCompatibility(queryExceptionFromCode))).NamedHandler(), + ) // Run custom client initialization if present if initClient != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go index 092693aa444ce..673ad831d17f0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go @@ -214,6 +214,9 @@ func (c *SSM) AssociateOpsItemRelatedItemRequest(input *AssociateOpsItemRelatedI // - OpsItemRelatedItemAlreadyExistsException // The Amazon Resource Name (ARN) is already associated with the OpsItem. // +// - OpsItemConflictException +// The specified OpsItem is in the process of being deleted. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/AssociateOpsItemRelatedItem func (c *SSM) AssociateOpsItemRelatedItem(input *AssociateOpsItemRelatedItemInput) (*AssociateOpsItemRelatedItemOutput, error) { req, out := c.AssociateOpsItemRelatedItemRequest(input) @@ -1881,6 +1884,112 @@ func (c *SSM) DeleteMaintenanceWindowWithContext(ctx aws.Context, input *DeleteM return out, req.Send() } +const opDeleteOpsItem = "DeleteOpsItem" + +// DeleteOpsItemRequest generates a "aws/request.Request" representing the +// client's request for the DeleteOpsItem operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteOpsItem for more information on using the DeleteOpsItem +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteOpsItemRequest method. +// req, resp := client.DeleteOpsItemRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DeleteOpsItem +func (c *SSM) DeleteOpsItemRequest(input *DeleteOpsItemInput) (req *request.Request, output *DeleteOpsItemOutput) { + op := &request.Operation{ + Name: opDeleteOpsItem, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteOpsItemInput{} + } + + output = &DeleteOpsItemOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteOpsItem API operation for Amazon Simple Systems Manager (SSM). +// +// Delete an OpsItem. You must have permission in Identity and Access Management +// (IAM) to delete an OpsItem. +// +// Note the following important information about this operation. +// +// - Deleting an OpsItem is irreversible. You can't restore a deleted OpsItem. +// +// - This operation uses an eventual consistency model, which means the system +// can take a few minutes to complete this operation. If you delete an OpsItem +// and immediately call, for example, GetOpsItem, the deleted OpsItem might +// still appear in the response. +// +// - This operation is idempotent. The system doesn't throw an exception +// if you repeatedly call this operation for the same OpsItem. If the first +// call is successful, all additional calls return the same successful response +// as the first call. +// +// - This operation doesn't support cross-account calls. A delegated administrator +// or management account can't delete OpsItems in other accounts, even if +// OpsCenter has been set up for cross-account administration. For more information +// about cross-account administration, see Setting up OpsCenter to centrally +// manage OpsItems across accounts (https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-setting-up-cross-account.html) +// in the Systems Manager User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Systems Manager (SSM)'s +// API operation DeleteOpsItem for usage and error information. +// +// Returned Error Types: +// +// - InternalServerError +// An error occurred on the server side. +// +// - OpsItemInvalidParameterException +// A specified parameter argument isn't valid. Verify the available arguments +// and try again. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DeleteOpsItem +func (c *SSM) DeleteOpsItem(input *DeleteOpsItemInput) (*DeleteOpsItemOutput, error) { + req, out := c.DeleteOpsItemRequest(input) + return out, req.Send() +} + +// DeleteOpsItemWithContext is the same as DeleteOpsItem with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteOpsItem for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSM) DeleteOpsItemWithContext(ctx aws.Context, input *DeleteOpsItemInput, opts ...request.Option) (*DeleteOpsItemOutput, error) { + req, out := c.DeleteOpsItemRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteOpsMetadata = "DeleteOpsMetadata" // DeleteOpsMetadataRequest generates a "aws/request.Request" representing the @@ -7307,6 +7416,9 @@ func (c *SSM) DisassociateOpsItemRelatedItemRequest(input *DisassociateOpsItemRe // A specified parameter argument isn't valid. Verify the available arguments // and try again. // +// - OpsItemConflictException +// The specified OpsItem is in the process of being deleted. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DisassociateOpsItemRelatedItem func (c *SSM) DisassociateOpsItemRelatedItem(input *DisassociateOpsItemRelatedItemInput) (*DisassociateOpsItemRelatedItemOutput, error) { req, out := c.DisassociateOpsItemRelatedItemRequest(input) @@ -15497,6 +15609,9 @@ func (c *SSM) UpdateOpsItemRequest(input *UpdateOpsItemInput) (req *request.Requ // that your account is configured either as a Systems Manager delegated administrator // or that you are logged into the Organizations management account. // +// - OpsItemConflictException +// The specified OpsItem is in the process of being deleted. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdateOpsItem func (c *SSM) UpdateOpsItem(input *UpdateOpsItemInput) (*UpdateOpsItemOutput, error) { req, out := c.UpdateOpsItemRequest(input) @@ -18713,6 +18828,9 @@ type AutomationExecution struct { // The CloudWatch alarm that was invoked by the automation. TriggeredAlarms []*AlarmStateInformation `min:"1" type:"list"` + + // Variables defined for the automation. + Variables map[string][]*string `min:"1" type:"map"` } // String returns the string representation. @@ -18931,6 +19049,12 @@ func (s *AutomationExecution) SetTriggeredAlarms(v []*AlarmStateInformation) *Au return s } +// SetVariables sets the Variables field's value. +func (s *AutomationExecution) SetVariables(v map[string][]*string) *AutomationExecution { + s.Variables = v + return s +} + // A filter used to match specific automation executions. This is used to limit // the scope of Automation execution information returned. type AutomationExecutionFilter struct { @@ -22808,7 +22932,11 @@ type CreateOpsItemInput struct { // Specify a category to assign to an OpsItem. Category *string `min:"1" type:"string"` - // Information about the OpsItem. + // User-defined text that contains information about the OpsItem, in Markdown + // format. + // + // Provide enough information so that users viewing this OpsItem for the first + // time understand the issue. // // Description is a required field Description *string `min:"1" type:"string" required:"true"` @@ -22849,7 +22977,7 @@ type CreateOpsItemInput struct { // * /aws/changerequest This type of OpsItem is used by Change Manager for // reviewing and approving or rejecting change requests. // - // * /aws/insights This type of OpsItem is used by OpsCenter for aggregating + // * /aws/insight This type of OpsItem is used by OpsCenter for aggregating // and reporting on duplicate OpsItems. OpsItemType *string `type:"string"` @@ -24159,6 +24287,74 @@ func (s *DeleteMaintenanceWindowOutput) SetWindowId(v string) *DeleteMaintenance return s } +type DeleteOpsItemInput struct { + _ struct{} `type:"structure"` + + // The ID of the OpsItem that you want to delete. + // + // OpsItemId is a required field + OpsItemId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteOpsItemInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteOpsItemInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteOpsItemInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteOpsItemInput"} + if s.OpsItemId == nil { + invalidParams.Add(request.NewErrParamRequired("OpsItemId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetOpsItemId sets the OpsItemId field's value. +func (s *DeleteOpsItemInput) SetOpsItemId(v string) *DeleteOpsItemInput { + s.OpsItemId = &v + return s +} + +type DeleteOpsItemOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteOpsItemOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteOpsItemOutput) GoString() string { + return s.String() +} + type DeleteOpsMetadataInput struct { _ struct{} `type:"structure"` @@ -26991,6 +27187,9 @@ type DescribeInstancePatchesInput struct { // * Severity Sample values: Important | Medium | Low // // * State Sample values: Installed | InstalledOther | InstalledPendingReboot + // For lists of all State values, see Understanding patch compliance state + // values (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-compliance-states.html) + // in the Amazon Web Services Systems Manager User Guide. Filters []*PatchOrchestratorFilter `type:"list"` // The ID of the managed node whose patch state information should be retrieved. @@ -45305,7 +45504,7 @@ type OpsItem struct { // * /aws/changerequest This type of OpsItem is used by Change Manager for // reviewing and approving or rejecting change requests. // - // * /aws/insights This type of OpsItem is used by OpsCenter for aggregating + // * /aws/insight This type of OpsItem is used by OpsCenter for aggregating // and reporting on duplicate OpsItems. OpsItemType *string `type:"string"` @@ -45628,6 +45827,70 @@ func (s *OpsItemAlreadyExistsException) RequestID() string { return s.RespMetadata.RequestID } +// The specified OpsItem is in the process of being deleted. +type OpsItemConflictException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OpsItemConflictException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OpsItemConflictException) GoString() string { + return s.String() +} + +func newErrorOpsItemConflictException(v protocol.ResponseMetadata) error { + return &OpsItemConflictException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *OpsItemConflictException) Code() string { + return "OpsItemConflictException" +} + +// Message returns the exception's message. +func (s *OpsItemConflictException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *OpsItemConflictException) OrigErr() error { + return nil +} + +func (s *OpsItemConflictException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *OpsItemConflictException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *OpsItemConflictException) RequestID() string { + return s.RespMetadata.RequestID +} + // An object that defines the value of the key and its type in the OperationalData // map. type OpsItemDataValue struct { @@ -46532,7 +46795,7 @@ type OpsItemSummary struct { // * /aws/changerequest This type of OpsItem is used by Change Manager for // reviewing and approving or rejecting change requests. // - // * /aws/insights This type of OpsItem is used by OpsCenter for aggregating + // * /aws/insight This type of OpsItem is used by OpsCenter for aggregating // and reporting on duplicate OpsItems. OpsItemType *string `type:"string"` @@ -48382,6 +48645,74 @@ func (s *ParametersFilter) SetValues(v []*string) *ParametersFilter { return s } +// A detailed status of the parent step. +type ParentStepDetails struct { + _ struct{} `type:"structure"` + + // The name of the automation action. + Action *string `type:"string"` + + // The current repetition of the loop represented by an integer. + Iteration *int64 `type:"integer"` + + // The current value of the specified iterator in the loop. + IteratorValue *string `type:"string"` + + // The unique ID of a step execution. + StepExecutionId *string `type:"string"` + + // The name of the step. + StepName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ParentStepDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ParentStepDetails) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *ParentStepDetails) SetAction(v string) *ParentStepDetails { + s.Action = &v + return s +} + +// SetIteration sets the Iteration field's value. +func (s *ParentStepDetails) SetIteration(v int64) *ParentStepDetails { + s.Iteration = &v + return s +} + +// SetIteratorValue sets the IteratorValue field's value. +func (s *ParentStepDetails) SetIteratorValue(v string) *ParentStepDetails { + s.IteratorValue = &v + return s +} + +// SetStepExecutionId sets the StepExecutionId field's value. +func (s *ParentStepDetails) SetStepExecutionId(v string) *ParentStepDetails { + s.StepExecutionId = &v + return s +} + +// SetStepName sets the StepName field's value. +func (s *ParentStepDetails) SetStepName(v string) *ParentStepDetails { + s.StepName = &v + return s +} + // Represents metadata about a patch. type Patch struct { _ struct{} `type:"structure"` @@ -55150,6 +55481,9 @@ type StepExecution struct { // A user-specified list of parameters to override when running a step. OverriddenParameters map[string][]*string `min:"1" type:"map"` + // Information about the parent step. + ParentStepDetails *ParentStepDetails `type:"structure"` + // A message associated with the response code for an execution. Response *string `type:"string"` @@ -55282,6 +55616,12 @@ func (s *StepExecution) SetOverriddenParameters(v map[string][]*string) *StepExe return s } +// SetParentStepDetails sets the ParentStepDetails field's value. +func (s *StepExecution) SetParentStepDetails(v *ParentStepDetails) *StepExecution { + s.ParentStepDetails = v + return s +} + // SetResponse sets the Response field's value. func (s *StepExecution) SetResponse(v string) *StepExecution { s.Response = &v @@ -55347,9 +55687,7 @@ func (s *StepExecution) SetValidNextSteps(v []*string) *StepExecution { type StepExecutionFilter struct { _ struct{} `type:"structure"` - // One or more keys to limit the results. Valid filter keys include the following: - // StepName, Action, StepExecutionId, StepExecutionStatus, StartTimeBefore, - // StartTimeAfter. + // One or more keys to limit the results. // // Key is a required field Key *string `type:"string" required:"true" enum:"StepExecutionFilterKey"` @@ -58869,8 +59207,8 @@ type UpdateOpsItemInput struct { // Specify a new category for an OpsItem. Category *string `min:"1" type:"string"` - // Update the information about the OpsItem. Provide enough information so that - // users reading this OpsItem for the first time understand the issue. + // User-defined text that contains information about the OpsItem, in Markdown + // format. Description *string `min:"1" type:"string"` // The Amazon Resource Name (ARN) of an SNS topic where notifications are sent @@ -59733,23 +60071,25 @@ type UpdateServiceSettingInput struct { // The new value to specify for the service setting. The following list specifies // the available values for each setting. // - // * /ssm/managed-instance/default-ec2-instance-management-role: The name - // of an IAM role + // * For /ssm/managed-instance/default-ec2-instance-management-role, enter + // the name of an IAM role. // - // * /ssm/automation/customer-script-log-destination: CloudWatch + // * For /ssm/automation/customer-script-log-destination, enter CloudWatch. // - // * /ssm/automation/customer-script-log-group-name: The name of an Amazon - // CloudWatch Logs log group + // * For /ssm/automation/customer-script-log-group-name, enter the name of + // an Amazon CloudWatch Logs log group. // - // * /ssm/documents/console/public-sharing-permission: Enable or Disable + // * For /ssm/documents/console/public-sharing-permission, enter Enable or + // Disable. // - // * /ssm/managed-instance/activation-tier: standard or advanced + // * For /ssm/managed-instance/activation-tier, enter standard or advanced. // - // * /ssm/opsinsights/opscenter: Enabled or Disabled + // * For /ssm/opsinsights/opscenter, enter Enabled or Disabled. // - // * /ssm/parameter-store/default-parameter-tier: Standard, Advanced, Intelligent-Tiering + // * For /ssm/parameter-store/default-parameter-tier, enter Standard, Advanced, + // or Intelligent-Tiering // - // * /ssm/parameter-store/high-throughput-enabled: true or false + // * For /ssm/parameter-store/high-throughput-enabled, enter true or false. // // SettingValue is a required field SettingValue *string `min:"1" type:"string" required:"true"` @@ -60136,6 +60476,9 @@ const ( // AutomationExecutionStatusCompletedWithFailure is a AutomationExecutionStatus enum value AutomationExecutionStatusCompletedWithFailure = "CompletedWithFailure" + + // AutomationExecutionStatusExited is a AutomationExecutionStatus enum value + AutomationExecutionStatusExited = "Exited" ) // AutomationExecutionStatus_Values returns all elements of the AutomationExecutionStatus enum @@ -60159,6 +60502,7 @@ func AutomationExecutionStatus_Values() []string { AutomationExecutionStatusChangeCalendarOverrideRejected, AutomationExecutionStatusCompletedWithSuccess, AutomationExecutionStatusCompletedWithFailure, + AutomationExecutionStatusExited, } } @@ -60436,17 +60780,17 @@ func ComplianceUploadType_Values() []string { const ( // ConnectionStatusConnected is a ConnectionStatus enum value - ConnectionStatusConnected = "Connected" + ConnectionStatusConnected = "connected" - // ConnectionStatusNotConnected is a ConnectionStatus enum value - ConnectionStatusNotConnected = "NotConnected" + // ConnectionStatusNotconnected is a ConnectionStatus enum value + ConnectionStatusNotconnected = "notconnected" ) // ConnectionStatus_Values returns all elements of the ConnectionStatus enum func ConnectionStatus_Values() []string { return []string{ ConnectionStatusConnected, - ConnectionStatusNotConnected, + ConnectionStatusNotconnected, } } @@ -61851,9 +62195,6 @@ const ( // ResourceTypeManagedInstance is a ResourceType enum value ResourceTypeManagedInstance = "ManagedInstance" - // ResourceTypeDocument is a ResourceType enum value - ResourceTypeDocument = "Document" - // ResourceTypeEc2instance is a ResourceType enum value ResourceTypeEc2instance = "EC2Instance" ) @@ -61862,7 +62203,6 @@ const ( func ResourceType_Values() []string { return []string{ ResourceTypeManagedInstance, - ResourceTypeDocument, ResourceTypeEc2instance, } } @@ -62081,6 +62421,15 @@ const ( // StepExecutionFilterKeyAction is a StepExecutionFilterKey enum value StepExecutionFilterKeyAction = "Action" + + // StepExecutionFilterKeyParentStepExecutionId is a StepExecutionFilterKey enum value + StepExecutionFilterKeyParentStepExecutionId = "ParentStepExecutionId" + + // StepExecutionFilterKeyParentStepIteration is a StepExecutionFilterKey enum value + StepExecutionFilterKeyParentStepIteration = "ParentStepIteration" + + // StepExecutionFilterKeyParentStepIteratorValue is a StepExecutionFilterKey enum value + StepExecutionFilterKeyParentStepIteratorValue = "ParentStepIteratorValue" ) // StepExecutionFilterKey_Values returns all elements of the StepExecutionFilterKey enum @@ -62092,6 +62441,9 @@ func StepExecutionFilterKey_Values() []string { StepExecutionFilterKeyStepExecutionId, StepExecutionFilterKeyStepName, StepExecutionFilterKeyAction, + StepExecutionFilterKeyParentStepExecutionId, + StepExecutionFilterKeyParentStepIteration, + StepExecutionFilterKeyParentStepIteratorValue, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/doc.go index b7b2854b4a9c5..a527ef256c422 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssm/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/doc.go @@ -15,7 +15,7 @@ // Related resources // // - For information about each of the capabilities that comprise Systems -// Manager, see Systems Manager capabilities (https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/systems-manager-capabilities.html) +// Manager, see Systems Manager capabilities (https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html#systems-manager-capabilities) // in the Amazon Web Services Systems Manager User Guide. // // - For details about predefined runbooks for Automation, a capability of diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go index 3aceb54946e26..99f4f82416f6b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go @@ -586,6 +586,12 @@ const ( // The OpsItem already exists. ErrCodeOpsItemAlreadyExistsException = "OpsItemAlreadyExistsException" + // ErrCodeOpsItemConflictException for service response error code + // "OpsItemConflictException". + // + // The specified OpsItem is in the process of being deleted. + ErrCodeOpsItemConflictException = "OpsItemConflictException" + // ErrCodeOpsItemInvalidParameterException for service response error code // "OpsItemInvalidParameterException". // @@ -995,6 +1001,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "MaxDocumentSizeExceeded": newErrorMaxDocumentSizeExceeded, "OpsItemAccessDeniedException": newErrorOpsItemAccessDeniedException, "OpsItemAlreadyExistsException": newErrorOpsItemAlreadyExistsException, + "OpsItemConflictException": newErrorOpsItemConflictException, "OpsItemInvalidParameterException": newErrorOpsItemInvalidParameterException, "OpsItemLimitExceededException": newErrorOpsItemLimitExceededException, "OpsItemNotFoundException": newErrorOpsItemNotFoundException, diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/ssmiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/ssmiface/interface.go index de479b10e92e0..ad6a6e7fd9475 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssm/ssmiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/ssmiface/interface.go @@ -132,6 +132,10 @@ type SSMAPI interface { DeleteMaintenanceWindowWithContext(aws.Context, *ssm.DeleteMaintenanceWindowInput, ...request.Option) (*ssm.DeleteMaintenanceWindowOutput, error) DeleteMaintenanceWindowRequest(*ssm.DeleteMaintenanceWindowInput) (*request.Request, *ssm.DeleteMaintenanceWindowOutput) + DeleteOpsItem(*ssm.DeleteOpsItemInput) (*ssm.DeleteOpsItemOutput, error) + DeleteOpsItemWithContext(aws.Context, *ssm.DeleteOpsItemInput, ...request.Option) (*ssm.DeleteOpsItemOutput, error) + DeleteOpsItemRequest(*ssm.DeleteOpsItemInput) (*request.Request, *ssm.DeleteOpsItemOutput) + DeleteOpsMetadata(*ssm.DeleteOpsMetadataInput) (*ssm.DeleteOpsMetadataOutput, error) DeleteOpsMetadataWithContext(aws.Context, *ssm.DeleteOpsMetadataInput, ...request.Option) (*ssm.DeleteOpsMetadataOutput, error) DeleteOpsMetadataRequest(*ssm.DeleteOpsMetadataInput) (*request.Request, *ssm.DeleteOpsMetadataOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go index c743913c572b1..04f6c811b637b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go @@ -56,9 +56,10 @@ func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Requ // CreateToken API operation for AWS SSO OIDC. // -// Creates and returns an access token for the authorized client. The access -// token issued will be used to fetch short-term credentials for the assigned -// roles in the AWS account. +// Creates and returns access and refresh tokens for clients that are authenticated +// using client secrets. The access token can be used to fetch short-term credentials +// for the assigned AWS accounts or to access application APIs using bearer +// authentication. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -133,6 +134,131 @@ func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInpu return out, req.Send() } +const opCreateTokenWithIAM = "CreateTokenWithIAM" + +// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the +// client's request for the CreateTokenWithIAM operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTokenWithIAMRequest method. +// req, resp := client.CreateTokenWithIAMRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) { + op := &request.Operation{ + Name: opCreateTokenWithIAM, + HTTPMethod: "POST", + HTTPPath: "/token?aws_iam=t", + } + + if input == nil { + input = &CreateTokenWithIAMInput{} + } + + output = &CreateTokenWithIAMOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTokenWithIAM API operation for AWS SSO OIDC. +// +// Creates and returns access and refresh tokens for clients and applications +// that are authenticated using IAM entities. The access token can be used to +// fetch short-term credentials for the assigned AWS accounts or to access application +// APIs using bearer authentication. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation CreateTokenWithIAM for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - InvalidGrantException +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - UnsupportedGrantTypeException +// Indicates that the grant type in the request is not supported by the service. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - AuthorizationPendingException +// Indicates that a request to authorize a client with an access user session +// token is pending. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ExpiredTokenException +// Indicates that the token issued by the service is expired and is no longer +// valid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// - InvalidRequestRegionException +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + return out, req.Send() +} + +// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTokenWithIAM for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRegisterClient = "RegisterClient" // RegisterClientRequest generates a "aws/request.Request" representing the @@ -331,8 +457,11 @@ type AccessDeniedException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be access_denied. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -400,8 +529,11 @@ type AuthorizationPendingException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be authorization_pending. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -466,8 +598,8 @@ func (s *AuthorizationPendingException) RequestID() string { type CreateTokenInput struct { _ struct{} `type:"structure"` - // The unique identifier string for each client. This value should come from - // the persisted result of the RegisterClient API. + // The unique identifier string for the client or application. This value comes + // from the result of the RegisterClient API. // // ClientId is a required field ClientId *string `locationName:"clientId" type:"string" required:"true"` @@ -475,23 +607,30 @@ type CreateTokenInput struct { // A secret string generated for the client. This value should come from the // persisted result of the RegisterClient API. // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + // // ClientSecret is a required field - ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` - // The authorization code received from the authorization service. This parameter - // is required to perform an authorization grant request to get access to a - // token. + // Used only when calling this API for the Authorization Code grant type. The + // short-term code is used to identify this authorization request. This grant + // type is currently unsupported for the CreateToken API. Code *string `locationName:"code" type:"string"` - // Used only when calling this API for the device code grant type. This short-term - // code is used to identify this authentication attempt. This should come from - // an in-memory reference to the result of the StartDeviceAuthorization API. + // Used only when calling this API for the Device Code grant type. This short-term + // code is used to identify this authorization request. This comes from the + // result of the StartDeviceAuthorization API. DeviceCode *string `locationName:"deviceCode" type:"string"` - // Supports grant types for the authorization code, refresh token, and device - // code request. For device code requests, specify the following value: + // Supports the following OAuth grant types: Device Code and Refresh Token. + // Specify either of the following values, depending on the grant type that + // you want: + // + // * Device Code - urn:ietf:params:oauth:grant-type:device_code // - // urn:ietf:params:oauth:grant-type:device_code + // * Refresh Token - refresh_token // // For information about how to obtain the device code, see the StartDeviceAuthorization // topic. @@ -499,21 +638,28 @@ type CreateTokenInput struct { // GrantType is a required field GrantType *string `locationName:"grantType" type:"string" required:"true"` - // The location of the application that will receive the authorization code. - // Users authorize the service to send the request to this location. + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. RedirectUri *string `locationName:"redirectUri" type:"string"` - // Currently, refreshToken is not yet implemented and is not supported. For - // more information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. // - // The token used to obtain an access token in the event that the access token - // is invalid or expired. - RefreshToken *string `locationName:"refreshToken" type:"string"` - - // The list of scopes that is defined by the client. Upon authorization, this - // list is used to restrict permissions when granting an access token. + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If this value is + // not specified, IAM Identity Center authorizes all scopes that are configured + // for the client during the call to RegisterClient. Scope []*string `locationName:"scope" type:"list"` } @@ -605,31 +751,43 @@ func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput { type CreateTokenOutput struct { _ struct{} `type:"structure"` - // An opaque token to access IAM Identity Center resources assigned to a user. - AccessToken *string `locationName:"accessToken" type:"string"` + // A bearer token to access AWS accounts and applications assigned to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` // Indicates the time in seconds when an access token will expire. ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` - // Currently, idToken is not yet implemented and is not supported. For more - // information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // The idToken is not implemented or supported. For more information about the + // features and limitations of the current IAM Identity Center OIDC implementation, + // see Considerations for Using this Guide in the IAM Identity Center OIDC API + // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). // - // The identifier of the user that associated with the access token, if present. - IdToken *string `locationName:"idToken" type:"string"` - - // Currently, refreshToken is not yet implemented and is not supported. For - // more information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // A JSON Web Token (JWT) that identifies who is associated with the issued + // access token. // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` + // A token that, if present, can be used to refresh a previously issued access // token that might have expired. - RefreshToken *string `locationName:"refreshToken" type:"string"` + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` // Used to notify the client that the returned token is an access token. The - // supported type is BearerToken. + // supported token type is Bearer. TokenType *string `locationName:"tokenType" type:"string"` } @@ -681,14 +839,312 @@ func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput { return s } +type CreateTokenWithIAMInput struct { + _ struct{} `type:"structure"` + + // Used only when calling this API for the JWT Bearer grant type. This value + // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize + // a trusted token issuer, configure the JWT Bearer GrantOptions for the application. + // + // Assertion is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + Assertion *string `locationName:"assertion" type:"string" sensitive:"true"` + + // The unique identifier string for the client or application. This value is + // an application ARN that has OAuth grants configured. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // short-term code is used to identify this authorization request. The code + // is obtained through a redirect from IAM Identity Center to a redirect URI + // persisted in the Authorization Code GrantOptions for the application. + Code *string `locationName:"code" type:"string"` + + // Supports the following OAuth grant types: Authorization Code, Refresh Token, + // JWT Bearer, and Token Exchange. Specify one of the following values, depending + // on the grant type that you want: + // + // * Authorization Code - authorization_code + // + // * Refresh Token - refresh_token + // + // * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer + // + // * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange + // + // GrantType is a required field + GrantType *string `locationName:"grantType" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. + RedirectUri *string `locationName:"redirectUri" type:"string"` + + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that the requester can receive. The following + // values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + RequestedTokenType *string `locationName:"requestedTokenType" type:"string"` + + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If the value is + // not specified, IAM Identity Center authorizes all scopes configured for the + // application, including the following default scopes: openid, aws, sts:identity_context. + Scope []*string `locationName:"scope" type:"list"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the subject of the exchange. The value of the subject token must + // be an access token issued by IAM Identity Center to a different client or + // application. The access token must have authorized scopes that indicate the + // requested application as a target audience. + // + // SubjectToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that is passed as the subject of the exchange. + // The following value is supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + SubjectTokenType *string `locationName:"subjectTokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTokenWithIAMInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.GrantType == nil { + invalidParams.Add(request.NewErrParamRequired("GrantType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssertion sets the Assertion field's value. +func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput { + s.Assertion = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput { + s.ClientId = &v + return s +} + +// SetCode sets the Code field's value. +func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput { + s.Code = &v + return s +} + +// SetGrantType sets the GrantType field's value. +func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput { + s.GrantType = &v + return s +} + +// SetRedirectUri sets the RedirectUri field's value. +func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput { + s.RedirectUri = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput { + s.RefreshToken = &v + return s +} + +// SetRequestedTokenType sets the RequestedTokenType field's value. +func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput { + s.RequestedTokenType = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput { + s.Scope = v + return s +} + +// SetSubjectToken sets the SubjectToken field's value. +func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput { + s.SubjectToken = &v + return s +} + +// SetSubjectTokenType sets the SubjectTokenType field's value. +func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput { + s.SubjectTokenType = &v + return s +} + +type CreateTokenWithIAMOutput struct { + _ struct{} `type:"structure"` + + // A bearer token to access AWS accounts and applications assigned to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` + + // Indicates the time in seconds when an access token will expire. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // A JSON Web Token (JWT) that identifies the user associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` + + // Indicates the type of tokens that are issued by IAM Identity Center. The + // following values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + IssuedTokenType *string `locationName:"issuedTokenType" type:"string"` + + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // The list of scopes for which authorization is granted. The access token that + // is issued is limited to the scopes that are granted. + Scope []*string `locationName:"scope" type:"list"` + + // Used to notify the requester that the returned token is an access token. + // The supported token type is Bearer. + TokenType *string `locationName:"tokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) GoString() string { + return s.String() +} + +// SetAccessToken sets the AccessToken field's value. +func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput { + s.AccessToken = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput { + s.ExpiresIn = &v + return s +} + +// SetIdToken sets the IdToken field's value. +func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput { + s.IdToken = &v + return s +} + +// SetIssuedTokenType sets the IssuedTokenType field's value. +func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput { + s.IssuedTokenType = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput { + s.RefreshToken = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput { + s.Scope = v + return s +} + +// SetTokenType sets the TokenType field's value. +func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput { + s.TokenType = &v + return s +} + // Indicates that the token issued by the service is expired and is no longer // valid. type ExpiredTokenException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be expired_token. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -756,8 +1212,11 @@ type InternalServerException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be server_error. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -826,8 +1285,11 @@ type InvalidClientException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_client. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -895,8 +1357,11 @@ type InvalidClientMetadataException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_client_metadata. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -964,8 +1429,11 @@ type InvalidGrantException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_grant. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1033,8 +1501,11 @@ type InvalidRequestException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_request. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1096,13 +1567,95 @@ func (s *InvalidRequestException) RequestID() string { return s.RespMetadata.RequestID } +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +type InvalidRequestRegionException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Indicates the IAM Identity Center endpoint which the requester may call with + // this token. + Endpoint *string `locationName:"endpoint" type:"string"` + + // Single error code. For this exception the value will be invalid_request. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` + + // Indicates the region which the requester may call with this token. + Region *string `locationName:"region" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error { + return &InvalidRequestRegionException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestRegionException) Code() string { + return "InvalidRequestRegionException" +} + +// Message returns the exception's message. +func (s *InvalidRequestRegionException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestRegionException) OrigErr() error { + return nil +} + +func (s *InvalidRequestRegionException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestRegionException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestRegionException) RequestID() string { + return s.RespMetadata.RequestID +} + // Indicates that the scope provided in the request is invalid. type InvalidScopeException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_scope. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1238,7 +1791,7 @@ func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput { type RegisterClientOutput struct { _ struct{} `type:"structure"` - // The endpoint where the client can request authorization. + // An endpoint that the client can use to request authorization. AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` // The unique identifier string for each client. This client uses this identifier @@ -1250,12 +1803,16 @@ type RegisterClientOutput struct { // A secret string generated for the client. The client will use this string // to get authenticated by the service in subsequent calls. - ClientSecret *string `locationName:"clientSecret" type:"string"` + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RegisterClientOutput's + // String and GoString methods. + ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"` // Indicates the time at which the clientId and clientSecret will become invalid. ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"` - // The endpoint where the client can get an access token. + // An endpoint that the client can use to create tokens. TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` } @@ -1319,8 +1876,11 @@ type SlowDownException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be slow_down. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1395,11 +1955,15 @@ type StartDeviceAuthorizationInput struct { // A secret string that is generated for the client. This value should come // from the persisted result of the RegisterClient API operation. // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's + // String and GoString methods. + // // ClientSecret is a required field - ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` - // The URL for the AWS access portal. For more information, see Using the AWS - // access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) + // The URL for the Amazon Web Services access portal. For more information, + // see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) // in the IAM Identity Center User Guide. // // StartUrl is a required field @@ -1550,8 +2114,11 @@ type UnauthorizedClientException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be unauthorized_client. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1618,8 +2185,11 @@ type UnsupportedGrantTypeException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be unsupported_grant_type. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go index 8b5ee6019af5e..083568c616ff0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go @@ -3,15 +3,13 @@ // Package ssooidc provides the client and types for making API // requests to AWS SSO OIDC. // -// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect -// (OIDC) is a web service that enables a client (such as AWS CLI or a native -// application) to register with IAM Identity Center. The service also enables -// the client to fetch the user’s access token upon successful authentication -// and authorization with IAM Identity Center. +// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a +// client (such as CLI or a native application) to register with IAM Identity +// Center. The service also enables the client to fetch the user’s access +// token upon successful authentication and authorization with IAM Identity +// Center. // -// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces -// will continue to retain their original name for backward compatibility purposes. -// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed). +// IAM Identity Center uses the sso and identitystore API namespaces. // // # Considerations for Using This Guide // @@ -22,21 +20,24 @@ // - The IAM Identity Center OIDC service currently implements only the portions // of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628 // (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single -// sign-on authentication with the AWS CLI. Support for other OIDC flows -// frequently needed for native applications, such as Authorization Code -// Flow (+ PKCE), will be addressed in future releases. +// sign-on authentication with the CLI. // -// - The service emits only OIDC access tokens, such that obtaining a new -// token (For example, token refresh) requires explicit user re-authentication. +// - With older versions of the CLI, the service only emits OIDC access tokens, +// so to obtain a new token, users must explicitly re-authenticate. To access +// the OIDC flow that supports token refresh and doesn’t require re-authentication, +// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI +// V2) with support for OIDC token refresh and configurable IAM Identity +// Center session durations. For more information, see Configure Amazon Web +// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html). // -// - The access tokens provided by this service grant access to all AWS account -// entitlements assigned to an IAM Identity Center user, not just a particular -// application. +// - The access tokens provided by this service grant access to all Amazon +// Web Services account entitlements assigned to an IAM Identity Center user, +// not just a particular application. // // - The documentation in this guide does not describe the mechanism to convert -// the access token into AWS Auth (“sigv4”) credentials for use with -// IAM-protected AWS service endpoints. For more information, see GetRoleCredentials -// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) +// the access token into Amazon Web Services Auth (“sigv4”) credentials +// for use with IAM-protected Amazon Web Services service endpoints. For +// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) // in the IAM Identity Center Portal API Reference Guide. // // For general information about IAM Identity Center, see What is IAM Identity diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go index 69837701268e7..e6242e4928de0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go @@ -64,6 +64,13 @@ const ( // a required parameter might be missing or out of range. ErrCodeInvalidRequestException = "InvalidRequestException" + // ErrCodeInvalidRequestRegionException for service response error code + // "InvalidRequestRegionException". + // + // Indicates that a token provided as input to the request was issued by and + // is only usable by calling IAM Identity Center endpoints in another region. + ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException" + // ErrCodeInvalidScopeException for service response error code // "InvalidScopeException". // @@ -100,6 +107,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "InvalidClientMetadataException": newErrorInvalidClientMetadataException, "InvalidGrantException": newErrorInvalidGrantException, "InvalidRequestException": newErrorInvalidRequestException, + "InvalidRequestRegionException": newErrorInvalidRequestRegionException, "InvalidScopeException": newErrorInvalidScopeException, "SlowDownException": newErrorSlowDownException, "UnauthorizedClientException": newErrorUnauthorizedClientException, diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go index 969f33c37b830..782bae3692d02 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go @@ -51,7 +51,7 @@ const ( func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC { c := p.ClientConfig(EndpointsID, cfgs...) if c.SigningNameDerived || len(c.SigningName) == 0 { - c.SigningName = "awsssooidc" + c.SigningName = "sso-oauth" } return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 7ac6b93f442b9..2c395f5f6738a 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -1460,6 +1460,17 @@ type AssumeRoleInput struct { // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` + // A list of previously acquired trusted context assertions in the format of + // a JSON array. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. + // + // The following is an example of a ProvidedContext value that includes a single + // trusted context assertion and the ARN of the context provider from which + // the trusted context assertion was generated. + // + // [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}] + ProvidedContexts []*ProvidedContext `type:"list"` + // The Amazon Resource Name (ARN) of the role to assume. // // RoleArn is a required field @@ -1633,6 +1644,16 @@ func (s *AssumeRoleInput) Validate() error { } } } + if s.ProvidedContexts != nil { + for i, v := range s.ProvidedContexts { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ProvidedContexts", i), err.(request.ErrInvalidParams)) + } + } + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -1674,6 +1695,12 @@ func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleIn return s } +// SetProvidedContexts sets the ProvidedContexts field's value. +func (s *AssumeRoleInput) SetProvidedContexts(v []*ProvidedContext) *AssumeRoleInput { + s.ProvidedContexts = v + return s +} + // SetRoleArn sets the RoleArn field's value. func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput { s.RoleArn = &v @@ -2266,7 +2293,8 @@ type AssumeRoleWithWebIdentityInput struct { // The OAuth 2.0 access token or OpenID Connect ID token that is provided by // the identity provider. Your application must get this token by authenticating // the user who is using your application with a web identity provider before - // the application makes an AssumeRoleWithWebIdentity call. + // the application makes an AssumeRoleWithWebIdentity call. Only tokens with + // RSA algorithms (RS256) are supported. // // WebIdentityToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by AssumeRoleWithWebIdentityInput's @@ -3385,6 +3413,67 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { return s } +// Contains information about the provided context. This includes the signed +// and encrypted trusted context assertion and the context provider ARN from +// which the trusted context assertion was generated. +type ProvidedContext struct { + _ struct{} `type:"structure"` + + // The signed and encrypted trusted context assertion generated by the context + // provider. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. + ContextAssertion *string `min:"4" type:"string"` + + // The context provider ARN from which the trusted context assertion was generated. + ProviderArn *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvidedContext) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvidedContext) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ProvidedContext) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ProvidedContext"} + if s.ContextAssertion != nil && len(*s.ContextAssertion) < 4 { + invalidParams.Add(request.NewErrParamMinLen("ContextAssertion", 4)) + } + if s.ProviderArn != nil && len(*s.ProviderArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("ProviderArn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetContextAssertion sets the ContextAssertion field's value. +func (s *ProvidedContext) SetContextAssertion(v string) *ProvidedContext { + s.ContextAssertion = &v + return s +} + +// SetProviderArn sets the ProviderArn field's value. +func (s *ProvidedContext) SetProviderArn(v string) *ProvidedContext { + s.ProviderArn = &v + return s +} + // You can pass custom key-value pair attributes when you assume a role or federate // a user. These are called session tags. You can then use the session tags // to control access to resources. For more information, see Tagging Amazon diff --git a/vendor/modules.txt b/vendor/modules.txt index 265e155f1c58c..502037c43438e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,8 +94,8 @@ github.com/aws/amazon-ec2-instance-selector/v2/pkg/instancetypes github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector/outputs github.com/aws/amazon-ec2-instance-selector/v2/pkg/sorter -# github.com/aws/aws-sdk-go v1.44.298 -## explicit; go 1.11 +# github.com/aws/aws-sdk-go v1.49.24 +## explicit; go 1.19 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn github.com/aws/aws-sdk-go/aws/auth/bearer