diff --git a/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go
new file mode 100644
index 000000000..1c4967429
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go
@@ -0,0 +1,93 @@
+// Package arn provides a parser for interacting with Amazon Resource Names.
+package arn
+
+import (
+ "errors"
+ "strings"
+)
+
+const (
+ arnDelimiter = ":"
+ arnSections = 6
+ arnPrefix = "arn:"
+
+ // zero-indexed
+ sectionPartition = 1
+ sectionService = 2
+ sectionRegion = 3
+ sectionAccountID = 4
+ sectionResource = 5
+
+ // errors
+ invalidPrefix = "arn: invalid prefix"
+ invalidSections = "arn: not enough sections"
+)
+
+// ARN captures the individual fields of an Amazon Resource Name.
+// See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more information.
+type ARN struct {
+ // The partition that the resource is in. For standard AWS regions, the partition is "aws". If you have resources in
+ // other partitions, the partition is "aws-partitionname". For example, the partition for resources in the China
+ // (Beijing) region is "aws-cn".
+ Partition string
+
+ // The service namespace that identifies the AWS product (for example, Amazon S3, IAM, or Amazon RDS). For a list of
+ // namespaces, see
+ // http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces.
+ Service string
+
+ // The region the resource resides in. Note that the ARNs for some resources do not require a region, so this
+ // component might be omitted.
+ Region string
+
+ // The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the
+ // ARNs for some resources don't require an account number, so this component might be omitted.
+ AccountID string
+
+ // The content of this part of the ARN varies by service. It often includes an indicator of the type of resource —
+ // for example, an IAM user or Amazon RDS database - followed by a slash (/) or a colon (:), followed by the
+ // resource name itself. Some services allows paths for resource names, as described in
+ // http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-paths.
+ Resource string
+}
+
+// Parse parses an ARN into its constituent parts.
+//
+// Some example ARNs:
+// arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment
+// arn:aws:iam::123456789012:user/David
+// arn:aws:rds:eu-west-1:123456789012:db:mysql-db
+// arn:aws:s3:::my_corporate_bucket/exampleobject.png
+func Parse(arn string) (ARN, error) {
+ if !strings.HasPrefix(arn, arnPrefix) {
+ return ARN{}, errors.New(invalidPrefix)
+ }
+ sections := strings.SplitN(arn, arnDelimiter, arnSections)
+ if len(sections) != arnSections {
+ return ARN{}, errors.New(invalidSections)
+ }
+ return ARN{
+ Partition: sections[sectionPartition],
+ Service: sections[sectionService],
+ Region: sections[sectionRegion],
+ AccountID: sections[sectionAccountID],
+ Resource: sections[sectionResource],
+ }, nil
+}
+
+// IsARN returns whether the given string is an ARN by looking for
+// whether the string starts with "arn:" and contains the correct number
+// of sections delimited by colons(:).
+func IsARN(arn string) bool {
+ return strings.HasPrefix(arn, arnPrefix) && strings.Count(arn, ":") >= arnSections-1
+}
+
+// String returns the canonical representation of the ARN
+func (arn ARN) String() string {
+ return arnPrefix +
+ arn.Partition + arnDelimiter +
+ arn.Service + arnDelimiter +
+ arn.Region + arnDelimiter +
+ arn.AccountID + arnDelimiter +
+ arn.Resource
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
index 285e54d67..a4eb6a7f4 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
@@ -70,7 +70,7 @@ func rValuesAtPath(v interface{}, path string, createPath, caseSensitive, nilTer
value = value.FieldByNameFunc(func(name string) bool {
if c == name {
return true
- } else if !caseSensitive && strings.ToLower(name) == strings.ToLower(c) {
+ } else if !caseSensitive && strings.EqualFold(name, c) {
return true
}
return false
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
index c022407f5..03334d692 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go
@@ -12,6 +12,7 @@ import (
type Config struct {
Config *aws.Config
Handlers request.Handlers
+ PartitionID string
Endpoint string
SigningRegion string
SigningName string
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
index 0fda42510..9f6af19dd 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go
@@ -16,11 +16,11 @@ import (
type DefaultRetryer struct {
// Num max Retries is the number of max retries that will be performed.
// By default, this is zero.
- NumMaxRetries int
+ NumMaxRetries int
// MinRetryDelay is the minimum retry delay after which retry will be performed.
// If not set, the value is 0ns.
- MinRetryDelay time.Duration
+ MinRetryDelay time.Duration
// MinThrottleRetryDelay is the minimum retry delay when throttled.
// If not set, the value is 0ns.
@@ -28,7 +28,7 @@ type DefaultRetryer struct {
// MaxRetryDelay is the maximum retry delay before which retry must be performed.
// If not set, the value is 0ns.
- MaxRetryDelay time.Duration
+ MaxRetryDelay time.Duration
// MaxThrottleDelay is the maximum retry delay when throttled.
// If not set, the value is 0ns.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
index 920e9fddf..0c48f72e0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
@@ -5,6 +5,7 @@ type ClientInfo struct {
ServiceName string
ServiceID string
APIVersion string
+ PartitionID string
Endpoint string
SigningName string
SigningRegion string
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go
index fd1e240f6..2c002e152 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go
@@ -43,7 +43,7 @@ type Config struct {
// An optional endpoint URL (hostname only or fully qualified URI)
// that overrides the default generated endpoint for a client. Set this
- // to `""` to use the default generated endpoint.
+ // to `nil` to use the default generated endpoint.
//
// Note: You must still provide a `Region` value when specifying an
// endpoint for a client.
@@ -161,6 +161,17 @@ type Config struct {
// on GetObject API calls.
S3DisableContentMD5Validation *bool
+ // Set this to `true` to have the S3 service client to use the region specified
+ // in the ARN, when an ARN is provided as an argument to a bucket parameter.
+ S3UseARNRegion *bool
+
+ // Set this to `true` to enable the SDK to unmarshal API response header maps to
+ // normalized lower case map keys.
+ //
+ // For example S3's X-Amz-Meta prefixed header will be unmarshaled to lower case
+ // Metadata member's map keys. The value of the header in the map is unaffected.
+ LowerCaseHeaderMaps *bool
+
// Set this to `true` to disable the EC2Metadata client from overriding the
// default http.Client's Timeout. This is helpful if you do not want the
// EC2Metadata client to create a new http.Client. This options is only
@@ -227,6 +238,7 @@ type Config struct {
// EnableEndpointDiscovery will allow for endpoint discovery on operations that
// have the definition in its model. By default, endpoint discovery is off.
+ // To use EndpointDiscovery, Endpoint should be unset or set to an empty string.
//
// Example:
// sess := session.Must(session.NewSession(&aws.Config{
@@ -246,6 +258,12 @@ type Config struct {
// Disabling this feature is useful when you want to use local endpoints
// for testing that do not support the modeled host prefix pattern.
DisableEndpointHostPrefix *bool
+
+ // STSRegionalEndpoint will enable regional or legacy endpoint resolving
+ STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+ // S3UsEast1RegionalEndpoint will enable regional or legacy endpoint resolving
+ S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
}
// NewConfig returns a new Config pointer that can be chained with builder
@@ -379,6 +397,13 @@ func (c *Config) WithS3DisableContentMD5Validation(enable bool) *Config {
}
+// WithS3UseARNRegion sets a config S3UseARNRegion value and
+// returning a Config pointer for chaining
+func (c *Config) WithS3UseARNRegion(enable bool) *Config {
+ c.S3UseARNRegion = &enable
+ return c
+}
+
// WithUseDualStack sets a config UseDualStack value returning a Config
// pointer for chaining.
func (c *Config) WithUseDualStack(enable bool) *Config {
@@ -420,6 +445,20 @@ func (c *Config) MergeIn(cfgs ...*Config) {
}
}
+// WithSTSRegionalEndpoint will set whether or not to use regional endpoint flag
+// when resolving the endpoint for a service
+func (c *Config) WithSTSRegionalEndpoint(sre endpoints.STSRegionalEndpoint) *Config {
+ c.STSRegionalEndpoint = sre
+ return c
+}
+
+// WithS3UsEast1RegionalEndpoint will set whether or not to use regional endpoint flag
+// when resolving the endpoint for a service
+func (c *Config) WithS3UsEast1RegionalEndpoint(sre endpoints.S3UsEast1RegionalEndpoint) *Config {
+ c.S3UsEast1RegionalEndpoint = sre
+ return c
+}
+
func mergeInConfig(dst *Config, other *Config) {
if other == nil {
return
@@ -493,6 +532,10 @@ func mergeInConfig(dst *Config, other *Config) {
dst.S3DisableContentMD5Validation = other.S3DisableContentMD5Validation
}
+ if other.S3UseARNRegion != nil {
+ dst.S3UseARNRegion = other.S3UseARNRegion
+ }
+
if other.UseDualStack != nil {
dst.UseDualStack = other.UseDualStack
}
@@ -520,6 +563,14 @@ func mergeInConfig(dst *Config, other *Config) {
if other.DisableEndpointHostPrefix != nil {
dst.DisableEndpointHostPrefix = other.DisableEndpointHostPrefix
}
+
+ if other.STSRegionalEndpoint != endpoints.UnsetSTSEndpoint {
+ dst.STSRegionalEndpoint = other.STSRegionalEndpoint
+ }
+
+ if other.S3UsEast1RegionalEndpoint != endpoints.UnsetS3UsEast1Endpoint {
+ dst.S3UsEast1RegionalEndpoint = other.S3UsEast1RegionalEndpoint
+ }
}
// Copy will return a shallow copy of the Config object. If any additional
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
index 66c5945db..2f9446333 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
@@ -2,42 +2,8 @@
package aws
-import "time"
-
-// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
-// provide a 1.6 and 1.5 safe version of context that is compatible with Go
-// 1.7's Context.
-//
-// An emptyCtx is never canceled, has no values, and has no deadline. It is not
-// struct{}, since vars of this type must have distinct addresses.
-type emptyCtx int
-
-func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
- return
-}
-
-func (*emptyCtx) Done() <-chan struct{} {
- return nil
-}
-
-func (*emptyCtx) Err() error {
- return nil
-}
-
-func (*emptyCtx) Value(key interface{}) interface{} {
- return nil
-}
-
-func (e *emptyCtx) String() string {
- switch e {
- case backgroundCtx:
- return "aws.BackgroundContext"
- }
- return "unknown empty Context"
-}
-
-var (
- backgroundCtx = new(emptyCtx)
+import (
+ "github.com/aws/aws-sdk-go/internal/context"
)
// BackgroundContext returns a context that will never be canceled, has no
@@ -52,5 +18,5 @@ var (
//
// See https://golang.org/pkg/context for more information on Contexts.
func BackgroundContext() Context {
- return backgroundCtx
+ return context.BackgroundCtx
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
index 0c60e612e..aa902d708 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
@@ -161,7 +161,7 @@ func handleSendError(r *request.Request, err error) {
}
// Catch all request errors, and let the default retrier determine
// if the error is retryable.
- r.Error = awserr.New("RequestError", "send request failed", err)
+ r.Error = awserr.New(request.ErrCodeRequestError, "send request failed", err)
// Override the error with a context canceled error, if that was canceled.
ctx := r.Context()
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
new file mode 100644
index 000000000..5852b2648
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
@@ -0,0 +1,22 @@
+// +build !go1.7
+
+package credentials
+
+import (
+ "github.com/aws/aws-sdk-go/internal/context"
+)
+
+// backgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func backgroundContext() Context {
+ return context.BackgroundCtx
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
new file mode 100644
index 000000000..388b21541
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
@@ -0,0 +1,20 @@
+// +build go1.7
+
+package credentials
+
+import "context"
+
+// backgroundContext returns a context that will never be canceled, has no
+// values, and no deadline. This context is used by the SDK to provide
+// backwards compatibility with non-context API operations and functionality.
+//
+// Go 1.6 and before:
+// This context function is equivalent to context.Background in the Go stdlib.
+//
+// Go 1.7 and later:
+// The context returned will be the value returned by context.Background()
+//
+// See https://golang.org/pkg/context for more information on Contexts.
+func backgroundContext() Context {
+ return context.Background()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
new file mode 100644
index 000000000..8152a864a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
@@ -0,0 +1,39 @@
+// +build !go1.9
+
+package credentials
+
+import "time"
+
+// Context is an copy of the Go v1.7 stdlib's context.Context interface.
+// It is represented as a SDK interface to enable you to use the "WithContext"
+// API methods with Go v1.6 and a Context type such as golang.org/x/net/context.
+//
+// This type, aws.Context, and context.Context are equivalent.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context interface {
+ // Deadline returns the time when work done on behalf of this context
+ // should be canceled. Deadline returns ok==false when no deadline is
+ // set. Successive calls to Deadline return the same results.
+ Deadline() (deadline time.Time, ok bool)
+
+ // Done returns a channel that's closed when work done on behalf of this
+ // context should be canceled. Done may return nil if this context can
+ // never be canceled. Successive calls to Done return the same value.
+ Done() <-chan struct{}
+
+ // Err returns a non-nil error value after Done is closed. Err returns
+ // Canceled if the context was canceled or DeadlineExceeded if the
+ // context's deadline passed. No other values for Err are defined.
+ // After Done is closed, successive calls to Err return the same value.
+ Err() error
+
+ // Value returns the value associated with this context for key, or nil
+ // if no value is associated with key. Successive calls to Value with
+ // the same key returns the same result.
+ //
+ // Use context values only for request-scoped data that transits
+ // processes and API boundaries, not for passing optional parameters to
+ // functions.
+ Value(key interface{}) interface{}
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
new file mode 100644
index 000000000..4356edb3d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
@@ -0,0 +1,13 @@
+// +build go1.9
+
+package credentials
+
+import "context"
+
+// Context is an alias of the Go stdlib's context.Context interface.
+// It can be used within the SDK's API operation "WithContext" methods.
+//
+// This type, aws.Context, and context.Context are equivalent.
+//
+// See https://golang.org/pkg/context on how to use contexts.
+type Context = context.Context
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
index 4af592158..9f8fd92a5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
@@ -50,10 +50,11 @@ package credentials
import (
"fmt"
- "sync"
+ "sync/atomic"
"time"
"github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/internal/sync/singleflight"
)
// AnonymousCredentials is an empty Credential object that can be used as
@@ -106,6 +107,13 @@ type Provider interface {
IsExpired() bool
}
+// ProviderWithContext is a Provider that can retrieve credentials with a Context
+type ProviderWithContext interface {
+ Provider
+
+ RetrieveWithContext(Context) (Value, error)
+}
+
// An Expirer is an interface that Providers can implement to expose the expiration
// time, if known. If the Provider cannot accurately provide this info,
// it should not implement this interface.
@@ -197,24 +205,24 @@ func (e *Expiry) ExpiresAt() time.Time {
// first instance of the credentials Value. All calls to Get() after that
// will return the cached credentials Value until IsExpired() returns true.
type Credentials struct {
- creds Value
- forceRefresh bool
-
- m sync.RWMutex
+ creds atomic.Value
+ sf singleflight.Group
provider Provider
}
// NewCredentials returns a pointer to a new Credentials with the provider set.
func NewCredentials(provider Provider) *Credentials {
- return &Credentials{
- provider: provider,
- forceRefresh: true,
+ c := &Credentials{
+ provider: provider,
}
+ c.creds.Store(Value{})
+ return c
}
-// Get returns the credentials value, or error if the credentials Value failed
-// to be retrieved.
+// GetWithContext returns the credentials value, or error if the credentials
+// Value failed to be retrieved. Will return early if the passed in context is
+// canceled.
//
// Will return the cached credentials Value if it has not expired. If the
// credentials Value has expired the Provider's Retrieve() will be called
@@ -222,31 +230,56 @@ func NewCredentials(provider Provider) *Credentials {
//
// If Credentials.Expire() was called the credentials Value will be force
// expired, and the next call to Get() will cause them to be refreshed.
-func (c *Credentials) Get() (Value, error) {
- // Check the cached credentials first with just the read lock.
- c.m.RLock()
- if !c.isExpired() {
- creds := c.creds
- c.m.RUnlock()
- return creds, nil
+//
+// Passed in Context is equivalent to aws.Context, and context.Context.
+func (c *Credentials) GetWithContext(ctx Context) (Value, error) {
+ if curCreds := c.creds.Load(); !c.isExpired(curCreds) {
+ return curCreds.(Value), nil
}
- c.m.RUnlock()
-
- // Credentials are expired need to retrieve the credentials taking the full
- // lock.
- c.m.Lock()
- defer c.m.Unlock()
-
- if c.isExpired() {
- creds, err := c.provider.Retrieve()
- if err != nil {
- return Value{}, err
- }
- c.creds = creds
- c.forceRefresh = false
+
+ // Cannot pass context down to the actual retrieve, because the first
+ // context would cancel the whole group when there is not direct
+ // association of items in the group.
+ resCh := c.sf.DoChan("", func() (interface{}, error) {
+ return c.singleRetrieve(&suppressedContext{ctx})
+ })
+ select {
+ case res := <-resCh:
+ return res.Val.(Value), res.Err
+ case <-ctx.Done():
+ return Value{}, awserr.New("RequestCanceled",
+ "request context canceled", ctx.Err())
}
+}
- return c.creds, nil
+func (c *Credentials) singleRetrieve(ctx Context) (creds interface{}, err error) {
+ if curCreds := c.creds.Load(); !c.isExpired(curCreds) {
+ return curCreds.(Value), nil
+ }
+
+ if p, ok := c.provider.(ProviderWithContext); ok {
+ creds, err = p.RetrieveWithContext(ctx)
+ } else {
+ creds, err = c.provider.Retrieve()
+ }
+ if err == nil {
+ c.creds.Store(creds)
+ }
+
+ return creds, err
+}
+
+// Get returns the credentials value, or error if the credentials Value failed
+// to be retrieved.
+//
+// Will return the cached credentials Value if it has not expired. If the
+// credentials Value has expired the Provider's Retrieve() will be called
+// to refresh the credentials.
+//
+// If Credentials.Expire() was called the credentials Value will be force
+// expired, and the next call to Get() will cause them to be refreshed.
+func (c *Credentials) Get() (Value, error) {
+ return c.GetWithContext(backgroundContext())
}
// Expire expires the credentials and forces them to be retrieved on the
@@ -255,10 +288,7 @@ func (c *Credentials) Get() (Value, error) {
// This will override the Provider's expired state, and force Credentials
// to call the Provider's Retrieve().
func (c *Credentials) Expire() {
- c.m.Lock()
- defer c.m.Unlock()
-
- c.forceRefresh = true
+ c.creds.Store(Value{})
}
// IsExpired returns if the credentials are no longer valid, and need
@@ -267,33 +297,43 @@ func (c *Credentials) Expire() {
// If the Credentials were forced to be expired with Expire() this will
// reflect that override.
func (c *Credentials) IsExpired() bool {
- c.m.RLock()
- defer c.m.RUnlock()
-
- return c.isExpired()
+ return c.isExpired(c.creds.Load())
}
// isExpired helper method wrapping the definition of expired credentials.
-func (c *Credentials) isExpired() bool {
- return c.forceRefresh || c.provider.IsExpired()
+func (c *Credentials) isExpired(creds interface{}) bool {
+ return creds == nil || creds.(Value) == Value{} || c.provider.IsExpired()
}
// ExpiresAt provides access to the functionality of the Expirer interface of
// the underlying Provider, if it supports that interface. Otherwise, it returns
// an error.
func (c *Credentials) ExpiresAt() (time.Time, error) {
- c.m.RLock()
- defer c.m.RUnlock()
-
expirer, ok := c.provider.(Expirer)
if !ok {
return time.Time{}, awserr.New("ProviderNotExpirer",
- fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.ProviderName),
+ fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.Load().(Value).ProviderName),
nil)
}
- if c.forceRefresh {
+ if c.creds.Load().(Value) == (Value{}) {
// set expiration time to the distant past
return time.Time{}, nil
}
return expirer.ExpiresAt(), nil
}
+
+type suppressedContext struct {
+ Context
+}
+
+func (s *suppressedContext) Deadline() (deadline time.Time, ok bool) {
+ return time.Time{}, false
+}
+
+func (s *suppressedContext) Done() <-chan struct{} {
+ return nil
+}
+
+func (s *suppressedContext) Err() error {
+ return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
index 43d4ed386..92af5b725 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
@@ -7,6 +7,7 @@ import (
"strings"
"time"
+ "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/credentials"
@@ -87,7 +88,14 @@ func NewCredentialsWithClient(client *ec2metadata.EC2Metadata, options ...func(*
// Error will be returned if the request fails, or unable to extract
// the desired credentials.
func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
- credsList, err := requestCredList(m.Client)
+ return m.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext retrieves credentials from the EC2 service.
+// Error will be returned if the request fails, or unable to extract
+// the desired credentials.
+func (m *EC2RoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+ credsList, err := requestCredList(ctx, m.Client)
if err != nil {
return credentials.Value{ProviderName: ProviderName}, err
}
@@ -97,7 +105,7 @@ func (m *EC2RoleProvider) Retrieve() (credentials.Value, error) {
}
credsName := credsList[0]
- roleCreds, err := requestCred(m.Client, credsName)
+ roleCreds, err := requestCred(ctx, m.Client, credsName)
if err != nil {
return credentials.Value{ProviderName: ProviderName}, err
}
@@ -130,8 +138,8 @@ const iamSecurityCredsPath = "iam/security-credentials/"
// requestCredList requests a list of credentials from the EC2 service.
// If there are no credentials, or there is an error making or receiving the request
-func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
- resp, err := client.GetMetadata(iamSecurityCredsPath)
+func requestCredList(ctx aws.Context, client *ec2metadata.EC2Metadata) ([]string, error) {
+ resp, err := client.GetMetadataWithContext(ctx, iamSecurityCredsPath)
if err != nil {
return nil, awserr.New("EC2RoleRequestError", "no EC2 instance role found", err)
}
@@ -154,8 +162,8 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
//
// If the credentials cannot be found, or there is an error reading the response
// and error will be returned.
-func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCredRespBody, error) {
- resp, err := client.GetMetadata(sdkuri.PathJoin(iamSecurityCredsPath, credsName))
+func requestCred(ctx aws.Context, client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCredRespBody, error) {
+ resp, err := client.GetMetadataWithContext(ctx, sdkuri.PathJoin(iamSecurityCredsPath, credsName))
if err != nil {
return ec2RoleCredRespBody{},
awserr.New("EC2RoleRequestError",
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
index 1a7af53a4..785f30d8e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
@@ -116,7 +116,13 @@ func (p *Provider) IsExpired() bool {
// Retrieve will attempt to request the credentials from the endpoint the Provider
// was configured for. And error will be returned if the retrieval fails.
func (p *Provider) Retrieve() (credentials.Value, error) {
- resp, err := p.getCredentials()
+ return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext will attempt to request the credentials from the endpoint the Provider
+// was configured for. And error will be returned if the retrieval fails.
+func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+ resp, err := p.getCredentials(ctx)
if err != nil {
return credentials.Value{ProviderName: ProviderName},
awserr.New("CredentialsEndpointError", "failed to load credentials", err)
@@ -148,7 +154,7 @@ type errorOutput struct {
Message string `json:"message"`
}
-func (p *Provider) getCredentials() (*getCredentialsOutput, error) {
+func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error) {
op := &request.Operation{
Name: "GetCredentials",
HTTPMethod: "GET",
@@ -156,6 +162,7 @@ func (p *Provider) getCredentials() (*getCredentialsOutput, error) {
out := &getCredentialsOutput{}
req := p.Client.NewRequest(op, nil, out)
+ req.SetContext(ctx)
req.HTTPRequest.Header.Set("Accept", "application/json")
if authToken := p.AuthorizationToken; len(authToken) != 0 {
req.HTTPRequest.Header.Set("Authorization", authToken)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
index 1980c8c14..e62483600 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go
@@ -90,6 +90,7 @@ import (
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/internal/sdkio"
)
const (
@@ -142,7 +143,7 @@ const (
// DefaultBufSize limits buffer size from growing to an enormous
// amount due to a faulty process.
- DefaultBufSize = 1024
+ DefaultBufSize = int(8 * sdkio.KibiByte)
// DefaultTimeout default limit on time a process can run.
DefaultTimeout = time.Duration(1) * time.Minute
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
index e15514958..22b5c5d9f 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/shared_credentials_provider.go
@@ -17,8 +17,9 @@ var (
ErrSharedCredentialsHomeNotFound = awserr.New("UserHomeNotFound", "user home directory not found.", nil)
)
-// A SharedCredentialsProvider retrieves credentials from the current user's home
-// directory, and keeps track if those credentials are expired.
+// A SharedCredentialsProvider retrieves access key pair (access key ID,
+// secret access key, and session token if present) credentials from the current
+// user's home directory, and keeps track if those credentials are expired.
//
// Profile ini file example: $HOME/.aws/credentials
type SharedCredentialsProvider struct {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
index 531139e39..cbba1e3d5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go
@@ -19,7 +19,9 @@ type StaticProvider struct {
}
// NewStaticCredentials returns a pointer to a new Credentials object
-// wrapping a static credentials value provider.
+// wrapping a static credentials value provider. Token is only required
+// for temporary security credentials retrieved via STS, otherwise an empty
+// string can be passed for this parameter.
func NewStaticCredentials(id, secret, token string) *Credentials {
return NewCredentials(&StaticProvider{Value: Value{
AccessKeyID: id,
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
index 2e528d130..6846ef6f8 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@@ -87,6 +87,7 @@ import (
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/internal/sdkrand"
"github.com/aws/aws-sdk-go/service/sts"
)
@@ -118,6 +119,10 @@ type AssumeRoler interface {
AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
}
+type assumeRolerWithContext interface {
+ AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
+}
+
// DefaultDuration is the default amount of time in minutes that the credentials
// will be valid for.
var DefaultDuration = time.Duration(15) * time.Minute
@@ -144,6 +149,13 @@ type AssumeRoleProvider struct {
// Session name, if you wish to reuse the credentials elsewhere.
RoleSessionName string
+ // Optional, you can pass tag key-value pairs to your session. These tags are called session tags.
+ Tags []*sts.Tag
+
+ // A list of keys for session tags that you want to set as transitive.
+ // If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
+ TransitiveTagKeys []*string
+
// Expiry duration of the STS credentials. Defaults to 15 minutes if not set.
Duration time.Duration
@@ -157,6 +169,29 @@ type AssumeRoleProvider struct {
// size.
Policy *string
+ // The ARNs of IAM managed policies you want to use as managed session policies.
+ // The policies must exist in the same account as the role.
+ //
+ // This parameter is optional. You can provide up to 10 managed policy ARNs.
+ // However, the plain text that you use for both inline and managed session
+ // policies can't exceed 2,048 characters.
+ //
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
+ //
+ // Passing policies to this operation returns new temporary credentials. The
+ // resulting session's permissions are the intersection of the role's identity-based
+ // policy and the session policies. You can use the role's temporary credentials
+ // in subsequent AWS API calls to access resources in the account that owns
+ // the role. You cannot use session policies to grant more permissions than
+ // those allowed by the identity-based policy of the role that is being assumed.
+ // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ PolicyArns []*sts.PolicyDescriptorType
+
// The identification number of the MFA device that is associated with the user
// who is making the AssumeRole call. Specify this value if the trust policy
// of the role being assumed includes a condition that requires MFA authentication.
@@ -258,6 +293,11 @@ func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(*
// Retrieve generates a new set of temporary credentials using STS.
func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
+ return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext generates a new set of temporary credentials using STS.
+func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
// Apply defaults where parameters are not set.
if p.RoleSessionName == "" {
// Try to work out a role name that will hopefully end up unique.
@@ -269,10 +309,13 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
}
jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration))
input := &sts.AssumeRoleInput{
- DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)),
- RoleArn: aws.String(p.RoleARN),
- RoleSessionName: aws.String(p.RoleSessionName),
- ExternalId: p.ExternalID,
+ DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)),
+ RoleArn: aws.String(p.RoleARN),
+ RoleSessionName: aws.String(p.RoleSessionName),
+ ExternalId: p.ExternalID,
+ Tags: p.Tags,
+ PolicyArns: p.PolicyArns,
+ TransitiveTagKeys: p.TransitiveTagKeys,
}
if p.Policy != nil {
input.Policy = p.Policy
@@ -295,7 +338,15 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
}
}
- roleOutput, err := p.Client.AssumeRole(input)
+ var roleOutput *sts.AssumeRoleOutput
+ var err error
+
+ if c, ok := p.Client.(assumeRolerWithContext); ok {
+ roleOutput, err = c.AssumeRoleWithContext(ctx, input)
+ } else {
+ roleOutput, err = p.Client.AssumeRole(input)
+ }
+
if err != nil {
return credentials.Value{ProviderName: ProviderName}, err
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
index b20b63394..6feb262b2 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
@@ -28,15 +28,34 @@ const (
// compare test values.
var now = time.Now
+// TokenFetcher shuold return WebIdentity token bytes or an error
+type TokenFetcher interface {
+ FetchToken(credentials.Context) ([]byte, error)
+}
+
+// FetchTokenPath is a path to a WebIdentity token file
+type FetchTokenPath string
+
+// FetchToken returns a token by reading from the filesystem
+func (f FetchTokenPath) FetchToken(ctx credentials.Context) ([]byte, error) {
+ data, err := ioutil.ReadFile(string(f))
+ if err != nil {
+ errMsg := fmt.Sprintf("unable to read file at %s", f)
+ return nil, awserr.New(ErrCodeWebIdentity, errMsg, err)
+ }
+ return data, nil
+}
+
// WebIdentityRoleProvider is used to retrieve credentials using
// an OIDC token.
type WebIdentityRoleProvider struct {
credentials.Expiry
+ PolicyArns []*sts.PolicyDescriptorType
client stsiface.STSAPI
ExpiryWindow time.Duration
- tokenFilePath string
+ tokenFetcher TokenFetcher
roleARN string
roleSessionName string
}
@@ -52,9 +71,15 @@ func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName
// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
// provided stsiface.STSAPI
func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
+ return NewWebIdentityRoleProviderWithToken(svc, roleARN, roleSessionName, FetchTokenPath(path))
+}
+
+// NewWebIdentityRoleProviderWithToken will return a new WebIdentityRoleProvider with the
+// provided stsiface.STSAPI and a TokenFetcher
+func NewWebIdentityRoleProviderWithToken(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher) *WebIdentityRoleProvider {
return &WebIdentityRoleProvider{
client: svc,
- tokenFilePath: path,
+ tokenFetcher: tokenFetcher,
roleARN: roleARN,
roleSessionName: roleSessionName,
}
@@ -64,10 +89,16 @@ func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, p
// 'WebIdentityTokenFilePath' specified destination and if that is empty an
// error will be returned.
func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
- b, err := ioutil.ReadFile(p.tokenFilePath)
+ return p.RetrieveWithContext(aws.BackgroundContext())
+}
+
+// RetrieveWithContext will attempt to assume a role from a token which is located at
+// 'WebIdentityTokenFilePath' specified destination and if that is empty an
+// error will be returned.
+func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
+ b, err := p.tokenFetcher.FetchToken(ctx)
if err != nil {
- errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath)
- return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err)
+ return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed fetching WebIdentity token: ", err)
}
sessionName := p.roleSessionName
@@ -77,10 +108,14 @@ func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
sessionName = strconv.FormatInt(now().UnixNano(), 10)
}
req, resp := p.client.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{
+ PolicyArns: p.PolicyArns,
RoleArn: &p.roleARN,
RoleSessionName: &sessionName,
WebIdentityToken: aws.String(string(b)),
})
+
+ req.SetContext(ctx)
+
// InvalidIdentityToken error is a temporary error that can occur
// when assuming an Role with a JWT web identity token.
req.RetryErrorCodes = append(req.RetryErrorCodes, sts.ErrCodeInvalidIdentityTokenException)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
index c7008d8c3..835bcd49c 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
@@ -66,7 +66,6 @@ func (rep *Reporter) sendAPICallAttemptMetric(r *request.Request) {
XAmzRequestID: aws.String(r.RequestID),
- AttemptCount: aws.Int(r.RetryCount + 1),
AttemptLatency: aws.Int(int(now.Sub(r.AttemptTime).Nanoseconds() / int64(time.Millisecond))),
AccessKey: aws.String(creds.AccessKeyID),
}
@@ -90,7 +89,7 @@ func getMetricException(err awserr.Error) metricException {
code := err.Code()
switch code {
- case "RequestError",
+ case request.ErrCodeRequestError,
request.ErrCodeSerialization,
request.CanceledErrorCode:
return sdkException{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
index d126764ce..a716c021c 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
@@ -4,28 +4,73 @@ import (
"encoding/json"
"fmt"
"net/http"
+ "strconv"
"strings"
"time"
+ "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/internal/sdkuri"
)
+// getToken uses the duration to return a token for EC2 metadata service,
+// or an error if the request failed.
+func (c *EC2Metadata) getToken(ctx aws.Context, duration time.Duration) (tokenOutput, error) {
+ op := &request.Operation{
+ Name: "GetToken",
+ HTTPMethod: "PUT",
+ HTTPPath: "/api/token",
+ }
+
+ var output tokenOutput
+ req := c.NewRequest(op, nil, &output)
+ req.SetContext(ctx)
+
+ // remove the fetch token handler from the request handlers to avoid infinite recursion
+ req.Handlers.Sign.RemoveByName(fetchTokenHandlerName)
+
+ // Swap the unmarshalMetadataHandler with unmarshalTokenHandler on this request.
+ req.Handlers.Unmarshal.Swap(unmarshalMetadataHandlerName, unmarshalTokenHandler)
+
+ ttl := strconv.FormatInt(int64(duration/time.Second), 10)
+ req.HTTPRequest.Header.Set(ttlHeader, ttl)
+
+ err := req.Send()
+
+ // Errors with bad request status should be returned.
+ if err != nil {
+ err = awserr.NewRequestFailure(
+ awserr.New(req.HTTPResponse.Status, http.StatusText(req.HTTPResponse.StatusCode), err),
+ req.HTTPResponse.StatusCode, req.RequestID)
+ }
+
+ return output, err
+}
+
// GetMetadata uses the path provided to request information from the EC2
-// instance metdata service. The content will be returned as a string, or
+// instance metadata service. The content will be returned as a string, or
// error if the request failed.
func (c *EC2Metadata) GetMetadata(p string) (string, error) {
+ return c.GetMetadataWithContext(aws.BackgroundContext(), p)
+}
+
+// GetMetadataWithContext uses the path provided to request information from the EC2
+// instance metadata service. The content will be returned as a string, or
+// error if the request failed.
+func (c *EC2Metadata) GetMetadataWithContext(ctx aws.Context, p string) (string, error) {
op := &request.Operation{
Name: "GetMetadata",
HTTPMethod: "GET",
HTTPPath: sdkuri.PathJoin("/meta-data", p),
}
-
output := &metadataOutput{}
+
req := c.NewRequest(op, nil, output)
- err := req.Send()
+ req.SetContext(ctx)
+
+ err := req.Send()
return output.Content, err
}
@@ -33,6 +78,13 @@ func (c *EC2Metadata) GetMetadata(p string) (string, error) {
// there is no user-data setup for the EC2 instance a "NotFoundError" error
// code will be returned.
func (c *EC2Metadata) GetUserData() (string, error) {
+ return c.GetUserDataWithContext(aws.BackgroundContext())
+}
+
+// GetUserDataWithContext returns the userdata that was configured for the service. If
+// there is no user-data setup for the EC2 instance a "NotFoundError" error
+// code will be returned.
+func (c *EC2Metadata) GetUserDataWithContext(ctx aws.Context) (string, error) {
op := &request.Operation{
Name: "GetUserData",
HTTPMethod: "GET",
@@ -41,13 +93,9 @@ func (c *EC2Metadata) GetUserData() (string, error) {
output := &metadataOutput{}
req := c.NewRequest(op, nil, output)
- req.Handlers.UnmarshalError.PushBack(func(r *request.Request) {
- if r.HTTPResponse.StatusCode == http.StatusNotFound {
- r.Error = awserr.New("NotFoundError", "user-data not found", r.Error)
- }
- })
- err := req.Send()
+ req.SetContext(ctx)
+ err := req.Send()
return output.Content, err
}
@@ -55,6 +103,13 @@ func (c *EC2Metadata) GetUserData() (string, error) {
// instance metadata service for dynamic data. The content will be returned
// as a string, or error if the request failed.
func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
+ return c.GetDynamicDataWithContext(aws.BackgroundContext(), p)
+}
+
+// GetDynamicDataWithContext uses the path provided to request information from the EC2
+// instance metadata service for dynamic data. The content will be returned
+// as a string, or error if the request failed.
+func (c *EC2Metadata) GetDynamicDataWithContext(ctx aws.Context, p string) (string, error) {
op := &request.Operation{
Name: "GetDynamicData",
HTTPMethod: "GET",
@@ -63,8 +118,9 @@ func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
output := &metadataOutput{}
req := c.NewRequest(op, nil, output)
- err := req.Send()
+ req.SetContext(ctx)
+ err := req.Send()
return output.Content, err
}
@@ -72,7 +128,14 @@ func (c *EC2Metadata) GetDynamicData(p string) (string, error) {
// instance. Error is returned if the request fails or is unable to parse
// the response.
func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument, error) {
- resp, err := c.GetDynamicData("instance-identity/document")
+ return c.GetInstanceIdentityDocumentWithContext(aws.BackgroundContext())
+}
+
+// GetInstanceIdentityDocumentWithContext retrieves an identity document describing an
+// instance. Error is returned if the request fails or is unable to parse
+// the response.
+func (c *EC2Metadata) GetInstanceIdentityDocumentWithContext(ctx aws.Context) (EC2InstanceIdentityDocument, error) {
+ resp, err := c.GetDynamicDataWithContext(ctx, "instance-identity/document")
if err != nil {
return EC2InstanceIdentityDocument{},
awserr.New("EC2MetadataRequestError",
@@ -91,7 +154,12 @@ func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument
// IAMInfo retrieves IAM info from the metadata API
func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
- resp, err := c.GetMetadata("iam/info")
+ return c.IAMInfoWithContext(aws.BackgroundContext())
+}
+
+// IAMInfoWithContext retrieves IAM info from the metadata API
+func (c *EC2Metadata) IAMInfoWithContext(ctx aws.Context) (EC2IAMInfo, error) {
+ resp, err := c.GetMetadataWithContext(ctx, "iam/info")
if err != nil {
return EC2IAMInfo{},
awserr.New("EC2MetadataRequestError",
@@ -116,24 +184,36 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
// Region returns the region the instance is running in.
func (c *EC2Metadata) Region() (string, error) {
- resp, err := c.GetMetadata("placement/availability-zone")
+ return c.RegionWithContext(aws.BackgroundContext())
+}
+
+// RegionWithContext returns the region the instance is running in.
+func (c *EC2Metadata) RegionWithContext(ctx aws.Context) (string, error) {
+ ec2InstanceIdentityDocument, err := c.GetInstanceIdentityDocumentWithContext(ctx)
if err != nil {
return "", err
}
-
- if len(resp) == 0 {
- return "", awserr.New("EC2MetadataError", "invalid Region response", nil)
+ // extract region from the ec2InstanceIdentityDocument
+ region := ec2InstanceIdentityDocument.Region
+ if len(region) == 0 {
+ return "", awserr.New("EC2MetadataError", "invalid region received for ec2metadata instance", nil)
}
-
- // returns region without the suffix. Eg: us-west-2a becomes us-west-2
- return resp[:len(resp)-1], nil
+ // returns region
+ return region, nil
}
// Available returns if the application has access to the EC2 Metadata service.
// Can be used to determine if application is running within an EC2 Instance and
// the metadata service is available.
func (c *EC2Metadata) Available() bool {
- if _, err := c.GetMetadata("instance-id"); err != nil {
+ return c.AvailableWithContext(aws.BackgroundContext())
+}
+
+// AvailableWithContext returns if the application has access to the EC2 Metadata service.
+// Can be used to determine if application is running within an EC2 Instance and
+// the metadata service is available.
+func (c *EC2Metadata) AvailableWithContext(ctx aws.Context) bool {
+ if _, err := c.GetMetadataWithContext(ctx, "instance-id"); err != nil {
return false
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
index 4c5636e35..b8b2940d7 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
@@ -13,6 +13,7 @@ import (
"io"
"net/http"
"os"
+ "strconv"
"strings"
"time"
@@ -24,9 +25,25 @@ import (
"github.com/aws/aws-sdk-go/aws/request"
)
-// ServiceName is the name of the service.
-const ServiceName = "ec2metadata"
-const disableServiceEnvVar = "AWS_EC2_METADATA_DISABLED"
+const (
+ // ServiceName is the name of the service.
+ ServiceName = "ec2metadata"
+ disableServiceEnvVar = "AWS_EC2_METADATA_DISABLED"
+
+ // Headers for Token and TTL
+ ttlHeader = "x-aws-ec2-metadata-token-ttl-seconds"
+ tokenHeader = "x-aws-ec2-metadata-token"
+
+ // Named Handler constants
+ fetchTokenHandlerName = "FetchTokenHandler"
+ unmarshalMetadataHandlerName = "unmarshalMetadataHandler"
+ unmarshalTokenHandlerName = "unmarshalTokenHandler"
+ enableTokenProviderHandlerName = "enableTokenProviderHandler"
+
+ // TTL constants
+ defaultTTL = 21600 * time.Second
+ ttlExpirationWindow = 30 * time.Second
+)
// A EC2Metadata is an EC2 Metadata service Client.
type EC2Metadata struct {
@@ -63,8 +80,10 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
// use a shorter timeout than default because the metadata
// service is local if it is running, and to fail faster
// if not running on an ec2 instance.
- Timeout: 5 * time.Second,
+ Timeout: 1 * time.Second,
}
+ // max number of retries on the client operation
+ cfg.MaxRetries = aws.Int(2)
}
svc := &EC2Metadata{
@@ -80,13 +99,27 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
),
}
- svc.Handlers.Unmarshal.PushBack(unmarshalHandler)
+ // token provider instance
+ tp := newTokenProvider(svc, defaultTTL)
+
+ // NamedHandler for fetching token
+ svc.Handlers.Sign.PushBackNamed(request.NamedHandler{
+ Name: fetchTokenHandlerName,
+ Fn: tp.fetchTokenHandler,
+ })
+ // NamedHandler for enabling token provider
+ svc.Handlers.Complete.PushBackNamed(request.NamedHandler{
+ Name: enableTokenProviderHandlerName,
+ Fn: tp.enableTokenProviderHandler,
+ })
+
+ svc.Handlers.Unmarshal.PushBackNamed(unmarshalHandler)
svc.Handlers.UnmarshalError.PushBack(unmarshalError)
svc.Handlers.Validate.Clear()
svc.Handlers.Validate.PushBack(validateEndpointHandler)
// Disable the EC2 Metadata service if the environment variable is set.
- // This shortcirctes the service's functionality to always fail to send
+ // This short-circuits the service's functionality to always fail to send
// requests.
if strings.ToLower(os.Getenv(disableServiceEnvVar)) == "true" {
svc.Handlers.Send.SwapNamed(request.NamedHandler{
@@ -107,7 +140,6 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
for _, option := range opts {
option(svc.Client)
}
-
return svc
}
@@ -119,30 +151,74 @@ type metadataOutput struct {
Content string
}
-func unmarshalHandler(r *request.Request) {
- defer r.HTTPResponse.Body.Close()
- b := &bytes.Buffer{}
- if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata response", err)
- return
- }
+type tokenOutput struct {
+ Token string
+ TTL time.Duration
+}
- if data, ok := r.Data.(*metadataOutput); ok {
- data.Content = b.String()
- }
+// unmarshal token handler is used to parse the response of a getToken operation
+var unmarshalTokenHandler = request.NamedHandler{
+ Name: unmarshalTokenHandlerName,
+ Fn: func(r *request.Request) {
+ defer r.HTTPResponse.Body.Close()
+ var b bytes.Buffer
+ if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+ r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
+ "unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
+ return
+ }
+
+ v := r.HTTPResponse.Header.Get(ttlHeader)
+ data, ok := r.Data.(*tokenOutput)
+ if !ok {
+ return
+ }
+
+ data.Token = b.String()
+ // TTL is in seconds
+ i, err := strconv.ParseInt(v, 10, 64)
+ if err != nil {
+ r.Error = awserr.NewRequestFailure(awserr.New(request.ParamFormatErrCode,
+ "unable to parse EC2 token TTL response", err), r.HTTPResponse.StatusCode, r.RequestID)
+ return
+ }
+ t := time.Duration(i) * time.Second
+ data.TTL = t
+ },
+}
+
+var unmarshalHandler = request.NamedHandler{
+ Name: unmarshalMetadataHandlerName,
+ Fn: func(r *request.Request) {
+ defer r.HTTPResponse.Body.Close()
+ var b bytes.Buffer
+ if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+ r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
+ "unable to unmarshal EC2 metadata response", err), r.HTTPResponse.StatusCode, r.RequestID)
+ return
+ }
+
+ if data, ok := r.Data.(*metadataOutput); ok {
+ data.Content = b.String()
+ }
+ },
}
func unmarshalError(r *request.Request) {
defer r.HTTPResponse.Body.Close()
- b := &bytes.Buffer{}
- if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error response", err)
+ var b bytes.Buffer
+
+ if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
+ r.Error = awserr.NewRequestFailure(
+ awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error response", err),
+ r.HTTPResponse.StatusCode, r.RequestID)
return
}
// Response body format is not consistent between metadata endpoints.
// Grab the error message as a string and include that as the source error
- r.Error = awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String()))
+ r.Error = awserr.NewRequestFailure(awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String())),
+ r.HTTPResponse.StatusCode, r.RequestID)
}
func validateEndpointHandler(r *request.Request) {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
new file mode 100644
index 000000000..d0a3a020d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
@@ -0,0 +1,92 @@
+package ec2metadata
+
+import (
+ "net/http"
+ "sync/atomic"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// A tokenProvider struct provides access to EC2Metadata client
+// and atomic instance of a token, along with configuredTTL for it.
+// tokenProvider also provides an atomic flag to disable the
+// fetch token operation.
+// The disabled member will use 0 as false, and 1 as true.
+type tokenProvider struct {
+ client *EC2Metadata
+ token atomic.Value
+ configuredTTL time.Duration
+ disabled uint32
+}
+
+// A ec2Token struct helps use of token in EC2 Metadata service ops
+type ec2Token struct {
+ token string
+ credentials.Expiry
+}
+
+// newTokenProvider provides a pointer to a tokenProvider instance
+func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider {
+ return &tokenProvider{client: c, configuredTTL: duration}
+}
+
+// fetchTokenHandler fetches token for EC2Metadata service client by default.
+func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
+
+ // short-circuits to insecure data flow if tokenProvider is disabled.
+ if v := atomic.LoadUint32(&t.disabled); v == 1 {
+ return
+ }
+
+ if ec2Token, ok := t.token.Load().(ec2Token); ok && !ec2Token.IsExpired() {
+ r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
+ return
+ }
+
+ output, err := t.client.getToken(r.Context(), t.configuredTTL)
+
+ if err != nil {
+
+ // change the disabled flag on token provider to true,
+ // when error is request timeout error.
+ if requestFailureError, ok := err.(awserr.RequestFailure); ok {
+ switch requestFailureError.StatusCode() {
+ case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
+ atomic.StoreUint32(&t.disabled, 1)
+ case http.StatusBadRequest:
+ r.Error = requestFailureError
+ }
+
+ // Check if request timed out while waiting for response
+ if e, ok := requestFailureError.OrigErr().(awserr.Error); ok {
+ if e.Code() == request.ErrCodeRequestError {
+ atomic.StoreUint32(&t.disabled, 1)
+ }
+ }
+ }
+ return
+ }
+
+ newToken := ec2Token{
+ token: output.Token,
+ }
+ newToken.SetExpiration(time.Now().Add(output.TTL), ttlExpirationWindow)
+ t.token.Store(newToken)
+
+ // Inject token header to the request.
+ if ec2Token, ok := t.token.Load().(ec2Token); ok {
+ r.HTTPRequest.Header.Set(tokenHeader, ec2Token.token)
+ }
+}
+
+// enableTokenProviderHandler enables the token provider
+func (t *tokenProvider) enableTokenProviderHandler(r *request.Request) {
+ // If the error code status is 401, we enable the token provider
+ if e, ok := r.Error.(awserr.RequestFailure); ok && e != nil &&
+ e.StatusCode() == http.StatusUnauthorized {
+ atomic.StoreUint32(&t.disabled, 0)
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
index 87b9ff3ff..654fb1ad5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
@@ -83,6 +83,7 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
p := &ps[i]
custAddEC2Metadata(p)
custAddS3DualStack(p)
+ custRegionalS3(p)
custRmIotDataService(p)
custFixAppAutoscalingChina(p)
custFixAppAutoscalingUsGov(p)
@@ -92,7 +93,7 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
}
func custAddS3DualStack(p *partition) {
- if p.ID != "aws" {
+ if !(p.ID == "aws" || p.ID == "aws-cn" || p.ID == "aws-us-gov") {
return
}
@@ -100,6 +101,33 @@ func custAddS3DualStack(p *partition) {
custAddDualstack(p, "s3-control")
}
+func custRegionalS3(p *partition) {
+ if p.ID != "aws" {
+ return
+ }
+
+ service, ok := p.Services["s3"]
+ if !ok {
+ return
+ }
+
+ // If global endpoint already exists no customization needed.
+ if _, ok := service.Endpoints["aws-global"]; ok {
+ return
+ }
+
+ service.PartitionEndpoint = "aws-global"
+ service.Endpoints["us-east-1"] = endpoint{}
+ service.Endpoints["aws-global"] = endpoint{
+ Hostname: "s3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ }
+
+ p.Services["s3"] = service
+}
+
func custAddDualstack(p *partition, svcName string) {
s, ok := p.Services[svcName]
if !ok {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index 452cefda6..64089826d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -17,6 +17,7 @@ const (
// AWS Standard partition's regions.
const (
+ AfSouth1RegionID = "af-south-1" // Africa (Cape Town).
ApEast1RegionID = "ap-east-1" // Asia Pacific (Hong Kong).
ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo).
ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul).
@@ -24,11 +25,12 @@ const (
ApSoutheast1RegionID = "ap-southeast-1" // Asia Pacific (Singapore).
ApSoutheast2RegionID = "ap-southeast-2" // Asia Pacific (Sydney).
CaCentral1RegionID = "ca-central-1" // Canada (Central).
- EuCentral1RegionID = "eu-central-1" // EU (Frankfurt).
- EuNorth1RegionID = "eu-north-1" // EU (Stockholm).
- EuWest1RegionID = "eu-west-1" // EU (Ireland).
- EuWest2RegionID = "eu-west-2" // EU (London).
- EuWest3RegionID = "eu-west-3" // EU (Paris).
+ EuCentral1RegionID = "eu-central-1" // Europe (Frankfurt).
+ EuNorth1RegionID = "eu-north-1" // Europe (Stockholm).
+ EuSouth1RegionID = "eu-south-1" // Europe (Milan).
+ EuWest1RegionID = "eu-west-1" // Europe (Ireland).
+ EuWest2RegionID = "eu-west-2" // Europe (London).
+ EuWest3RegionID = "eu-west-3" // Europe (Paris).
MeSouth1RegionID = "me-south-1" // Middle East (Bahrain).
SaEast1RegionID = "sa-east-1" // South America (Sao Paulo).
UsEast1RegionID = "us-east-1" // US East (N. Virginia).
@@ -46,7 +48,7 @@ const (
// AWS GovCloud (US) partition's regions.
const (
UsGovEast1RegionID = "us-gov-east-1" // AWS GovCloud (US-East).
- UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US).
+ UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US-West).
)
// AWS ISO (US) partition's regions.
@@ -97,7 +99,7 @@ var awsPartition = partition{
DNSSuffix: "amazonaws.com",
RegionRegex: regionRegex{
Regexp: func() *regexp.Regexp {
- reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me)\\-\\w+\\-\\d+$")
+ reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$")
return reg
}(),
},
@@ -107,6 +109,9 @@ var awsPartition = partition{
SignatureVersions: []string{"v4"},
},
Regions: regions{
+ "af-south-1": region{
+ Description: "Africa (Cape Town)",
+ },
"ap-east-1": region{
Description: "Asia Pacific (Hong Kong)",
},
@@ -129,19 +134,22 @@ var awsPartition = partition{
Description: "Canada (Central)",
},
"eu-central-1": region{
- Description: "EU (Frankfurt)",
+ Description: "Europe (Frankfurt)",
},
"eu-north-1": region{
- Description: "EU (Stockholm)",
+ Description: "Europe (Stockholm)",
+ },
+ "eu-south-1": region{
+ Description: "Europe (Milan)",
},
"eu-west-1": region{
- Description: "EU (Ireland)",
+ Description: "Europe (Ireland)",
},
"eu-west-2": region{
- Description: "EU (London)",
+ Description: "Europe (London)",
},
"eu-west-3": region{
- Description: "EU (Paris)",
+ Description: "Europe (Paris)",
},
"me-south-1": region{
Description: "Middle East (Bahrain)",
@@ -169,9 +177,10 @@ var awsPartition = partition{
"us-east-1": endpoint{},
},
},
- "acm": service{
+ "access-analyzer": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -181,6 +190,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -192,6 +202,61 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
+ "acm": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "ca-central-1-fips": endpoint{
+ Hostname: "acm-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "acm-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "acm-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "acm-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "acm-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
"acm-pca": service{
Defaults: endpoint{
Protocols: []string{"https"},
@@ -209,6 +274,61 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "acm-pca-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "acm-pca-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "acm-pca-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "acm-pca-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "acm-pca-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "api.detective": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -218,6 +338,12 @@ var awsPartition = partition{
"api.ecr": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{
+ Hostname: "api.ecr.af-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "af-south-1",
+ },
+ },
"ap-east-1": endpoint{
Hostname: "api.ecr.ap-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -272,6 +398,12 @@ var awsPartition = partition{
Region: "eu-north-1",
},
},
+ "eu-south-1": endpoint{
+ Hostname: "api.ecr.eu-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-south-1",
+ },
+ },
"eu-west-1": endpoint{
Hostname: "api.ecr.eu-west-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -290,6 +422,30 @@ var awsPartition = partition{
Region: "eu-west-3",
},
},
+ "fips-us-east-1": endpoint{
+ Hostname: "ecr-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ecr-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ecr-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ecr-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
"me-south-1": endpoint{
Hostname: "api.ecr.me-south-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -328,6 +484,29 @@ var awsPartition = partition{
},
},
},
+ "api.elastic-inference": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{
+ Hostname: "api.elastic-inference.ap-northeast-1.amazonaws.com",
+ },
+ "ap-northeast-2": endpoint{
+ Hostname: "api.elastic-inference.ap-northeast-2.amazonaws.com",
+ },
+ "eu-west-1": endpoint{
+ Hostname: "api.elastic-inference.eu-west-1.amazonaws.com",
+ },
+ "us-east-1": endpoint{
+ Hostname: "api.elastic-inference.us-east-1.amazonaws.com",
+ },
+ "us-east-2": endpoint{
+ Hostname: "api.elastic-inference.us-east-2.amazonaws.com",
+ },
+ "us-west-2": endpoint{
+ Hostname: "api.elastic-inference.us-west-2.amazonaws.com",
+ },
+ },
+ },
"api.mediatailor": service{
Endpoints: endpoints{
@@ -366,6 +545,7 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
@@ -400,6 +580,7 @@ var awsPartition = partition{
"apigateway": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -409,6 +590,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -422,13 +604,10 @@ var awsPartition = partition{
},
"application-autoscaling": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "application-autoscaling",
- },
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -438,6 +617,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -452,6 +632,7 @@ var awsPartition = partition{
"appmesh": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -459,8 +640,12 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -481,8 +666,14 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips": endpoint{
+ Hostname: "appstream2-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"appsync": service{
@@ -515,8 +706,12 @@ var awsPartition = partition{
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
@@ -525,6 +720,7 @@ var awsPartition = partition{
Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -534,6 +730,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -547,13 +744,10 @@ var awsPartition = partition{
},
"autoscaling-plans": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "autoscaling-plans",
- },
},
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -561,8 +755,12 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -572,14 +770,20 @@ var awsPartition = partition{
"backup": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -601,12 +805,36 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "fips.batch.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "fips.batch.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "fips.batch.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "fips.batch.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"budgets": service{
@@ -655,12 +883,23 @@ var awsPartition = partition{
"cloud9": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
@@ -681,6 +920,7 @@ var awsPartition = partition{
"cloudformation": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -690,15 +930,40 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "us-east-1-fips": endpoint{
+ Hostname: "cloudformation-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{},
+ "us-east-2-fips": endpoint{
+ Hostname: "cloudformation-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{},
+ "us-west-1-fips": endpoint{
+ Hostname: "cloudformation-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "us-west-2": endpoint{},
+ "us-west-2-fips": endpoint{
+ Hostname: "cloudformation-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
},
},
"cloudfront": service{
@@ -750,6 +1015,7 @@ var awsPartition = partition{
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -774,6 +1040,7 @@ var awsPartition = partition{
"cloudtrail": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -783,20 +1050,60 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "codebuild": service{
-
- Endpoints: endpoints{
+ "fips-us-east-1": endpoint{
+ Hostname: "cloudtrail-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "cloudtrail-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "cloudtrail-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "cloudtrail-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "codeartifact": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "codebuild": service{
+
+ Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -844,6 +1151,7 @@ var awsPartition = partition{
"codecommit": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -861,16 +1169,18 @@ var awsPartition = partition{
Region: "ca-central-1",
},
},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"codedeploy": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -880,6 +1190,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -929,24 +1240,76 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "codepipeline-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "codepipeline-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "codepipeline-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "codepipeline-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "codepipeline-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "codestar": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "codestar": service{
+ "codestar-connections": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -965,9 +1328,27 @@ var awsPartition = partition{
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "cognito-identity-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "cognito-identity-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "cognito-identity-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
"cognito-idp": service{
@@ -982,9 +1363,27 @@ var awsPartition = partition{
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "cognito-idp-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "cognito-idp-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "cognito-idp-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
"cognito-sync": service{
@@ -1008,15 +1407,36 @@ var awsPartition = partition{
Protocols: []string{"https"},
},
Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "comprehend-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "comprehend-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "comprehend-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
"comprehendmedical": service{
@@ -1026,9 +1446,27 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
"config": service{
@@ -1058,8 +1496,10 @@ var awsPartition = partition{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
+ "eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-west-2": endpoint{},
},
@@ -1079,7 +1519,24 @@ var awsPartition = partition{
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "dataexchange": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
@@ -1096,12 +1553,24 @@ var awsPartition = partition{
"datasync": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "datasync-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
"fips-us-east-1": endpoint{
Hostname: "datasync-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -1127,6 +1596,7 @@ var awsPartition = partition{
},
},
"me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -1142,6 +1612,8 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -1158,6 +1630,7 @@ var awsPartition = partition{
"directconnect": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1167,26 +1640,56 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "directconnect-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "directconnect-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "directconnect-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "directconnect-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"discovery": service{
Endpoints: endpoints{
- "us-west-2": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"dms": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1194,17 +1697,24 @@ var awsPartition = partition{
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "dms-fips": endpoint{
+ Hostname: "dms-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"docdb": service{
@@ -1222,12 +1732,30 @@ var awsPartition = partition{
Region: "ap-northeast-2",
},
},
+ "ap-south-1": endpoint{
+ Hostname: "rds.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "ap-southeast-1": endpoint{
+ Hostname: "rds.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
"ap-southeast-2": endpoint{
Hostname: "rds.ap-southeast-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "ap-southeast-2",
},
},
+ "ca-central-1": endpoint{
+ Hostname: "rds.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
"eu-central-1": endpoint{
Hostname: "rds.eu-central-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -1246,6 +1774,12 @@ var awsPartition = partition{
Region: "eu-west-2",
},
},
+ "eu-west-3": endpoint{
+ Hostname: "rds.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
"us-east-1": endpoint{
Hostname: "rds.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -1269,6 +1803,7 @@ var awsPartition = partition{
"ds": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -1279,11 +1814,43 @@ var awsPartition = partition{
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "ds-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "ds-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ds-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ds-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ds-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"dynamodb": service{
@@ -1291,6 +1858,7 @@ var awsPartition = partition{
Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1306,6 +1874,7 @@ var awsPartition = partition{
},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -1353,6 +1922,7 @@ var awsPartition = partition{
Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1362,15 +1932,46 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "ec2-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "ec2-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ec2-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ec2-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ec2-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"ec2metadata": service{
@@ -1387,6 +1988,7 @@ var awsPartition = partition{
"ecs": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1396,19 +1998,46 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "ecs-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ecs-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ecs-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ecs-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "elasticache": service{
-
+ "eks": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
@@ -1422,23 +2051,35 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "fips": endpoint{
- Hostname: "elasticache-fips.us-west-1.amazonaws.com",
+ "fips-us-east-1": endpoint{
+ Hostname: "fips.eks.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
- Region: "us-west-1",
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "fips.eks.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "fips.eks.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
},
},
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "elasticbeanstalk": service{
+ "elasticache": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1448,20 +2089,29 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips": endpoint{
+ Hostname: "elasticache-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "elasticfilesystem": service{
+ "elasticbeanstalk": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -1469,20 +2119,47 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "elasticloadbalancing": service{
- Defaults: endpoint{
- Protocols: []string{"https"},
- },
+ "elasticfilesystem": service{
+
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1492,37 +2169,241 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "elasticmapreduce": service{
- Defaults: endpoint{
- SSLCommonName: "{region}.{service}.{dnsSuffix}",
- Protocols: []string{"https"},
- },
- Endpoints: endpoints{
- "ap-east-1": endpoint{},
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{
+ "fips-af-south-1": endpoint{
+ Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "af-south-1",
+ },
+ },
+ "fips-ap-east-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-east-1",
+ },
+ },
+ "fips-ap-northeast-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "fips-ap-northeast-2": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "fips-ap-south-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "fips-ap-southeast-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "fips-ap-southeast-2": endpoint{
+ Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "fips-ca-central-1": endpoint{
+ Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-eu-central-1": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "fips-eu-north-1": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "fips-eu-south-1": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-south-1",
+ },
+ },
+ "fips-eu-west-1": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "fips-eu-west-2": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "fips-eu-west-3": endpoint{
+ Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-me-south-1": endpoint{
+ Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
+ "fips-sa-east-1": endpoint{
+ Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "elasticloadbalancing": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "elasticmapreduce": service{
+ Defaults: endpoint{
+ SSLCommonName: "{region}.{service}.{dnsSuffix}",
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{
SSLCommonName: "{service}.{region}.{dnsSuffix}",
},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "elasticmapreduce-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{
@@ -1570,6 +2451,7 @@ var awsPartition = partition{
"es": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1579,6 +2461,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -1599,6 +2482,7 @@ var awsPartition = partition{
"events": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1608,15 +2492,40 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "events-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "events-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "events-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "events-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"firehose": service{
@@ -1634,11 +2543,36 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "firehose-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "firehose-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "firehose-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "firehose-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"fms": service{
@@ -1648,30 +2582,159 @@ var awsPartition = partition{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "fsx": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ap-northeast-1": endpoint{
+ Hostname: "fms-fips.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "fips-ap-northeast-2": endpoint{
+ Hostname: "fms-fips.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "fips-ap-south-1": endpoint{
+ Hostname: "fms-fips.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "fips-ap-southeast-1": endpoint{
+ Hostname: "fms-fips.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "fips-ap-southeast-2": endpoint{
+ Hostname: "fms-fips.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "fips-ca-central-1": endpoint{
+ Hostname: "fms-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-eu-central-1": endpoint{
+ Hostname: "fms-fips.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "fips-eu-west-1": endpoint{
+ Hostname: "fms-fips.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "fips-eu-west-2": endpoint{
+ Hostname: "fms-fips.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "fips-eu-west-3": endpoint{
+ Hostname: "fms-fips.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-sa-east-1": endpoint{
+ Hostname: "fms-fips.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "fms-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "fms-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "fms-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "fms-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "forecast": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "forecastquery": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "fsx": service{
+
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
@@ -1699,6 +2762,7 @@ var awsPartition = partition{
Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -1708,15 +2772,46 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "glacier-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "glacier-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "glacier-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "glacier-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "glacier-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"glue": service{
@@ -1734,12 +2829,36 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "glue-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "glue-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "glue-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "glue-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"greengrass": service{
@@ -1764,8 +2883,12 @@ var awsPartition = partition{
"groundstation": service{
Endpoints: endpoints{
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "me-south-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
},
},
"guardduty": service{
@@ -1835,6 +2958,12 @@ var awsPartition = partition{
Region: "us-east-1",
},
},
+ "iam-fips": endpoint{
+ Hostname: "iam-fips.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
},
},
"importexport": service{
@@ -1863,10 +2992,34 @@ var awsPartition = partition{
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "inspector-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "inspector-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "inspector-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "inspector-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"iot": service{
@@ -1911,9 +3064,12 @@ var awsPartition = partition{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
@@ -1928,6 +3084,18 @@ var awsPartition = partition{
Region: "ap-northeast-1",
},
},
+ "ap-northeast-2": endpoint{
+ Hostname: "data.iotevents.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "ap-southeast-1": endpoint{
+ Hostname: "data.iotevents.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
"ap-southeast-2": endpoint{
Hostname: "data.iotevents.ap-southeast-2.amazonaws.com",
CredentialScope: credentialScope{
@@ -1946,6 +3114,12 @@ var awsPartition = partition{
Region: "eu-west-1",
},
},
+ "eu-west-2": endpoint{
+ Hostname: "data.iotevents.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
"us-east-1": endpoint{
Hostname: "data.iotevents.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -1966,41 +3140,71 @@ var awsPartition = partition{
},
},
},
- "iotthingsgraph": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "iotthingsgraph",
- },
- },
+ "iotsecuredtunneling": service{
+
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "iotthingsgraph": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "iotthingsgraph",
+ },
+ },
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
"us-west-2": endpoint{},
},
},
"kafka": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
"kinesis": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2010,30 +3214,59 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "kinesis-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "kinesis-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "kinesis-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "kinesis-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"kinesisanalytics": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
@@ -2042,17 +3275,27 @@ var awsPartition = partition{
"kinesisvideo": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
"kms": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2062,6 +3305,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -2077,15 +3321,27 @@ var awsPartition = partition{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
"lambda": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2095,15 +3351,40 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "lambda-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "lambda-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "lambda-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "lambda-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"license-manager": service{
@@ -2121,12 +3402,36 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "license-manager-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "license-manager-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "license-manager-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "license-manager-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"lightsail": service{
@@ -2150,6 +3455,7 @@ var awsPartition = partition{
"logs": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2159,6 +3465,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -2177,6 +3484,35 @@ var awsPartition = partition{
"us-east-1": endpoint{},
},
},
+ "macie": service{
+
+ Endpoints: endpoints{
+ "fips-us-east-1": endpoint{
+ Hostname: "macie-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "macie-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "managedblockchain": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ },
+ },
"marketplacecommerceanalytics": service{
Endpoints: endpoints{
@@ -2186,6 +3522,7 @@ var awsPartition = partition{
"mediaconnect": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2213,14 +3550,45 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "mediaconvert-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "mediaconvert-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "mediaconvert-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "mediaconvert-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"medialive": service{
@@ -2234,8 +3602,11 @@ var awsPartition = partition{
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
+ "us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
@@ -2248,6 +3619,7 @@ var awsPartition = partition{
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -2266,6 +3638,7 @@ var awsPartition = partition{
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-west-2": endpoint{},
},
@@ -2277,6 +3650,7 @@ var awsPartition = partition{
},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2286,6 +3660,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -2300,7 +3675,11 @@ var awsPartition = partition{
"mgh": service{
Endpoints: endpoints{
- "us-west-2": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"mobileanalytics": service{
@@ -2316,39 +3695,22 @@ var awsPartition = partition{
},
},
Endpoints: endpoints{
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "monitoring": service{
- Defaults: endpoint{
- Protocols: []string{"http", "https"},
- },
- Endpoints: endpoints{
- "ap-east-1": endpoint{},
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
"us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
- "mq": service{
-
+ "monitoring": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2356,13 +3718,88 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "monitoring-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "monitoring-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "monitoring-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "monitoring-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "mq": service{
+
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "mq-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "mq-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "mq-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "mq-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"mturk-requester": service{
@@ -2408,6 +3845,12 @@ var awsPartition = partition{
Region: "ap-southeast-2",
},
},
+ "ca-central-1": endpoint{
+ Hostname: "rds.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
"eu-central-1": endpoint{
Hostname: "rds.eu-central-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -2432,6 +3875,18 @@ var awsPartition = partition{
Region: "eu-west-2",
},
},
+ "eu-west-3": endpoint{
+ Hostname: "rds.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "me-south-1": endpoint{
+ Hostname: "rds.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
"us-east-1": endpoint{
Hostname: "rds.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -2452,6 +3907,65 @@ var awsPartition = partition{
},
},
},
+ "oidc": service{
+
+ Endpoints: endpoints{
+ "ap-southeast-1": endpoint{
+ Hostname: "oidc.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "oidc.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "oidc.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "oidc.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "oidc.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "oidc.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "oidc.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{
+ Hostname: "oidc.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "oidc.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
"opsworks": service{
Endpoints: endpoints{
@@ -2497,29 +4011,20 @@ var awsPartition = partition{
Region: "us-east-1",
},
},
- },
- },
- "pinpoint": service{
- Defaults: endpoint{
- CredentialScope: credentialScope{
- Service: "mobiletargeting",
+ "fips-aws-global": endpoint{
+ Hostname: "organizations-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
},
},
- Endpoints: endpoints{
- "ap-south-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
- },
},
- "polly": service{
+ "outposts": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
@@ -2528,56 +4033,81 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "projects.iot1click": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "outposts-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "outposts-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "outposts-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "outposts-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "outposts-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "qldb": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-2": endpoint{},
+ "pinpoint": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "mobiletargeting",
+ },
},
- },
- "ram": service{
-
Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
"eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "pinpoint-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "pinpoint-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "pinpoint.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "pinpoint.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
},
},
- "rds": service{
+ "polly": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
@@ -2592,17 +4122,124 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{
- SSLCommonName: "{service}.{dnsSuffix}",
+ "fips-us-east-1": endpoint{
+ Hostname: "polly-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-2": endpoint{
+ Hostname: "polly-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "polly-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "polly-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
- "redshift": service{
+ "portal.sso": service{
+
+ Endpoints: endpoints{
+ "ap-southeast-1": endpoint{
+ Hostname: "portal.sso.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "portal.sso.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "portal.sso.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "portal.sso.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "portal.sso.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "portal.sso.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "portal.sso.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{
+ Hostname: "portal.sso.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-2": endpoint{
+ Hostname: "portal.sso.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "projects.iot1click": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "qldb": service{
+
+ Endpoints: endpoints{
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "ram": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
@@ -2625,6 +4262,118 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
+ "rds": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "rds-fips.ca-central-1": endpoint{
+ Hostname: "rds-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "rds-fips.us-east-1": endpoint{
+ Hostname: "rds-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "rds-fips.us-east-2": endpoint{
+ Hostname: "rds-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "rds-fips.us-west-1": endpoint{
+ Hostname: "rds-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "rds-fips.us-west-2": endpoint{
+ Hostname: "rds-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{
+ SSLCommonName: "{service}.{dnsSuffix}",
+ },
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "redshift": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-ca-central-1": endpoint{
+ Hostname: "redshift-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "redshift-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "redshift-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "redshift-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "redshift-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
"rekognition": service{
Endpoints: endpoints{
@@ -2645,6 +4394,7 @@ var awsPartition = partition{
"resource-groups": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -2654,6 +4404,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -2725,6 +4476,7 @@ var awsPartition = partition{
Protocols: []string{"https"},
},
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -2732,9 +4484,12 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@@ -2748,9 +4503,13 @@ var awsPartition = partition{
},
},
Endpoints: endpoints{
- "eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"runtime.sagemaker": service{
@@ -2768,6 +4527,7 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
@@ -2800,7 +4560,7 @@ var awsPartition = partition{
},
},
"s3": service{
- PartitionEndpoint: "us-east-1",
+ PartitionEndpoint: "aws-global",
IsRegionalized: boxedTrue,
Defaults: endpoint{
Protocols: []string{"http", "https"},
@@ -2810,7 +4570,8 @@ var awsPartition = partition{
DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
},
Endpoints: endpoints{
- "ap-east-1": endpoint{},
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{
Hostname: "s3.ap-northeast-1.amazonaws.com",
SignatureVersions: []string{"s3", "s3v4"},
@@ -2825,9 +4586,17 @@ var awsPartition = partition{
Hostname: "s3.ap-southeast-2.amazonaws.com",
SignatureVersions: []string{"s3", "s3v4"},
},
+ "aws-global": endpoint{
+ Hostname: "s3.amazonaws.com",
+ SignatureVersions: []string{"s3", "s3v4"},
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{
Hostname: "s3.eu-west-1.amazonaws.com",
SignatureVersions: []string{"s3", "s3v4"},
@@ -2847,7 +4616,7 @@ var awsPartition = partition{
SignatureVersions: []string{"s3", "s3v4"},
},
"us-east-1": endpoint{
- Hostname: "s3.amazonaws.com",
+ Hostname: "s3.us-east-1.amazonaws.com",
SignatureVersions: []string{"s3", "s3v4"},
},
"us-east-2": endpoint{},
@@ -3012,6 +4781,41 @@ var awsPartition = partition{
},
},
},
+ "savingsplans": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "savingsplans.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ },
+ },
+ "schemas": service{
+
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
"sdb": service{
Defaults: endpoint{
Protocols: []string{"http", "https"},
@@ -3033,6 +4837,8 @@ var awsPartition = partition{
"secretsmanager": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -3041,9 +4847,11 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
@@ -3078,6 +4886,7 @@ var awsPartition = partition{
"securityhub": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3087,14 +4896,40 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "securityhub-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "securityhub-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "securityhub-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "securityhub-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"serverlessrepo": service{
@@ -3102,6 +4937,9 @@ var awsPartition = partition{
Protocols: []string{"https"},
},
Endpoints: endpoints{
+ "ap-east-1": endpoint{
+ Protocols: []string{"https"},
+ },
"ap-northeast-1": endpoint{
Protocols: []string{"https"},
},
@@ -3135,6 +4973,9 @@ var awsPartition = partition{
"eu-west-3": endpoint{
Protocols: []string{"https"},
},
+ "me-south-1": endpoint{
+ Protocols: []string{"https"},
+ },
"sa-east-1": endpoint{
Protocols: []string{"https"},
},
@@ -3155,6 +4996,7 @@ var awsPartition = partition{
"servicecatalog": service{
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@@ -3166,6 +5008,7 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
@@ -3224,6 +5067,10 @@ var awsPartition = partition{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@@ -3231,18 +5078,31 @@ var awsPartition = partition{
},
},
"shield": service{
- IsRegionalized: boxedFalse,
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
Defaults: endpoint{
SSLCommonName: "shield.us-east-1.amazonaws.com",
Protocols: []string{"https"},
},
Endpoints: endpoints{
- "us-east-1": endpoint{},
+ "aws-global": endpoint{
+ Hostname: "shield.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-aws-global": endpoint{
+ Hostname: "shield-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
},
},
"sms": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3252,15 +5112,40 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "sms-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "sms-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "sms-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "sms-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"snowball": service{
@@ -3276,11 +5161,101 @@ var awsPartition = partition{
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-ap-northeast-1": endpoint{
+ Hostname: "snowball-fips.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "fips-ap-northeast-2": endpoint{
+ Hostname: "snowball-fips.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "fips-ap-south-1": endpoint{
+ Hostname: "snowball-fips.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "fips-ap-southeast-1": endpoint{
+ Hostname: "snowball-fips.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "fips-ap-southeast-2": endpoint{
+ Hostname: "snowball-fips.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "fips-ca-central-1": endpoint{
+ Hostname: "snowball-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-eu-central-1": endpoint{
+ Hostname: "snowball-fips.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "fips-eu-west-1": endpoint{
+ Hostname: "snowball-fips.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "fips-eu-west-2": endpoint{
+ Hostname: "snowball-fips.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "fips-eu-west-3": endpoint{
+ Hostname: "snowball-fips.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-sa-east-1": endpoint{
+ Hostname: "snowball-fips.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "snowball-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "snowball-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "snowball-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "snowball-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"sns": service{
@@ -3288,6 +5263,7 @@ var awsPartition = partition{
Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3297,15 +5273,40 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "sns-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "sns-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "sns-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "sns-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"sqs": service{
@@ -3314,6 +5315,7 @@ var awsPartition = partition{
Protocols: []string{"http", "https"},
},
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3323,6 +5325,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -3363,6 +5366,7 @@ var awsPartition = partition{
"ssm": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3372,20 +5376,70 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "ssm-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "ssm-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "ssm-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "ssm-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "ssm-facade-fips-us-east-1": endpoint{
+ Hostname: "ssm-facade-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "ssm-facade-fips-us-east-2": endpoint{
+ Hostname: "ssm-facade-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "ssm-facade-fips-us-west-1": endpoint{
+ Hostname: "ssm-facade-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "ssm-facade-fips-us-west-2": endpoint{
+ Hostname: "ssm-facade-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"states": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3395,29 +5449,56 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
- "storagegateway": service{
-
- Endpoints: endpoints{
- "ap-east-1": endpoint{},
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "states-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "states-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "states-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "states-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "storagegateway": service{
+
+ Endpoints: endpoints{
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -3495,44 +5576,31 @@ var awsPartition = partition{
},
"sts": service{
PartitionEndpoint: "aws-global",
- Defaults: endpoint{
- Hostname: "sts.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "us-east-1",
- },
- },
+
Endpoints: endpoints{
- "ap-east-1": endpoint{
- Hostname: "sts.ap-east-1.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "ap-east-1",
- },
- },
+ "af-south-1": endpoint{},
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{
- Hostname: "sts.ap-northeast-2.amazonaws.com",
- CredentialScope: credentialScope{
- Region: "ap-northeast-2",
- },
- },
+ "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
- "aws-global": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "me-south-1": endpoint{
- Hostname: "sts.me-south-1.amazonaws.com",
+ "aws-global": endpoint{
+ Hostname: "sts.amazonaws.com",
CredentialScope: credentialScope{
- Region: "me-south-1",
+ Region: "us-east-1",
},
},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
"us-east-1-fips": endpoint{
Hostname: "sts-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -3577,6 +5645,7 @@ var awsPartition = partition{
"swf": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3586,20 +5655,46 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
- "me-south-1": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "swf-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "swf-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "swf-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "swf-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"tagging": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3609,6 +5704,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -3620,6 +5716,65 @@ var awsPartition = partition{
"us-west-2": endpoint{},
},
},
+ "transcribe": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{},
+ "ap-northeast-1": endpoint{},
+ "ap-northeast-2": endpoint{},
+ "ap-south-1": endpoint{},
+ "ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "fips.transcribe.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "fips.transcribe.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "fips.transcribe.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "fips.transcribe.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{},
+ "sa-east-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-1": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
+ "transcribestreaming": service{
+
+ Endpoints: endpoints{
+ "ap-southeast-2": endpoint{},
+ "ca-central-1": endpoint{},
+ "eu-west-1": endpoint{},
+ "us-east-1": endpoint{},
+ "us-east-2": endpoint{},
+ "us-west-2": endpoint{},
+ },
+ },
"transfer": service{
Endpoints: endpoints{
@@ -3646,13 +5801,18 @@ var awsPartition = partition{
Protocols: []string{"https"},
},
Endpoints: endpoints{
+ "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
+ "ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
+ "eu-north-1": endpoint{},
"eu-west-1": endpoint{},
+ "eu-west-2": endpoint{},
+ "eu-west-3": endpoint{},
"us-east-1": endpoint{},
"us-east-1-fips": endpoint{
Hostname: "translate-fips.us-east-1.amazonaws.com",
@@ -3667,49 +5827,256 @@ var awsPartition = partition{
Region: "us-east-2",
},
},
+ "us-west-1": endpoint{},
"us-west-2": endpoint{},
"us-west-2-fips": endpoint{
Hostname: "translate-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
- Region: "us-west-2",
+ Region: "us-west-2",
+ },
+ },
+ },
+ },
+ "waf": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-fips": endpoint{
+ Hostname: "waf-fips.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "aws-global": endpoint{
+ Hostname: "waf.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ },
+ },
+ "waf-regional": service{
+
+ Endpoints: endpoints{
+ "ap-east-1": endpoint{
+ Hostname: "waf-regional.ap-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-east-1",
+ },
+ },
+ "ap-northeast-1": endpoint{
+ Hostname: "waf-regional.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "ap-northeast-2": endpoint{
+ Hostname: "waf-regional.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "ap-south-1": endpoint{
+ Hostname: "waf-regional.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "ap-southeast-1": endpoint{
+ Hostname: "waf-regional.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "ap-southeast-2": endpoint{
+ Hostname: "waf-regional.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "ca-central-1": endpoint{
+ Hostname: "waf-regional.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "eu-central-1": endpoint{
+ Hostname: "waf-regional.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "eu-north-1": endpoint{
+ Hostname: "waf-regional.eu-north-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "eu-west-1": endpoint{
+ Hostname: "waf-regional.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "eu-west-2": endpoint{
+ Hostname: "waf-regional.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "eu-west-3": endpoint{
+ Hostname: "waf-regional.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-ap-east-1": endpoint{
+ Hostname: "waf-regional-fips.ap-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-east-1",
+ },
+ },
+ "fips-ap-northeast-1": endpoint{
+ Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-1",
+ },
+ },
+ "fips-ap-northeast-2": endpoint{
+ Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-northeast-2",
+ },
+ },
+ "fips-ap-south-1": endpoint{
+ Hostname: "waf-regional-fips.ap-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-south-1",
+ },
+ },
+ "fips-ap-southeast-1": endpoint{
+ Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-1",
+ },
+ },
+ "fips-ap-southeast-2": endpoint{
+ Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ap-southeast-2",
+ },
+ },
+ "fips-ca-central-1": endpoint{
+ Hostname: "waf-regional-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
+ "fips-eu-central-1": endpoint{
+ Hostname: "waf-regional-fips.eu-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-central-1",
+ },
+ },
+ "fips-eu-north-1": endpoint{
+ Hostname: "waf-regional-fips.eu-north-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-north-1",
+ },
+ },
+ "fips-eu-west-1": endpoint{
+ Hostname: "waf-regional-fips.eu-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-1",
+ },
+ },
+ "fips-eu-west-2": endpoint{
+ Hostname: "waf-regional-fips.eu-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-2",
+ },
+ },
+ "fips-eu-west-3": endpoint{
+ Hostname: "waf-regional-fips.eu-west-3.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "eu-west-3",
+ },
+ },
+ "fips-me-south-1": endpoint{
+ Hostname: "waf-regional-fips.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
+ "fips-sa-east-1": endpoint{
+ Hostname: "waf-regional-fips.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "fips-us-east-1": endpoint{
+ Hostname: "waf-regional-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-east-2": endpoint{
+ Hostname: "waf-regional-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "fips-us-west-1": endpoint{
+ Hostname: "waf-regional-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "waf-regional-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "me-south-1": endpoint{
+ Hostname: "waf-regional.me-south-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-south-1",
+ },
+ },
+ "sa-east-1": endpoint{
+ Hostname: "waf-regional.sa-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "sa-east-1",
+ },
+ },
+ "us-east-1": endpoint{
+ Hostname: "waf-regional.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "us-east-2": endpoint{
+ Hostname: "waf-regional.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ },
+ "us-west-1": endpoint{
+ Hostname: "waf-regional.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
},
},
- },
- },
- "waf": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
-
- Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "waf.amazonaws.com",
+ "us-west-2": endpoint{
+ Hostname: "waf-regional.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
- Region: "us-east-1",
+ Region: "us-west-2",
},
},
},
},
- "waf-regional": service{
-
- Endpoints: endpoints{
- "ap-northeast-1": endpoint{},
- "ap-northeast-2": endpoint{},
- "ap-south-1": endpoint{},
- "ap-southeast-1": endpoint{},
- "ap-southeast-2": endpoint{},
- "ca-central-1": endpoint{},
- "eu-central-1": endpoint{},
- "eu-north-1": endpoint{},
- "eu-west-1": endpoint{},
- "eu-west-2": endpoint{},
- "eu-west-3": endpoint{},
- "sa-east-1": endpoint{},
- "us-east-1": endpoint{},
- "us-east-2": endpoint{},
- "us-west-1": endpoint{},
- "us-west-2": endpoint{},
- },
- },
"workdocs": service{
Endpoints: endpoints{
@@ -3717,8 +6084,20 @@ var awsPartition = partition{
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-west-1": endpoint{},
- "us-east-1": endpoint{},
- "us-west-2": endpoint{},
+ "fips-us-east-1": endpoint{
+ Hostname: "workdocs-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ },
+ "fips-us-west-2": endpoint{
+ Hostname: "workdocs-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ },
+ "us-east-1": endpoint{},
+ "us-west-2": endpoint{},
},
},
"workmail": service{
@@ -3750,6 +6129,7 @@ var awsPartition = partition{
"xray": service{
Endpoints: endpoints{
+ "af-south-1": endpoint{},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@@ -3759,6 +6139,7 @@ var awsPartition = partition{
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
+ "eu-south-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@@ -3802,6 +6183,13 @@ var awscnPartition = partition{
},
},
Services: services{
+ "acm": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"api.ecr": service{
Endpoints: endpoints{
@@ -3819,6 +6207,13 @@ var awscnPartition = partition{
},
},
},
+ "api.sagemaker": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"apigateway": service{
Endpoints: endpoints{
@@ -3828,17 +6223,26 @@ var awscnPartition = partition{
},
"application-autoscaling": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com.cn",
Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "application-autoscaling",
- },
},
Endpoints: endpoints{
"cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
},
},
+ "appsync": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ },
+ },
+ "athena": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"autoscaling": service{
Defaults: endpoint{
Protocols: []string{"http", "https"},
@@ -3848,6 +6252,29 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "autoscaling-plans": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "backup": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "batch": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"cloudformation": service{
Endpoints: endpoints{
@@ -3883,6 +6310,13 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "codecommit": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"codedeploy": service{
Endpoints: endpoints{
@@ -3903,6 +6337,12 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "dax": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{},
+ },
+ },
"directconnect": service{
Endpoints: endpoints{
@@ -3960,6 +6400,15 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "eks": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"elasticache": service{
Endpoints: endpoints{
@@ -3974,6 +6423,25 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "elasticfilesystem": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ "fips-cn-north-1": endpoint{
+ Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ "fips-cn-northwest-1": endpoint{
+ Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
"elasticloadbalancing": service{
Defaults: endpoint{
Protocols: []string{"https"},
@@ -4028,6 +6496,13 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "glue": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"greengrass": service{
IsRegionalized: boxedTrue,
Defaults: endpoint{
@@ -4037,6 +6512,13 @@ var awscnPartition = partition{
"cn-north-1": endpoint{},
},
},
+ "health": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"iam": service{
PartitionEndpoint: "aws-cn-global",
IsRegionalized: boxedFalse,
@@ -4061,6 +6543,20 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "iotsecuredtunneling": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "kafka": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"kinesis": service{
Endpoints: endpoints{
@@ -4068,6 +6564,13 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "kinesisanalytics": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"kms": service{
Endpoints: endpoints{
@@ -4116,6 +6619,17 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "neptune": service{
+
+ Endpoints: endpoints{
+ "cn-northwest-1": endpoint{
+ Hostname: "rds.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
"polly": service{
Endpoints: endpoints{
@@ -4136,10 +6650,33 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
+ "route53": service{
+ PartitionEndpoint: "aws-cn-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "route53.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
+ },
+ },
+ "runtime.sagemaker": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
"s3": service{
Defaults: endpoint{
Protocols: []string{"http", "https"},
SignatureVersions: []string{"s3v4"},
+
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
},
Endpoints: endpoints{
"cn-north-1": endpoint{},
@@ -4150,6 +6687,9 @@ var awscnPartition = partition{
Defaults: endpoint{
Protocols: []string{"https"},
SignatureVersions: []string{"s3v4"},
+
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
},
Endpoints: endpoints{
"cn-north-1": endpoint{
@@ -4168,6 +6708,26 @@ var awscnPartition = partition{
},
},
},
+ "secretsmanager": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "serverlessrepo": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ "cn-northwest-1": endpoint{
+ Protocols: []string{"https"},
+ },
+ },
+ },
"sms": service{
Endpoints: endpoints{
@@ -4179,6 +6739,12 @@ var awscnPartition = partition{
Endpoints: endpoints{
"cn-north-1": endpoint{},
+ "fips-cn-north-1": endpoint{
+ Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
},
},
"sns": service{
@@ -4217,7 +6783,8 @@ var awscnPartition = partition{
"storagegateway": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
},
},
"streams.dynamodb": service{
@@ -4232,33 +6799,65 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
- "sts": service{
+ "sts": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "support": service{
+ PartitionEndpoint: "aws-cn-global",
+
+ Endpoints: endpoints{
+ "aws-cn-global": endpoint{
+ Hostname: "support.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ },
+ },
+ "swf": service{
+
+ Endpoints: endpoints{
+ "cn-north-1": endpoint{},
+ "cn-northwest-1": endpoint{},
+ },
+ },
+ "tagging": service{
Endpoints: endpoints{
"cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
},
},
- "support": service{
- PartitionEndpoint: "aws-cn-global",
-
+ "transcribe": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
Endpoints: endpoints{
- "aws-cn-global": endpoint{
- Hostname: "support.cn-north-1.amazonaws.com",
+ "cn-north-1": endpoint{
+ Hostname: "cn.transcribe.cn-north-1.amazonaws.com.cn",
CredentialScope: credentialScope{
Region: "cn-north-1",
},
},
+ "cn-northwest-1": endpoint{
+ Hostname: "cn.transcribe.cn-northwest-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-northwest-1",
+ },
+ },
},
},
- "swf": service{
+ "workspaces": service{
Endpoints: endpoints{
- "cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
},
},
- "tagging": service{
+ "xray": service{
Endpoints: endpoints{
"cn-north-1": endpoint{},
@@ -4293,10 +6892,17 @@ var awsusgovPartition = partition{
Description: "AWS GovCloud (US-East)",
},
"us-gov-west-1": region{
- Description: "AWS GovCloud (US)",
+ Description: "AWS GovCloud (US-West)",
},
},
Services: services{
+ "access-analyzer": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
"acm": service{
Endpoints: endpoints{
@@ -4309,6 +6915,18 @@ var awsusgovPartition = partition{
Protocols: []string{"https"},
},
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "acm-pca.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "acm-pca.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4316,6 +6934,18 @@ var awsusgovPartition = partition{
"api.ecr": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "ecr-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "ecr-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{
Hostname: "api.ecr.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
@@ -4334,6 +6964,18 @@ var awsusgovPartition = partition{
Endpoints: endpoints{
"us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1-fips-secondary": endpoint{
+ Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"apigateway": service{
@@ -4345,7 +6987,8 @@ var awsusgovPartition = partition{
},
"application-autoscaling": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com",
+ Hostname: "autoscaling.{region}.amazonaws.com",
+ Protocols: []string{"http", "https"},
CredentialScope: credentialScope{
Service: "application-autoscaling",
},
@@ -4355,9 +6998,38 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{},
},
},
+ "appstream2": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ CredentialScope: credentialScope{
+ Service: "appstream",
+ },
+ },
+ Endpoints: endpoints{
+ "fips": endpoint{
+ Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
"athena": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "athena-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "athena-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4365,12 +7037,42 @@ var awsusgovPartition = partition{
"autoscaling": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Protocols: []string{"http", "https"},
+ },
"us-gov-west-1": endpoint{
Protocols: []string{"http", "https"},
},
},
},
+ "autoscaling-plans": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
+ },
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "batch": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "batch.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "batch.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
"clouddirectory": service{
Endpoints: endpoints{
@@ -4380,8 +7082,18 @@ var awsusgovPartition = partition{
"cloudformation": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "cloudformation.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "cloudformation.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"cloudhsm": service{
@@ -4404,20 +7116,48 @@ var awsusgovPartition = partition{
"cloudtrail": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "cloudtrail.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "cloudtrail.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"codebuild": service{
Endpoints: endpoints{
"us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
"us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"codecommit": service{
Endpoints: endpoints{
+ "fips": endpoint{
+ Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4441,10 +7181,52 @@ var awsusgovPartition = partition{
},
},
},
+ "codepipeline": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "cognito-identity": service{
+
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "cognito-idp": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
"comprehend": service{
Defaults: endpoint{
Protocols: []string{"https"},
},
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "comprehendmedical": service{
+
Endpoints: endpoints{
"us-gov-west-1": endpoint{},
},
@@ -4459,25 +7241,48 @@ var awsusgovPartition = partition{
"datasync": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "datasync-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
"fips-us-gov-west-1": endpoint{
Hostname: "datasync-fips.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-gov-west-1",
},
},
+ "us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
"directconnect": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "directconnect.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "directconnect.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"dms": service{
Endpoints: endpoints{
+ "dms-fips": endpoint{
+ Hostname: "dms.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4485,6 +7290,18 @@ var awsusgovPartition = partition{
"ds": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "ds-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "ds-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4511,23 +7328,54 @@ var awsusgovPartition = partition{
"ec2": service{
Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "ec2.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "ec2.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "ec2metadata": service{
+ PartitionEndpoint: "aws-global",
+ IsRegionalized: boxedFalse,
+
+ Endpoints: endpoints{
+ "aws-global": endpoint{
+ Hostname: "169.254.169.254/latest",
+ Protocols: []string{"http"},
+ },
+ },
+ },
+ "ecs": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "ecs-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "ecs-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
- "ec2metadata": service{
- PartitionEndpoint: "aws-global",
- IsRegionalized: boxedFalse,
-
- Endpoints: endpoints{
- "aws-global": endpoint{
- Hostname: "169.254.169.254/latest",
- Protocols: []string{"http"},
- },
+ "eks": service{
+ Defaults: endpoint{
+ Protocols: []string{"http", "https"},
},
- },
- "ecs": service{
-
Endpoints: endpoints{
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
@@ -4549,19 +7397,54 @@ var awsusgovPartition = partition{
"elasticbeanstalk": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"elasticfilesystem": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
"elasticloadbalancing": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "elasticloadbalancing-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{
Protocols: []string{"http", "https"},
@@ -4571,12 +7454,36 @@ var awsusgovPartition = partition{
"elasticmapreduce": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "elasticmapreduce.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{
Protocols: []string{"https"},
},
},
},
+ "email": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "email-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{},
+ },
+ },
"es": service{
Endpoints: endpoints{
@@ -4593,13 +7500,35 @@ var awsusgovPartition = partition{
"events": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "events.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "events.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"firehose": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "firehose-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "firehose-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4607,15 +7536,36 @@ var awsusgovPartition = partition{
"glacier": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "glacier.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
"us-gov-west-1": endpoint{
+ Hostname: "glacier.us-gov-west-1.amazonaws.com",
Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
},
},
},
"glue": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "glue-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "glue-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4626,7 +7576,12 @@ var awsusgovPartition = partition{
Protocols: []string{"https"},
},
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-gov-west-1": endpoint{
+ Hostname: "greengrass.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"guardduty": service{
@@ -4636,6 +7591,12 @@ var awsusgovPartition = partition{
},
Endpoints: endpoints{
"us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "guardduty.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"health": service{
@@ -4655,11 +7616,29 @@ var awsusgovPartition = partition{
Region: "us-gov-west-1",
},
},
+ "iam-govcloud-fips": endpoint{
+ Hostname: "iam.us-gov.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"inspector": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "inspector-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "inspector-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4674,9 +7653,34 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{},
},
},
+ "iotsecuredtunneling": service{
+
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "kafka": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
"kinesis": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "kinesis-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "kinesis-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4697,6 +7701,18 @@ var awsusgovPartition = partition{
"lambda": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "lambda-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "lambda-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4704,6 +7720,18 @@ var awsusgovPartition = partition{
"license-manager": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4718,7 +7746,12 @@ var awsusgovPartition = partition{
"mediaconvert": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "us-gov-west-1": endpoint{
+ Hostname: "mediaconvert.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"metering.marketplace": service{
@@ -4735,6 +7768,18 @@ var awsusgovPartition = partition{
"monitoring": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "monitoring.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "monitoring.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4767,11 +7812,50 @@ var awsusgovPartition = partition{
Region: "us-gov-west-1",
},
},
+ "fips-aws-us-gov-global": endpoint{
+ Hostname: "organizations.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "outposts": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "outposts.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "outposts.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "pinpoint": service{
+ Defaults: endpoint{
+ CredentialScope: credentialScope{
+ Service: "mobiletargeting",
+ },
+ },
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{},
},
},
"polly": service{
Endpoints: endpoints{
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "polly-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-west-1": endpoint{},
},
},
@@ -4785,6 +7869,18 @@ var awsusgovPartition = partition{
"rds": service{
Endpoints: endpoints{
+ "rds.us-gov-east-1": endpoint{
+ Hostname: "rds.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "rds.us-gov-west-1": endpoint{
+ Hostname: "rds.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4792,16 +7888,45 @@ var awsusgovPartition = partition{
"redshift": service{
Endpoints: endpoints{
+ "us-gov-east-1": endpoint{
+ Hostname: "redshift.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "redshift.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "rekognition": service{
+
+ Endpoints: endpoints{
+ "us-gov-west-1": endpoint{},
+ },
+ },
+ "resource-groups": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "resource-groups.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "resource-groups.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
- "rekognition": service{
-
- Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
- },
- },
"route53": service{
PartitionEndpoint: "aws-us-gov-global",
IsRegionalized: boxedFalse,
@@ -4815,6 +7940,13 @@ var awsusgovPartition = partition{
},
},
},
+ "route53resolver": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
"runtime.sagemaker": service{
Endpoints: endpoints{
@@ -4824,6 +7956,9 @@ var awsusgovPartition = partition{
"s3": service{
Defaults: endpoint{
SignatureVersions: []string{"s3", "s3v4"},
+
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
},
Endpoints: endpoints{
"fips-us-gov-west-1": endpoint{
@@ -4846,6 +7981,9 @@ var awsusgovPartition = partition{
Defaults: endpoint{
Protocols: []string{"https"},
SignatureVersions: []string{"s3v4"},
+
+ HasDualStack: boxedTrue,
+ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}",
},
Endpoints: endpoints{
"us-gov-east-1": endpoint{
@@ -4881,6 +8019,13 @@ var awsusgovPartition = partition{
"secretsmanager": service{
Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
"us-gov-west-1": endpoint{},
"us-gov-west-1-fips": endpoint{
Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
@@ -4890,22 +8035,56 @@ var awsusgovPartition = partition{
},
},
},
+ "securityhub": service{
+
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
"serverlessrepo": service{
Defaults: endpoint{
Protocols: []string{"https"},
},
Endpoints: endpoints{
"us-gov-east-1": endpoint{
+ Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com",
Protocols: []string{"https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
},
"us-gov-west-1": endpoint{
+ Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com",
Protocols: []string{"https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
},
},
},
"servicecatalog": service{
Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
"us-gov-west-1": endpoint{},
"us-gov-west-1-fips": endpoint{
Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com",
@@ -4918,6 +8097,18 @@ var awsusgovPartition = partition{
"sms": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "sms-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "sms-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4925,6 +8116,18 @@ var awsusgovPartition = partition{
"snowball": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "snowball-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "snowball-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4932,25 +8135,67 @@ var awsusgovPartition = partition{
"sns": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "sns.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
"us-gov-west-1": endpoint{
+ Hostname: "sns.us-gov-west-1.amazonaws.com",
Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
},
},
},
"sqs": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "sqs.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
"us-gov-west-1": endpoint{
+ Hostname: "sqs.us-gov-west-1.amazonaws.com",
SSLCommonName: "{region}.queue.{dnsSuffix}",
Protocols: []string{"http", "https"},
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
},
},
},
"ssm": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "ssm.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "ssm.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "ssm-facade-fips-us-gov-east-1": endpoint{
+ Hostname: "ssm-facade.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "ssm-facade-fips-us-gov-west-1": endpoint{
+ Hostname: "ssm-facade.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4958,6 +8203,18 @@ var awsusgovPartition = partition{
"states": service{
Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "states-fips.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "states.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
@@ -4965,6 +8222,13 @@ var awsusgovPartition = partition{
"storagegateway": service{
Endpoints: endpoints{
+ "fips": endpoint{
+ Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
@@ -4995,14 +8259,54 @@ var awsusgovPartition = partition{
Endpoints: endpoints{
"us-gov-east-1": endpoint{},
+ "us-gov-east-1-fips": endpoint{
+ Hostname: "sts.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
"us-gov-west-1": endpoint{},
+ "us-gov-west-1-fips": endpoint{
+ Hostname: "sts.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ },
+ },
+ "support": service{
+ PartitionEndpoint: "aws-us-gov-global",
+
+ Endpoints: endpoints{
+ "aws-us-gov-global": endpoint{
+ Hostname: "support.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "support.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"swf": service{
Endpoints: endpoints{
- "us-gov-east-1": endpoint{},
- "us-gov-west-1": endpoint{},
+ "us-gov-east-1": endpoint{
+ Hostname: "swf.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "swf.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"tagging": service{
@@ -5012,6 +8316,27 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{},
},
},
+ "transcribe": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "fips-us-gov-east-1": endpoint{
+ Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ },
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
"translate": service{
Defaults: endpoint{
Protocols: []string{"https"},
@@ -5029,7 +8354,18 @@ var awsusgovPartition = partition{
"waf-regional": service{
Endpoints: endpoints{
- "us-gov-west-1": endpoint{},
+ "fips-us-gov-west-1": endpoint{
+ Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ "us-gov-west-1": endpoint{
+ Hostname: "waf-regional.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
},
},
"workspaces": service{
@@ -5038,6 +8374,13 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{},
},
},
+ "xray": service{
+
+ Endpoints: endpoints{
+ "us-gov-east-1": endpoint{},
+ "us-gov-west-1": endpoint{},
+ },
+ },
},
}
@@ -5078,13 +8421,21 @@ var awsisoPartition = partition{
},
},
},
+ "api.sagemaker": service{
+
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
+ },
+ },
+ "apigateway": service{
+
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
+ },
+ },
"application-autoscaling": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "application-autoscaling",
- },
},
Endpoints: endpoints{
"us-iso-east-1": endpoint{},
@@ -5116,6 +8467,14 @@ var awsisoPartition = partition{
"us-iso-east-1": endpoint{},
},
},
+ "comprehend": service{
+ Defaults: endpoint{
+ Protocols: []string{"https"},
+ },
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
+ },
+ },
"config": service{
Endpoints: endpoints{
@@ -5137,6 +8496,12 @@ var awsisoPartition = partition{
"dms": service{
Endpoints: endpoints{
+ "dms-fips": endpoint{
+ Hostname: "dms.us-iso-east-1.c2s.ic.gov",
+ CredentialScope: credentialScope{
+ Region: "us-iso-east-1",
+ },
+ },
"us-iso-east-1": endpoint{},
},
},
@@ -5199,6 +8564,12 @@ var awsisoPartition = partition{
},
},
},
+ "es": service{
+
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
+ },
+ },
"events": service{
Endpoints: endpoints{
@@ -5293,6 +8664,12 @@ var awsisoPartition = partition{
},
},
},
+ "runtime.sagemaker": service{
+
+ Endpoints: endpoints{
+ "us-iso-east-1": endpoint{},
+ },
+ },
"s3": service{
Defaults: endpoint{
SignatureVersions: []string{"s3v4"},
@@ -5406,11 +8783,7 @@ var awsisobPartition = partition{
Services: services{
"application-autoscaling": service{
Defaults: endpoint{
- Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"},
- CredentialScope: credentialScope{
- Service: "application-autoscaling",
- },
},
Endpoints: endpoints{
"us-isob-east-1": endpoint{},
@@ -5451,6 +8824,12 @@ var awsisobPartition = partition{
"dms": service{
Endpoints: endpoints{
+ "dms-fips": endpoint{
+ Hostname: "dms.us-isob-east-1.sc2s.sgov.gov",
+ CredentialScope: credentialScope{
+ Region: "us-isob-east-1",
+ },
+ },
"us-isob-east-1": endpoint{},
},
},
@@ -5550,6 +8929,12 @@ var awsisobPartition = partition{
"us-isob-east-1": endpoint{},
},
},
+ "license-manager": service{
+
+ Endpoints: endpoints{
+ "us-isob-east-1": endpoint{},
+ },
+ },
"logs": service{
Endpoints: endpoints{
@@ -5606,6 +8991,12 @@ var awsisobPartition = partition{
"us-isob-east-1": endpoint{},
},
},
+ "ssm": service{
+
+ Endpoints: endpoints{
+ "us-isob-east-1": endpoint{},
+ },
+ },
"states": service{
Endpoints: endpoints{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
index 9c936be6c..ca956e5f1 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
@@ -3,6 +3,7 @@ package endpoints
import (
"fmt"
"regexp"
+ "strings"
"github.com/aws/aws-sdk-go/aws/awserr"
)
@@ -46,6 +47,108 @@ type Options struct {
//
// This option is ignored if StrictMatching is enabled.
ResolveUnknownService bool
+
+ // STS Regional Endpoint flag helps with resolving the STS endpoint
+ STSRegionalEndpoint STSRegionalEndpoint
+
+ // S3 Regional Endpoint flag helps with resolving the S3 endpoint
+ S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint
+}
+
+// STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint
+// options.
+type STSRegionalEndpoint int
+
+func (e STSRegionalEndpoint) String() string {
+ switch e {
+ case LegacySTSEndpoint:
+ return "legacy"
+ case RegionalSTSEndpoint:
+ return "regional"
+ case UnsetSTSEndpoint:
+ return ""
+ default:
+ return "unknown"
+ }
+}
+
+const (
+
+ // UnsetSTSEndpoint represents that STS Regional Endpoint flag is not specified.
+ UnsetSTSEndpoint STSRegionalEndpoint = iota
+
+ // LegacySTSEndpoint represents when STS Regional Endpoint flag is specified
+ // to use legacy endpoints.
+ LegacySTSEndpoint
+
+ // RegionalSTSEndpoint represents when STS Regional Endpoint flag is specified
+ // to use regional endpoints.
+ RegionalSTSEndpoint
+)
+
+// GetSTSRegionalEndpoint function returns the STSRegionalEndpointFlag based
+// on the input string provided in env config or shared config by the user.
+//
+// `legacy`, `regional` are the only case-insensitive valid strings for
+// resolving the STS regional Endpoint flag.
+func GetSTSRegionalEndpoint(s string) (STSRegionalEndpoint, error) {
+ switch {
+ case strings.EqualFold(s, "legacy"):
+ return LegacySTSEndpoint, nil
+ case strings.EqualFold(s, "regional"):
+ return RegionalSTSEndpoint, nil
+ default:
+ return UnsetSTSEndpoint, fmt.Errorf("unable to resolve the value of STSRegionalEndpoint for %v", s)
+ }
+}
+
+// S3UsEast1RegionalEndpoint is an enum for the states of the S3 us-east-1
+// Regional Endpoint options.
+type S3UsEast1RegionalEndpoint int
+
+func (e S3UsEast1RegionalEndpoint) String() string {
+ switch e {
+ case LegacyS3UsEast1Endpoint:
+ return "legacy"
+ case RegionalS3UsEast1Endpoint:
+ return "regional"
+ case UnsetS3UsEast1Endpoint:
+ return ""
+ default:
+ return "unknown"
+ }
+}
+
+const (
+
+ // UnsetS3UsEast1Endpoint represents that S3 Regional Endpoint flag is not
+ // specified.
+ UnsetS3UsEast1Endpoint S3UsEast1RegionalEndpoint = iota
+
+ // LegacyS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
+ // specified to use legacy endpoints.
+ LegacyS3UsEast1Endpoint
+
+ // RegionalS3UsEast1Endpoint represents when S3 Regional Endpoint flag is
+ // specified to use regional endpoints.
+ RegionalS3UsEast1Endpoint
+)
+
+// GetS3UsEast1RegionalEndpoint function returns the S3UsEast1RegionalEndpointFlag based
+// on the input string provided in env config or shared config by the user.
+//
+// `legacy`, `regional` are the only case-insensitive valid strings for
+// resolving the S3 regional Endpoint flag.
+func GetS3UsEast1RegionalEndpoint(s string) (S3UsEast1RegionalEndpoint, error) {
+ switch {
+ case strings.EqualFold(s, "legacy"):
+ return LegacyS3UsEast1Endpoint, nil
+ case strings.EqualFold(s, "regional"):
+ return RegionalS3UsEast1Endpoint, nil
+ default:
+ return UnsetS3UsEast1Endpoint,
+ fmt.Errorf("unable to resolve the value of S3UsEast1RegionalEndpoint for %v", s)
+ }
}
// Set combines all of the option functions together.
@@ -79,6 +182,12 @@ func ResolveUnknownServiceOption(o *Options) {
o.ResolveUnknownService = true
}
+// STSRegionalEndpointOption enables the STS endpoint resolver behavior to resolve
+// STS endpoint to their regional endpoint, instead of the global endpoint.
+func STSRegionalEndpointOption(o *Options) {
+ o.STSRegionalEndpoint = RegionalSTSEndpoint
+}
+
// A Resolver provides the interface for functionality to resolve endpoints.
// The build in Partition and DefaultResolver return value satisfy this interface.
type Resolver interface {
@@ -194,7 +303,7 @@ func (p Partition) ID() string { return p.id }
// require the provided service and region to be known by the partition.
// If the endpoint cannot be strictly resolved an error will be returned. This
// mode is useful to ensure the endpoint resolved is valid. Without
-// StrictMatching enabled the endpoint returned my look valid but may not work.
+// StrictMatching enabled the endpoint returned may look valid but may not work.
// StrictMatching requires the SDK to be updated if you want to take advantage
// of new regions and services expansions.
//
@@ -208,7 +317,7 @@ func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (
// Regions returns a map of Regions indexed by their ID. This is useful for
// enumerating over the regions in a partition.
func (p Partition) Regions() map[string]Region {
- rs := map[string]Region{}
+ rs := make(map[string]Region, len(p.p.Regions))
for id, r := range p.p.Regions {
rs[id] = Region{
id: id,
@@ -223,7 +332,7 @@ func (p Partition) Regions() map[string]Region {
// Services returns a map of Service indexed by their ID. This is useful for
// enumerating over the services in a partition.
func (p Partition) Services() map[string]Service {
- ss := map[string]Service{}
+ ss := make(map[string]Service, len(p.p.Services))
for id := range p.p.Services {
ss[id] = Service{
id: id,
@@ -310,7 +419,7 @@ func (s Service) Regions() map[string]Region {
// A region is the AWS region the service exists in. Whereas a Endpoint is
// an URL that can be resolved to a instance of a service.
func (s Service) Endpoints() map[string]Endpoint {
- es := map[string]Endpoint{}
+ es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints))
for id := range s.p.Services[s.id].Endpoints {
es[id] = Endpoint{
id: id,
@@ -350,6 +459,9 @@ type ResolvedEndpoint struct {
// The endpoint URL
URL string
+ // The endpoint partition
+ PartitionID string
+
// The region that should be used for signing requests.
SigningRegion string
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
new file mode 100644
index 000000000..df75e899a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/legacy_regions.go
@@ -0,0 +1,24 @@
+package endpoints
+
+var legacyGlobalRegions = map[string]map[string]struct{}{
+ "sts": {
+ "ap-northeast-1": {},
+ "ap-south-1": {},
+ "ap-southeast-1": {},
+ "ap-southeast-2": {},
+ "ca-central-1": {},
+ "eu-central-1": {},
+ "eu-north-1": {},
+ "eu-west-1": {},
+ "eu-west-2": {},
+ "eu-west-3": {},
+ "sa-east-1": {},
+ "us-east-1": {},
+ "us-east-2": {},
+ "us-west-1": {},
+ "us-west-2": {},
+ },
+ "s3": {
+ "us-east-1": {},
+ },
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
index 523ad79ac..eb2ac83c9 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
@@ -75,24 +75,56 @@ func (p partition) canResolveEndpoint(service, region string, strictMatch bool)
return p.RegionRegex.MatchString(region)
}
+func allowLegacyEmptyRegion(service string) bool {
+ legacy := map[string]struct{}{
+ "budgets": {},
+ "ce": {},
+ "chime": {},
+ "cloudfront": {},
+ "ec2metadata": {},
+ "iam": {},
+ "importexport": {},
+ "organizations": {},
+ "route53": {},
+ "sts": {},
+ "support": {},
+ "waf": {},
+ }
+
+ _, allowed := legacy[service]
+ return allowed
+}
+
func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (resolved ResolvedEndpoint, err error) {
var opt Options
opt.Set(opts...)
s, hasService := p.Services[service]
- if !(hasService || opt.ResolveUnknownService) {
+ if len(service) == 0 || !(hasService || opt.ResolveUnknownService) {
// Only return error if the resolver will not fallback to creating
// endpoint based on service endpoint ID passed in.
return resolved, NewUnknownServiceError(p.ID, service, serviceList(p.Services))
}
+ if len(region) == 0 && allowLegacyEmptyRegion(service) && len(s.PartitionEndpoint) != 0 {
+ region = s.PartitionEndpoint
+ }
+
+ if (service == "sts" && opt.STSRegionalEndpoint != RegionalSTSEndpoint) ||
+ (service == "s3" && opt.S3UsEast1RegionalEndpoint != RegionalS3UsEast1Endpoint) {
+ if _, ok := legacyGlobalRegions[service][region]; ok {
+ region = "aws-global"
+ }
+ }
+
e, hasEndpoint := s.endpointForRegion(region)
- if !hasEndpoint && opt.StrictMatching {
+ if len(region) == 0 || (!hasEndpoint && opt.StrictMatching) {
return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(s.Endpoints))
}
defs := []endpoint{p.Defaults, s.Defaults}
- return e.resolve(service, region, p.DNSSuffix, defs, opt), nil
+
+ return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt), nil
}
func serviceList(ss services) []string {
@@ -201,7 +233,7 @@ func getByPriority(s []string, p []string, def string) string {
return s[0]
}
-func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, opts Options) ResolvedEndpoint {
+func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs []endpoint, opts Options) ResolvedEndpoint {
var merged endpoint
for _, def := range defs {
merged.mergeIn(def)
@@ -209,11 +241,23 @@ func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, op
merged.mergeIn(e)
e = merged
- hostname := e.Hostname
+ signingRegion := e.CredentialScope.Region
+ if len(signingRegion) == 0 {
+ signingRegion = region
+ }
+ signingName := e.CredentialScope.Service
+ var signingNameDerived bool
+ if len(signingName) == 0 {
+ signingName = service
+ signingNameDerived = true
+ }
+
+ hostname := e.Hostname
// Offset the hostname for dualstack if enabled
if opts.UseDualStack && e.HasDualStack == boxedTrue {
hostname = e.DualStackHostname
+ region = signingRegion
}
u := strings.Replace(hostname, "{service}", service, 1)
@@ -223,20 +267,9 @@ func (e endpoint) resolve(service, region, dnsSuffix string, defs []endpoint, op
scheme := getEndpointScheme(e.Protocols, opts.DisableSSL)
u = fmt.Sprintf("%s://%s", scheme, u)
- signingRegion := e.CredentialScope.Region
- if len(signingRegion) == 0 {
- signingRegion = region
- }
-
- signingName := e.CredentialScope.Service
- var signingNameDerived bool
- if len(signingName) == 0 {
- signingName = service
- signingNameDerived = true
- }
-
return ResolvedEndpoint{
URL: u,
+ PartitionID: partitionID,
SigningRegion: signingRegion,
SigningName: signingName,
SigningNameDerived: signingNameDerived,
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
index 185b07318..e819ab6c0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
@@ -10,6 +10,7 @@ import (
type Handlers struct {
Validate HandlerList
Build HandlerList
+ BuildStream HandlerList
Sign HandlerList
Send HandlerList
ValidateResponse HandlerList
@@ -28,6 +29,7 @@ func (h *Handlers) Copy() Handlers {
return Handlers{
Validate: h.Validate.copy(),
Build: h.Build.copy(),
+ BuildStream: h.BuildStream.copy(),
Sign: h.Sign.copy(),
Send: h.Send.copy(),
ValidateResponse: h.ValidateResponse.copy(),
@@ -46,6 +48,7 @@ func (h *Handlers) Copy() Handlers {
func (h *Handlers) Clear() {
h.Validate.Clear()
h.Build.Clear()
+ h.BuildStream.Clear()
h.Send.Clear()
h.Sign.Clear()
h.Unmarshal.Clear()
@@ -67,6 +70,9 @@ func (h *Handlers) IsEmpty() bool {
if h.Build.Len() != 0 {
return false
}
+ if h.BuildStream.Len() != 0 {
+ return false
+ }
if h.Send.Len() != 0 {
return false
}
@@ -320,3 +326,18 @@ func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) {
AddToUserAgent(r, s)
}
}
+
+// WithSetRequestHeaders updates the operation request's HTTP header to contain
+// the header key value pairs provided. If the header key already exists in the
+// request's HTTP header set, the existing value(s) will be replaced.
+func WithSetRequestHeaders(h map[string]string) Option {
+ return withRequestHeader(h).SetRequestHeaders
+}
+
+type withRequestHeader map[string]string
+
+func (h withRequestHeader) SetRequestHeaders(r *Request) {
+ for k, v := range h {
+ r.HTTPRequest.Header[k] = []string{v}
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
index 8e332cce6..d597c6ead 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
@@ -36,6 +36,10 @@ const (
// API request that was canceled. Requests given a aws.Context may
// return this error when canceled.
CanceledErrorCode = "RequestCanceled"
+
+ // ErrCodeRequestError is an error preventing the SDK from continuing to
+ // process the request.
+ ErrCodeRequestError = "RequestError"
)
// A Request is the service request to be made.
@@ -51,6 +55,7 @@ type Request struct {
HTTPRequest *http.Request
HTTPResponse *http.Response
Body io.ReadSeeker
+ streamingBody io.ReadCloser
BodyStart int64 // offset from beginning of Body that the request body starts
Params interface{}
Error error
@@ -99,8 +104,12 @@ type Operation struct {
BeforePresignFn func(r *Request) error
}
-// New returns a new Request pointer for the service API
-// operation and parameters.
+// New returns a new Request pointer for the service API operation and
+// parameters.
+//
+// A Retryer should be provided to direct how the request is retried. If
+// Retryer is nil, a default no retry value will be used. You can use
+// NoOpRetryer in the Client package to disable retry behavior directly.
//
// Params is any value of input parameters to be the request payload.
// Data is pointer value to an object which the request's response
@@ -108,6 +117,10 @@ type Operation struct {
func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
retryer Retryer, operation *Operation, params interface{}, data interface{}) *Request {
+ if retryer == nil {
+ retryer = noOpRetryer{}
+ }
+
method := operation.HTTPMethod
if method == "" {
method = "POST"
@@ -122,8 +135,6 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err)
}
- SanitizeHostForHeader(httpReq)
-
r := &Request{
Config: cfg,
ClientInfo: clientInfo,
@@ -287,6 +298,13 @@ func (r *Request) SetReaderBody(reader io.ReadSeeker) {
r.ResetBody()
}
+// SetStreamingBody set the reader to be used for the request that will stream
+// bytes to the server. Request's Body must not be set to any reader.
+func (r *Request) SetStreamingBody(reader io.ReadCloser) {
+ r.streamingBody = reader
+ r.SetReaderBody(aws.ReadSeekCloser(reader))
+}
+
// Presign returns the request's signed URL. Error will be returned
// if the signing fails. The expire parameter is only used for presigned Amazon
// S3 API requests. All other AWS services will use a fixed expiration
@@ -406,11 +424,17 @@ func (r *Request) Sign() error {
return r.Error
}
+ SanitizeHostForHeader(r.HTTPRequest)
+
r.Handlers.Sign.Run(r)
return r.Error
}
func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) {
+ if r.streamingBody != nil {
+ return r.streamingBody, nil
+ }
+
if r.safeBody != nil {
r.safeBody.Close()
}
@@ -615,6 +639,10 @@ func getHost(r *http.Request) string {
return r.Host
}
+ if r.URL == nil {
+ return ""
+ }
+
return r.URL.Host
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
index f093fc542..64784e16f 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
@@ -17,11 +17,13 @@ import (
// does the pagination between API operations, and Paginator defines the
// configuration that will be used per page request.
//
-// cont := true
-// for p.Next() && cont {
+// for p.Next() {
// data := p.Page().(*s3.ListObjectsOutput)
// // process the page's data
+// // ...
+// // break out of loop to stop fetching additional pages
// }
+//
// return p.Err()
//
// See service client API operation Pages methods for examples how the SDK will
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
index e84084da5..752ae47f8 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go
@@ -35,16 +35,47 @@ type Retryer interface {
}
// WithRetryer sets a Retryer value to the given Config returning the Config
-// value for chaining.
+// value for chaining. The value must not be nil.
func WithRetryer(cfg *aws.Config, retryer Retryer) *aws.Config {
+ if retryer == nil {
+ if cfg.Logger != nil {
+ cfg.Logger.Log("ERROR: Request.WithRetryer called with nil retryer. Replacing with retry disabled Retryer.")
+ }
+ retryer = noOpRetryer{}
+ }
cfg.Retryer = retryer
return cfg
+
+}
+
+// noOpRetryer is a internal no op retryer used when a request is created
+// without a retryer.
+//
+// Provides a retryer that performs no retries.
+// It should be used when we do not want retries to be performed.
+type noOpRetryer struct{}
+
+// MaxRetries returns the number of maximum returns the service will use to make
+// an individual API; For NoOpRetryer the MaxRetries will always be zero.
+func (d noOpRetryer) MaxRetries() int {
+ return 0
+}
+
+// ShouldRetry will always return false for NoOpRetryer, as it should never retry.
+func (d noOpRetryer) ShouldRetry(_ *Request) bool {
+ return false
+}
+
+// RetryRules returns the delay duration before retrying this request again;
+// since NoOpRetryer does not retry, RetryRules always returns 0.
+func (d noOpRetryer) RetryRules(_ *Request) time.Duration {
+ return 0
}
// retryableCodes is a collection of service response codes which are retry-able
// without any further action.
var retryableCodes = map[string]struct{}{
- "RequestError": {},
+ ErrCodeRequestError: {},
"RequestTimeout": {},
ErrCodeResponseTimeout: {},
"RequestTimeoutException": {}, // Glacier's flavor of RequestTimeout
@@ -52,6 +83,7 @@ var retryableCodes = map[string]struct{}{
var throttleCodes = map[string]struct{}{
"ProvisionedThroughputExceededException": {},
+ "ThrottledException": {}, // SNS, XRay, ResourceGroupsTagging API
"Throttling": {},
"ThrottlingException": {},
"RequestLimitExceeded": {},
@@ -60,6 +92,7 @@ var throttleCodes = map[string]struct{}{
"TooManyRequestsException": {}, // Lambda functions
"PriorRequestNotComplete": {}, // Route53
"TransactionInProgressException": {},
+ "EC2ThrottledException": {}, // EC2
}
// credsExpiredCodes is a collection of error codes which signify the credentials
@@ -145,8 +178,8 @@ func shouldRetryError(origErr error) bool {
origErr := err.OrigErr()
var shouldRetry bool
if origErr != nil {
- shouldRetry := shouldRetryError(origErr)
- if err.Code() == "RequestError" && !shouldRetry {
+ shouldRetry = shouldRetryError(origErr)
+ if err.Code() == ErrCodeRequestError && !shouldRetry {
return false
}
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
index 7713ccfca..fe6dac1f4 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
@@ -3,6 +3,7 @@ package session
import (
"fmt"
"os"
+ "time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
@@ -47,10 +48,10 @@ func resolveCredentials(cfg *aws.Config,
}
// WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but
-// 'AWS_IAM_ROLE_ARN' was not set.
+// 'AWS_ROLE_ARN' was not set.
var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil)
-// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_IAM_ROLE_ARN' was set but
+// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_ROLE_ARN' was set but
// 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set.
var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil)
@@ -206,7 +207,14 @@ func credsFromAssumeRole(cfg aws.Config,
sharedCfg.RoleARN,
func(opt *stscreds.AssumeRoleProvider) {
opt.RoleSessionName = sharedCfg.RoleSessionName
- opt.Duration = sessOpts.AssumeRoleDuration
+
+ if sessOpts.AssumeRoleDuration == 0 &&
+ sharedCfg.AssumeRoleDuration != nil &&
+ *sharedCfg.AssumeRoleDuration/time.Minute > 15 {
+ opt.Duration = *sharedCfg.AssumeRoleDuration
+ } else if sessOpts.AssumeRoleDuration != 0 {
+ opt.Duration = sessOpts.AssumeRoleDuration
+ }
// Assume role with external ID
if len(sharedCfg.ExternalID) > 0 {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
index 60a6f9ce2..c1e0e9c95 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
@@ -1,12 +1,15 @@
package session
import (
+ "fmt"
"os"
"strconv"
+ "strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/defaults"
+ "github.com/aws/aws-sdk-go/aws/endpoints"
)
// EnvProviderName provides a name of the provider when config is loaded from environment.
@@ -125,6 +128,26 @@ type envConfig struct {
//
// AWS_ROLE_SESSION_NAME=session_name
RoleSessionName string
+
+ // Specifies the STS Regional Endpoint flag for the SDK to resolve the endpoint
+ // for a service.
+ //
+ // AWS_STS_REGIONAL_ENDPOINTS=regional
+ // This can take value as `regional` or `legacy`
+ STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+ // Specifies the S3 Regional Endpoint flag for the SDK to resolve the
+ // endpoint for a service.
+ //
+ // AWS_S3_US_EAST_1_REGIONAL_ENDPOINT=regional
+ // This can take value as `regional` or `legacy`
+ S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+
+ // Specifies if the S3 service should allow ARNs to direct the region
+ // the client's requests are sent to.
+ //
+ // AWS_S3_USE_ARN_REGION=true
+ S3UseARNRegion bool
}
var (
@@ -179,6 +202,15 @@ var (
roleSessionNameEnvKey = []string{
"AWS_ROLE_SESSION_NAME",
}
+ stsRegionalEndpointKey = []string{
+ "AWS_STS_REGIONAL_ENDPOINTS",
+ }
+ s3UsEast1RegionalEndpoint = []string{
+ "AWS_S3_US_EAST_1_REGIONAL_ENDPOINT",
+ }
+ s3UseARNRegionEnvKey = []string{
+ "AWS_S3_USE_ARN_REGION",
+ }
)
// loadEnvConfig retrieves the SDK's environment configuration.
@@ -187,7 +219,7 @@ var (
// If the environment variable `AWS_SDK_LOAD_CONFIG` is set to a truthy value
// the shared SDK config will be loaded in addition to the SDK's specific
// configuration values.
-func loadEnvConfig() envConfig {
+func loadEnvConfig() (envConfig, error) {
enableSharedConfig, _ := strconv.ParseBool(os.Getenv("AWS_SDK_LOAD_CONFIG"))
return envConfigLoad(enableSharedConfig)
}
@@ -198,11 +230,11 @@ func loadEnvConfig() envConfig {
// Loads the shared configuration in addition to the SDK's specific configuration.
// This will load the same values as `loadEnvConfig` if the `AWS_SDK_LOAD_CONFIG`
// environment variable is set.
-func loadSharedEnvConfig() envConfig {
+func loadSharedEnvConfig() (envConfig, error) {
return envConfigLoad(true)
}
-func envConfigLoad(enableSharedConfig bool) envConfig {
+func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
cfg := envConfig{}
cfg.EnableSharedConfig = enableSharedConfig
@@ -264,12 +296,48 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE")
- return cfg
+ var err error
+ // STS Regional Endpoint variable
+ for _, k := range stsRegionalEndpointKey {
+ if v := os.Getenv(k); len(v) != 0 {
+ cfg.STSRegionalEndpoint, err = endpoints.GetSTSRegionalEndpoint(v)
+ if err != nil {
+ return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
+ }
+ }
+ }
+
+ // S3 Regional Endpoint variable
+ for _, k := range s3UsEast1RegionalEndpoint {
+ if v := os.Getenv(k); len(v) != 0 {
+ cfg.S3UsEast1RegionalEndpoint, err = endpoints.GetS3UsEast1RegionalEndpoint(v)
+ if err != nil {
+ return cfg, fmt.Errorf("failed to load, %v from env config, %v", k, err)
+ }
+ }
+ }
+
+ var s3UseARNRegion string
+ setFromEnvVal(&s3UseARNRegion, s3UseARNRegionEnvKey)
+ if len(s3UseARNRegion) != 0 {
+ switch {
+ case strings.EqualFold(s3UseARNRegion, "false"):
+ cfg.S3UseARNRegion = false
+ case strings.EqualFold(s3UseARNRegion, "true"):
+ cfg.S3UseARNRegion = true
+ default:
+ return envConfig{}, fmt.Errorf(
+ "invalid value for environment variable, %s=%s, need true or false",
+ s3UseARNRegionEnvKey[0], s3UseARNRegion)
+ }
+ }
+
+ return cfg, nil
}
func setFromEnvVal(dst *string, keys []string) {
for _, k := range keys {
- if v := os.Getenv(k); len(v) > 0 {
+ if v := os.Getenv(k); len(v) != 0 {
*dst = v
break
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
index 7b0a942e2..0ff499605 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
@@ -73,7 +73,7 @@ type Session struct {
// func is called instead of waiting to receive an error until a request is made.
func New(cfgs ...*aws.Config) *Session {
// load initial config from environment
- envCfg := loadEnvConfig()
+ envCfg, envErr := loadEnvConfig()
if envCfg.EnableSharedConfig {
var cfg aws.Config
@@ -93,17 +93,17 @@ func New(cfgs ...*aws.Config) *Session {
// Session creation failed, need to report the error and prevent
// any requests from succeeding.
s = &Session{Config: defaults.Config()}
- s.Config.MergeIn(cfgs...)
- s.Config.Logger.Log("ERROR:", msg, "Error:", err)
- s.Handlers.Validate.PushBack(func(r *request.Request) {
- r.Error = err
- })
+ s.logDeprecatedNewSessionError(msg, err, cfgs)
}
return s
}
s := deprecatedNewSession(cfgs...)
+ if envErr != nil {
+ msg := "failed to load env config"
+ s.logDeprecatedNewSessionError(msg, envErr, cfgs)
+ }
if csmCfg, err := loadCSMConfig(envCfg, []string{}); err != nil {
if l := s.Config.Logger; l != nil {
@@ -112,11 +112,8 @@ func New(cfgs ...*aws.Config) *Session {
} else if csmCfg.Enabled {
err := enableCSM(&s.Handlers, csmCfg, s.Config.Logger)
if err != nil {
- err = fmt.Errorf("failed to enable CSM, %v", err)
- s.Config.Logger.Log("ERROR:", err.Error())
- s.Handlers.Validate.PushBack(func(r *request.Request) {
- r.Error = err
- })
+ msg := "failed to enable CSM"
+ s.logDeprecatedNewSessionError(msg, err, cfgs)
}
}
@@ -279,10 +276,17 @@ type Options struct {
// }))
func NewSessionWithOptions(opts Options) (*Session, error) {
var envCfg envConfig
+ var err error
if opts.SharedConfigState == SharedConfigEnable {
- envCfg = loadSharedEnvConfig()
+ envCfg, err = loadSharedEnvConfig()
+ if err != nil {
+ return nil, fmt.Errorf("failed to load shared config, %v", err)
+ }
} else {
- envCfg = loadEnvConfig()
+ envCfg, err = loadEnvConfig()
+ if err != nil {
+ return nil, fmt.Errorf("failed to load environment config, %v", err)
+ }
}
if len(opts.Profile) != 0 {
@@ -550,6 +554,22 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
}
}
+ // Regional Endpoint flag for STS endpoint resolving
+ mergeSTSRegionalEndpointConfig(cfg, []endpoints.STSRegionalEndpoint{
+ userCfg.STSRegionalEndpoint,
+ envCfg.STSRegionalEndpoint,
+ sharedCfg.STSRegionalEndpoint,
+ endpoints.LegacySTSEndpoint,
+ })
+
+ // Regional Endpoint flag for S3 endpoint resolving
+ mergeS3UsEast1RegionalEndpointConfig(cfg, []endpoints.S3UsEast1RegionalEndpoint{
+ userCfg.S3UsEast1RegionalEndpoint,
+ envCfg.S3UsEast1RegionalEndpoint,
+ sharedCfg.S3UsEast1RegionalEndpoint,
+ endpoints.LegacyS3UsEast1Endpoint,
+ })
+
// Configure credentials if not already set by the user when creating the
// Session.
if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
@@ -560,9 +580,35 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
cfg.Credentials = creds
}
+ cfg.S3UseARNRegion = userCfg.S3UseARNRegion
+ if cfg.S3UseARNRegion == nil {
+ cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
+ }
+ if cfg.S3UseARNRegion == nil {
+ cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion
+ }
+
return nil
}
+func mergeSTSRegionalEndpointConfig(cfg *aws.Config, values []endpoints.STSRegionalEndpoint) {
+ for _, v := range values {
+ if v != endpoints.UnsetSTSEndpoint {
+ cfg.STSRegionalEndpoint = v
+ break
+ }
+ }
+}
+
+func mergeS3UsEast1RegionalEndpointConfig(cfg *aws.Config, values []endpoints.S3UsEast1RegionalEndpoint) {
+ for _, v := range values {
+ if v != endpoints.UnsetS3UsEast1Endpoint {
+ cfg.S3UsEast1RegionalEndpoint = v
+ break
+ }
+ }
+}
+
func initHandlers(s *Session) {
// Add the Validate parameter handler if it is not disabled.
s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler)
@@ -591,47 +637,67 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session {
// ClientConfig satisfies the client.ConfigProvider interface and is used to
// configure the service client instances. Passing the Session to the service
// client's constructor (New) will use this method to configure the client.
-func (s *Session) ClientConfig(serviceName string, cfgs ...*aws.Config) client.Config {
- // Backwards compatibility, the error will be eaten if user calls ClientConfig
- // directly. All SDK services will use ClientconfigWithError.
- cfg, _ := s.clientConfigWithErr(serviceName, cfgs...)
-
- return cfg
-}
-
-func (s *Session) clientConfigWithErr(serviceName string, cfgs ...*aws.Config) (client.Config, error) {
+func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Config {
s = s.Copy(cfgs...)
- var resolved endpoints.ResolvedEndpoint
- var err error
-
region := aws.StringValue(s.Config.Region)
-
- if endpoint := aws.StringValue(s.Config.Endpoint); len(endpoint) != 0 {
- resolved.URL = endpoints.AddScheme(endpoint, aws.BoolValue(s.Config.DisableSSL))
- resolved.SigningRegion = region
- } else {
- resolved, err = s.Config.EndpointResolver.EndpointFor(
- serviceName, region,
- func(opt *endpoints.Options) {
- opt.DisableSSL = aws.BoolValue(s.Config.DisableSSL)
- opt.UseDualStack = aws.BoolValue(s.Config.UseDualStack)
-
- // Support the condition where the service is modeled but its
- // endpoint metadata is not available.
- opt.ResolveUnknownService = true
- },
- )
+ resolved, err := s.resolveEndpoint(service, region, s.Config)
+ if err != nil {
+ s.Handlers.Validate.PushBack(func(r *request.Request) {
+ if len(r.ClientInfo.Endpoint) != 0 {
+ // Error occurred while resolving endpoint, but the request
+ // being invoked has had an endpoint specified after the client
+ // was created.
+ return
+ }
+ r.Error = err
+ })
}
return client.Config{
Config: s.Config,
Handlers: s.Handlers,
+ PartitionID: resolved.PartitionID,
Endpoint: resolved.URL,
SigningRegion: resolved.SigningRegion,
SigningNameDerived: resolved.SigningNameDerived,
SigningName: resolved.SigningName,
- }, err
+ }
+}
+
+func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
+
+ if ep := aws.StringValue(cfg.Endpoint); len(ep) != 0 {
+ return endpoints.ResolvedEndpoint{
+ URL: endpoints.AddScheme(ep, aws.BoolValue(cfg.DisableSSL)),
+ SigningRegion: region,
+ }, nil
+ }
+
+ resolved, err := cfg.EndpointResolver.EndpointFor(service, region,
+ func(opt *endpoints.Options) {
+ opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
+ opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
+ // Support for STSRegionalEndpoint where the STSRegionalEndpoint is
+ // provided in envConfig or sharedConfig with envConfig getting
+ // precedence.
+ opt.STSRegionalEndpoint = cfg.STSRegionalEndpoint
+
+ // Support for S3UsEast1RegionalEndpoint where the S3UsEast1RegionalEndpoint is
+ // provided in envConfig or sharedConfig with envConfig getting
+ // precedence.
+ opt.S3UsEast1RegionalEndpoint = cfg.S3UsEast1RegionalEndpoint
+
+ // Support the condition where the service is modeled but its
+ // endpoint metadata is not available.
+ opt.ResolveUnknownService = true
+ },
+ )
+ if err != nil {
+ return endpoints.ResolvedEndpoint{}, err
+ }
+
+ return resolved, nil
}
// ClientConfigNoResolveEndpoint is the same as ClientConfig with the exception
@@ -641,12 +707,9 @@ func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Conf
s = s.Copy(cfgs...)
var resolved endpoints.ResolvedEndpoint
-
- region := aws.StringValue(s.Config.Region)
-
if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
- resolved.SigningRegion = region
+ resolved.SigningRegion = aws.StringValue(s.Config.Region)
}
return client.Config{
@@ -658,3 +721,14 @@ func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Conf
SigningName: resolved.SigningName,
}
}
+
+// logDeprecatedNewSessionError function enables error handling for session
+func (s *Session) logDeprecatedNewSessionError(msg string, err error, cfgs []*aws.Config) {
+ // Session creation failed, need to report the error and prevent
+ // any requests from succeeding.
+ s.Config.MergeIn(cfgs...)
+ s.Config.Logger.Log("ERROR:", msg, "Error:", err)
+ s.Handlers.Validate.PushBack(func(r *request.Request) {
+ r.Error = err
+ })
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
index d91ac93a5..680805a38 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
@@ -2,9 +2,11 @@ package session
import (
"fmt"
+ "time"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/internal/ini"
)
@@ -15,12 +17,13 @@ const (
sessionTokenKey = `aws_session_token` // optional
// Assume Role Credentials group
- roleArnKey = `role_arn` // group required
- sourceProfileKey = `source_profile` // group required (or credential_source)
- credentialSourceKey = `credential_source` // group required (or source_profile)
- externalIDKey = `external_id` // optional
- mfaSerialKey = `mfa_serial` // optional
- roleSessionNameKey = `role_session_name` // optional
+ roleArnKey = `role_arn` // group required
+ sourceProfileKey = `source_profile` // group required (or credential_source)
+ credentialSourceKey = `credential_source` // group required (or source_profile)
+ externalIDKey = `external_id` // optional
+ mfaSerialKey = `mfa_serial` // optional
+ roleSessionNameKey = `role_session_name` // optional
+ roleDurationSecondsKey = "duration_seconds" // optional
// CSM options
csmEnabledKey = `csm_enabled`
@@ -40,10 +43,19 @@ const (
// Web Identity Token File
webIdentityTokenFileKey = `web_identity_token_file` // optional
+ // Additional config fields for regional or legacy endpoints
+ stsRegionalEndpointSharedKey = `sts_regional_endpoints`
+
+ // Additional config fields for regional or legacy endpoints
+ s3UsEast1RegionalSharedKey = `s3_us_east_1_regional_endpoint`
+
// DefaultSharedConfigProfile is the default profile to be used when
// loading configuration from the config files if another profile name
// is not provided.
DefaultSharedConfigProfile = `default`
+
+ // S3 ARN Region Usage
+ s3UseARNRegionKey = "s3_use_arn_region"
)
// sharedConfig represents the configuration fields of the SDK config files.
@@ -63,10 +75,11 @@ type sharedConfig struct {
CredentialProcess string
WebIdentityTokenFile string
- RoleARN string
- RoleSessionName string
- ExternalID string
- MFASerial string
+ RoleARN string
+ RoleSessionName string
+ ExternalID string
+ MFASerial string
+ AssumeRoleDuration *time.Duration
SourceProfileName string
SourceProfile *sharedConfig
@@ -88,6 +101,24 @@ type sharedConfig struct {
CSMHost string
CSMPort string
CSMClientID string
+
+ // Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
+ //
+ // sts_regional_endpoints = regional
+ // This can take value as `LegacySTSEndpoint` or `RegionalSTSEndpoint`
+ STSRegionalEndpoint endpoints.STSRegionalEndpoint
+
+ // Specifies the Regional Endpoint flag for the SDK to resolve the endpoint for a service
+ //
+ // s3_us_east_1_regional_endpoint = regional
+ // This can take value as `LegacyS3UsEast1Endpoint` or `RegionalS3UsEast1Endpoint`
+ S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
+
+ // Specifies if the S3 service should allow ARNs to direct the region
+ // the client's requests are sent to.
+ //
+ // s3_use_arn_region=true
+ S3UseARNRegion bool
}
type sharedConfigFile struct {
@@ -244,8 +275,30 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
updateString(&cfg.RoleSessionName, section, roleSessionNameKey)
updateString(&cfg.SourceProfileName, section, sourceProfileKey)
updateString(&cfg.CredentialSource, section, credentialSourceKey)
-
updateString(&cfg.Region, section, regionKey)
+
+ if section.Has(roleDurationSecondsKey) {
+ d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
+ cfg.AssumeRoleDuration = &d
+ }
+
+ if v := section.String(stsRegionalEndpointSharedKey); len(v) != 0 {
+ sre, err := endpoints.GetSTSRegionalEndpoint(v)
+ if err != nil {
+ return fmt.Errorf("failed to load %s from shared config, %s, %v",
+ stsRegionalEndpointSharedKey, file.Filename, err)
+ }
+ cfg.STSRegionalEndpoint = sre
+ }
+
+ if v := section.String(s3UsEast1RegionalSharedKey); len(v) != 0 {
+ sre, err := endpoints.GetS3UsEast1RegionalEndpoint(v)
+ if err != nil {
+ return fmt.Errorf("failed to load %s from shared config, %s, %v",
+ s3UsEast1RegionalSharedKey, file.Filename, err)
+ }
+ cfg.S3UsEast1RegionalEndpoint = sre
+ }
}
updateString(&cfg.CredentialProcess, section, credentialProcessKey)
@@ -271,6 +324,8 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
updateString(&cfg.CSMPort, section, csmPortKey)
updateString(&cfg.CSMClientID, section, csmClientIDKey)
+ updateBool(&cfg.S3UseARNRegion, section, s3UseARNRegionKey)
+
return nil
}
@@ -363,6 +418,15 @@ func updateString(dst *string, section ini.Section, key string) {
*dst = section.String(key)
}
+// updateBool will only update the dst with the value in the section key, key
+// is present in the section.
+func updateBool(dst *bool, section ini.Section, key string) {
+ if !section.Has(key) {
+ return
+ }
+ *dst = section.Bool(key)
+}
+
// updateBoolPtr will only update the dst with the value in the section key,
// key is present in the section.
func updateBoolPtr(dst **bool, section ini.Section, key string) {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
index 244c86da0..07ea799fb 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
@@ -1,8 +1,7 @@
package v4
import (
- "net/http"
- "strings"
+ "github.com/aws/aws-sdk-go/internal/strings"
)
// validator houses a set of rule needed for validation of a
@@ -61,7 +60,7 @@ type patterns []string
// been found
func (p patterns) IsValid(value string) bool {
for _, pattern := range p {
- if strings.HasPrefix(http.CanonicalHeaderKey(value), pattern) {
+ if strings.HasPrefixFold(value, pattern) {
return true
}
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
new file mode 100644
index 000000000..f35fc860b
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
@@ -0,0 +1,13 @@
+// +build !go1.7
+
+package v4
+
+import (
+ "net/http"
+
+ "github.com/aws/aws-sdk-go/aws"
+)
+
+func requestContext(r *http.Request) aws.Context {
+ return aws.BackgroundContext()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
new file mode 100644
index 000000000..fed5c859c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
@@ -0,0 +1,13 @@
+// +build go1.7
+
+package v4
+
+import (
+ "net/http"
+
+ "github.com/aws/aws-sdk-go/aws"
+)
+
+func requestContext(r *http.Request) aws.Context {
+ return r.Context()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
new file mode 100644
index 000000000..02cbd97e2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go
@@ -0,0 +1,63 @@
+package v4
+
+import (
+ "encoding/hex"
+ "strings"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws/credentials"
+)
+
+type credentialValueProvider interface {
+ Get() (credentials.Value, error)
+}
+
+// StreamSigner implements signing of event stream encoded payloads
+type StreamSigner struct {
+ region string
+ service string
+
+ credentials credentialValueProvider
+
+ prevSig []byte
+}
+
+// NewStreamSigner creates a SigV4 signer used to sign Event Stream encoded messages
+func NewStreamSigner(region, service string, seedSignature []byte, credentials *credentials.Credentials) *StreamSigner {
+ return &StreamSigner{
+ region: region,
+ service: service,
+ credentials: credentials,
+ prevSig: seedSignature,
+ }
+}
+
+// GetSignature takes an event stream encoded headers and payload and returns a signature
+func (s *StreamSigner) GetSignature(headers, payload []byte, date time.Time) ([]byte, error) {
+ credValue, err := s.credentials.Get()
+ if err != nil {
+ return nil, err
+ }
+
+ sigKey := deriveSigningKey(s.region, s.service, credValue.SecretAccessKey, date)
+
+ keyPath := buildSigningScope(s.region, s.service, date)
+
+ stringToSign := buildEventStreamStringToSign(headers, payload, s.prevSig, keyPath, date)
+
+ signature := hmacSHA256(sigKey, []byte(stringToSign))
+ s.prevSig = signature
+
+ return signature, nil
+}
+
+func buildEventStreamStringToSign(headers, payload, prevSig []byte, scope string, date time.Time) string {
+ return strings.Join([]string{
+ "AWS4-HMAC-SHA256-PAYLOAD",
+ formatTime(date),
+ scope,
+ hex.EncodeToString(prevSig),
+ hex.EncodeToString(hashSHA256(headers)),
+ hex.EncodeToString(hashSHA256(payload)),
+ }, "\n")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
index 8104793aa..d71f7b3f4 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
@@ -76,9 +76,14 @@ import (
)
const (
+ authorizationHeader = "Authorization"
+ authHeaderSignatureElem = "Signature="
+ signatureQueryKey = "X-Amz-Signature"
+
authHeaderPrefix = "AWS4-HMAC-SHA256"
timeFormat = "20060102T150405Z"
shortTimeFormat = "20060102"
+ awsV4Request = "aws4_request"
// emptyStringSHA256 is a SHA256 of an empty string
emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
@@ -87,9 +92,9 @@ const (
var ignoredHeaders = rules{
blacklist{
mapRule{
- "Authorization": struct{}{},
- "User-Agent": struct{}{},
- "X-Amzn-Trace-Id": struct{}{},
+ authorizationHeader: struct{}{},
+ "User-Agent": struct{}{},
+ "X-Amzn-Trace-Id": struct{}{},
},
},
}
@@ -229,11 +234,9 @@ type signingCtx struct {
DisableURIPathEscaping bool
- credValues credentials.Value
- isPresign bool
- formattedTime string
- formattedShortTime string
- unsignedPayload bool
+ credValues credentials.Value
+ isPresign bool
+ unsignedPayload bool
bodyDigest string
signedHeaders string
@@ -337,7 +340,7 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi
}
var err error
- ctx.credValues, err = v4.Credentials.Get()
+ ctx.credValues, err = v4.Credentials.GetWithContext(requestContext(r))
if err != nil {
return http.Header{}, err
}
@@ -532,39 +535,56 @@ func (ctx *signingCtx) build(disableHeaderHoisting bool) error {
ctx.buildSignature() // depends on string to sign
if ctx.isPresign {
- ctx.Request.URL.RawQuery += "&X-Amz-Signature=" + ctx.signature
+ ctx.Request.URL.RawQuery += "&" + signatureQueryKey + "=" + ctx.signature
} else {
parts := []string{
authHeaderPrefix + " Credential=" + ctx.credValues.AccessKeyID + "/" + ctx.credentialString,
"SignedHeaders=" + ctx.signedHeaders,
- "Signature=" + ctx.signature,
+ authHeaderSignatureElem + ctx.signature,
}
- ctx.Request.Header.Set("Authorization", strings.Join(parts, ", "))
+ ctx.Request.Header.Set(authorizationHeader, strings.Join(parts, ", "))
}
return nil
}
-func (ctx *signingCtx) buildTime() {
- ctx.formattedTime = ctx.Time.UTC().Format(timeFormat)
- ctx.formattedShortTime = ctx.Time.UTC().Format(shortTimeFormat)
+// GetSignedRequestSignature attempts to extract the signature of the request.
+// Returning an error if the request is unsigned, or unable to extract the
+// signature.
+func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
+
+ if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
+ ps := strings.Split(auth, ", ")
+ for _, p := range ps {
+ if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
+ sig := p[len(authHeaderSignatureElem):]
+ if len(sig) == 0 {
+ return nil, fmt.Errorf("invalid request signature authorization header")
+ }
+ return hex.DecodeString(sig)
+ }
+ }
+ }
+
+ if sig := r.URL.Query().Get("X-Amz-Signature"); len(sig) != 0 {
+ return hex.DecodeString(sig)
+ }
+
+ return nil, fmt.Errorf("request not signed")
+}
+func (ctx *signingCtx) buildTime() {
if ctx.isPresign {
duration := int64(ctx.ExpireTime / time.Second)
- ctx.Query.Set("X-Amz-Date", ctx.formattedTime)
+ ctx.Query.Set("X-Amz-Date", formatTime(ctx.Time))
ctx.Query.Set("X-Amz-Expires", strconv.FormatInt(duration, 10))
} else {
- ctx.Request.Header.Set("X-Amz-Date", ctx.formattedTime)
+ ctx.Request.Header.Set("X-Amz-Date", formatTime(ctx.Time))
}
}
func (ctx *signingCtx) buildCredentialString() {
- ctx.credentialString = strings.Join([]string{
- ctx.formattedShortTime,
- ctx.Region,
- ctx.ServiceName,
- "aws4_request",
- }, "/")
+ ctx.credentialString = buildSigningScope(ctx.Region, ctx.ServiceName, ctx.Time)
if ctx.isPresign {
ctx.Query.Set("X-Amz-Credential", ctx.credValues.AccessKeyID+"/"+ctx.credentialString)
@@ -588,8 +608,7 @@ func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) {
var headers []string
headers = append(headers, "host")
for k, v := range header {
- canonicalKey := http.CanonicalHeaderKey(k)
- if !r.IsValid(canonicalKey) {
+ if !r.IsValid(k) {
continue // ignored header
}
if ctx.SignedHeaderVals == nil {
@@ -653,19 +672,15 @@ func (ctx *signingCtx) buildCanonicalString() {
func (ctx *signingCtx) buildStringToSign() {
ctx.stringToSign = strings.Join([]string{
authHeaderPrefix,
- ctx.formattedTime,
+ formatTime(ctx.Time),
ctx.credentialString,
- hex.EncodeToString(makeSha256([]byte(ctx.canonicalString))),
+ hex.EncodeToString(hashSHA256([]byte(ctx.canonicalString))),
}, "\n")
}
func (ctx *signingCtx) buildSignature() {
- secret := ctx.credValues.SecretAccessKey
- date := makeHmac([]byte("AWS4"+secret), []byte(ctx.formattedShortTime))
- region := makeHmac(date, []byte(ctx.Region))
- service := makeHmac(region, []byte(ctx.ServiceName))
- credentials := makeHmac(service, []byte("aws4_request"))
- signature := makeHmac(credentials, []byte(ctx.stringToSign))
+ creds := deriveSigningKey(ctx.Region, ctx.ServiceName, ctx.credValues.SecretAccessKey, ctx.Time)
+ signature := hmacSHA256(creds, []byte(ctx.stringToSign))
ctx.signature = hex.EncodeToString(signature)
}
@@ -726,13 +741,13 @@ func (ctx *signingCtx) removePresign() {
ctx.Query.Del("X-Amz-SignedHeaders")
}
-func makeHmac(key []byte, data []byte) []byte {
+func hmacSHA256(key []byte, data []byte) []byte {
hash := hmac.New(sha256.New, key)
hash.Write(data)
return hash.Sum(nil)
}
-func makeSha256(data []byte) []byte {
+func hashSHA256(data []byte) []byte {
hash := sha256.New()
hash.Write(data)
return hash.Sum(nil)
@@ -804,3 +819,28 @@ func stripExcessSpaces(vals []string) {
vals[i] = string(buf[:m])
}
}
+
+func buildSigningScope(region, service string, dt time.Time) string {
+ return strings.Join([]string{
+ formatShortTime(dt),
+ region,
+ service,
+ awsV4Request,
+ }, "/")
+}
+
+func deriveSigningKey(region, service, secretKey string, dt time.Time) []byte {
+ kDate := hmacSHA256([]byte("AWS4"+secretKey), []byte(formatShortTime(dt)))
+ kRegion := hmacSHA256(kDate, []byte(region))
+ kService := hmacSHA256(kRegion, []byte(service))
+ signingKey := hmacSHA256(kService, []byte(awsV4Request))
+ return signingKey
+}
+
+func formatShortTime(dt time.Time) string {
+ return dt.UTC().Format(shortTimeFormat)
+}
+
+func formatTime(dt time.Time) string {
+ return dt.UTC().Format(timeFormat)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go
index 455091540..98751ee84 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go
@@ -2,6 +2,7 @@ package aws
import (
"io"
+ "strings"
"sync"
"github.com/aws/aws-sdk-go/internal/sdkio"
@@ -205,3 +206,59 @@ func (b *WriteAtBuffer) Bytes() []byte {
defer b.m.Unlock()
return b.buf
}
+
+// MultiCloser is a utility to close multiple io.Closers within a single
+// statement.
+type MultiCloser []io.Closer
+
+// Close closes all of the io.Closers making up the MultiClosers. Any
+// errors that occur while closing will be returned in the order they
+// occur.
+func (m MultiCloser) Close() error {
+ var errs errors
+ for _, c := range m {
+ err := c.Close()
+ if err != nil {
+ errs = append(errs, err)
+ }
+ }
+ if len(errs) != 0 {
+ return errs
+ }
+
+ return nil
+}
+
+type errors []error
+
+func (es errors) Error() string {
+ var parts []string
+ for _, e := range es {
+ parts = append(parts, e.Error())
+ }
+
+ return strings.Join(parts, "\n")
+}
+
+// CopySeekableBody copies the seekable body to an io.Writer
+func CopySeekableBody(dst io.Writer, src io.ReadSeeker) (int64, error) {
+ curPos, err := src.Seek(0, sdkio.SeekCurrent)
+ if err != nil {
+ return 0, err
+ }
+
+ // copy errors may be assumed to be from the body.
+ n, err := io.Copy(dst, src)
+ if err != nil {
+ return n, err
+ }
+
+ // seek back to the first position after reading to reset
+ // the body for transmission.
+ _, err = src.Seek(curPos, sdkio.SeekStart)
+ if err != nil {
+ return n, err
+ }
+
+ return n, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index d1548ebd8..c224e7692 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
-const SDKVersion = "1.25.3"
+const SDKVersion = "1.32.1"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
new file mode 100644
index 000000000..876dcb3fd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
@@ -0,0 +1,40 @@
+// +build !go1.7
+
+package context
+
+import "time"
+
+// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to
+// provide a 1.6 and 1.5 safe version of context that is compatible with Go
+// 1.7's Context.
+//
+// An emptyCtx is never canceled, has no values, and has no deadline. It is not
+// struct{}, since vars of this type must have distinct addresses.
+type emptyCtx int
+
+func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
+ return
+}
+
+func (*emptyCtx) Done() <-chan struct{} {
+ return nil
+}
+
+func (*emptyCtx) Err() error {
+ return nil
+}
+
+func (*emptyCtx) Value(key interface{}) interface{} {
+ return nil
+}
+
+func (e *emptyCtx) String() string {
+ switch e {
+ case BackgroundCtx:
+ return "aws.BackgroundContext"
+ }
+ return "unknown empty Context"
+}
+
+// BackgroundCtx is the common base context.
+var BackgroundCtx = new(emptyCtx)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
index e56dcee2f..cf9fad81e 100644
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
@@ -162,7 +162,7 @@ loop:
if len(tokens) == 0 {
break loop
}
-
+ // if should skip is true, we skip the tokens until should skip is set to false.
step = SkipTokenState
}
@@ -218,7 +218,7 @@ loop:
// S -> equal_expr' expr_stmt'
switch k.Kind {
case ASTKindEqualExpr:
- // assiging a value to some key
+ // assigning a value to some key
k.AppendChild(newExpression(tok))
stack.Push(newExprStatement(k))
case ASTKindExpr:
@@ -250,6 +250,13 @@ loop:
if !runeCompare(tok.Raw(), openBrace) {
return nil, NewParseError("expected '['")
}
+ // If OpenScopeState is not at the start, we must mark the previous ast as complete
+ //
+ // for example: if previous ast was a skip statement;
+ // we should mark it as complete before we create a new statement
+ if k.Kind != ASTKindStart {
+ stack.MarkComplete(k)
+ }
stmt := newStatement()
stack.Push(stmt)
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
index 6bb696447..da7a4049c 100644
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/skipper.go
@@ -22,24 +22,24 @@ func newSkipper() skipper {
}
func (s *skipper) ShouldSkip(tok Token) bool {
+ // should skip state will be modified only if previous token was new line (NL);
+ // and the current token is not WhiteSpace (WS).
if s.shouldSkip &&
s.prevTok.Type() == TokenNL &&
tok.Type() != TokenWS {
-
s.Continue()
return false
}
s.prevTok = tok
-
return s.shouldSkip
}
func (s *skipper) Skip() {
s.shouldSkip = true
- s.prevTok = emptyToken
}
func (s *skipper) Continue() {
s.shouldSkip = false
+ // empty token is assigned as we return to default state, when should skip is false
s.prevTok = emptyToken
}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
new file mode 100644
index 000000000..d008ae27c
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go
@@ -0,0 +1,11 @@
+package strings
+
+import (
+ "strings"
+)
+
+// HasPrefixFold tests whether the string s begins with prefix, interpreted as UTF-8 strings,
+// under Unicode case-folding.
+func HasPrefixFold(s, prefix string) bool {
+ return len(s) >= len(prefix) && strings.EqualFold(s[0:len(prefix)], prefix)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
new file mode 100644
index 000000000..14ad0c589
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go
@@ -0,0 +1,120 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package singleflight provides a duplicate function call suppression
+// mechanism.
+package singleflight
+
+import "sync"
+
+// call is an in-flight or completed singleflight.Do call
+type call struct {
+ wg sync.WaitGroup
+
+ // These fields are written once before the WaitGroup is done
+ // and are only read after the WaitGroup is done.
+ val interface{}
+ err error
+
+ // forgotten indicates whether Forget was called with this call's key
+ // while the call was still in flight.
+ forgotten bool
+
+ // These fields are read and written with the singleflight
+ // mutex held before the WaitGroup is done, and are read but
+ // not written after the WaitGroup is done.
+ dups int
+ chans []chan<- Result
+}
+
+// Group represents a class of work and forms a namespace in
+// which units of work can be executed with duplicate suppression.
+type Group struct {
+ mu sync.Mutex // protects m
+ m map[string]*call // lazily initialized
+}
+
+// Result holds the results of Do, so they can be passed
+// on a channel.
+type Result struct {
+ Val interface{}
+ Err error
+ Shared bool
+}
+
+// Do executes and returns the results of the given function, making
+// sure that only one execution is in-flight for a given key at a
+// time. If a duplicate comes in, the duplicate caller waits for the
+// original to complete and receives the same results.
+// The return value shared indicates whether v was given to multiple callers.
+func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, err error, shared bool) {
+ g.mu.Lock()
+ if g.m == nil {
+ g.m = make(map[string]*call)
+ }
+ if c, ok := g.m[key]; ok {
+ c.dups++
+ g.mu.Unlock()
+ c.wg.Wait()
+ return c.val, c.err, true
+ }
+ c := new(call)
+ c.wg.Add(1)
+ g.m[key] = c
+ g.mu.Unlock()
+
+ g.doCall(c, key, fn)
+ return c.val, c.err, c.dups > 0
+}
+
+// DoChan is like Do but returns a channel that will receive the
+// results when they are ready.
+func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result {
+ ch := make(chan Result, 1)
+ g.mu.Lock()
+ if g.m == nil {
+ g.m = make(map[string]*call)
+ }
+ if c, ok := g.m[key]; ok {
+ c.dups++
+ c.chans = append(c.chans, ch)
+ g.mu.Unlock()
+ return ch
+ }
+ c := &call{chans: []chan<- Result{ch}}
+ c.wg.Add(1)
+ g.m[key] = c
+ g.mu.Unlock()
+
+ go g.doCall(c, key, fn)
+
+ return ch
+}
+
+// doCall handles the single call for a key.
+func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) {
+ c.val, c.err = fn()
+ c.wg.Done()
+
+ g.mu.Lock()
+ if !c.forgotten {
+ delete(g.m, key)
+ }
+ for _, ch := range c.chans {
+ ch <- Result{c.val, c.err, c.dups > 0}
+ }
+ g.mu.Unlock()
+}
+
+// Forget tells the singleflight to forget about a key. Future calls
+// to Do for this key will call the function rather than waiting for
+// an earlier call to complete.
+func (g *Group) Forget(key string) {
+ g.mu.Lock()
+ if c, ok := g.m[key]; ok {
+ c.forgotten = true
+ }
+ delete(g.m, key)
+ g.mu.Unlock()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go b/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go
new file mode 100644
index 000000000..e045f38d8
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/checksum/content_md5.go
@@ -0,0 +1,53 @@
+package checksum
+
+import (
+ "crypto/md5"
+ "encoding/base64"
+ "fmt"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+const contentMD5Header = "Content-Md5"
+
+// AddBodyContentMD5Handler computes and sets the HTTP Content-MD5 header for requests that
+// require it.
+func AddBodyContentMD5Handler(r *request.Request) {
+ // if Content-MD5 header is already present, return
+ if v := r.HTTPRequest.Header.Get(contentMD5Header); len(v) != 0 {
+ return
+ }
+
+ // if S3DisableContentMD5Validation flag is set, return
+ if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
+ return
+ }
+
+ // if request is presigned, return
+ if r.IsPresigned() {
+ return
+ }
+
+ // if body is not seekable, return
+ if !aws.IsReaderSeekable(r.Body) {
+ if r.Config.Logger != nil {
+ r.Config.Logger.Log(fmt.Sprintf(
+ "Unable to compute Content-MD5 for unseekable body, S3.%s",
+ r.Operation.Name))
+ }
+ return
+ }
+
+ h := md5.New()
+
+ if _, err := aws.CopySeekableBody(h, r.Body); err != nil {
+ r.Error = awserr.New("ContentMD5", "failed to compute body MD5", err)
+ return
+ }
+
+ // encode the md5 checksum in base64 and set the request header.
+ v := base64.StdEncoding.EncodeToString(h.Sum(nil))
+ r.HTTPRequest.Header.Set(contentMD5Header, v)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
index ecc7bf82f..151054971 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go
@@ -101,7 +101,7 @@ func (hs *decodedHeaders) UnmarshalJSON(b []byte) error {
}
headers.Set(h.Name, value)
}
- (*hs) = decodedHeaders(headers)
+ *hs = decodedHeaders(headers)
return nil
}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
index 4b972b2d6..474339391 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go
@@ -21,10 +21,24 @@ type Decoder struct {
// NewDecoder initializes and returns a Decoder for decoding event
// stream messages from the reader provided.
-func NewDecoder(r io.Reader) *Decoder {
- return &Decoder{
+func NewDecoder(r io.Reader, opts ...func(*Decoder)) *Decoder {
+ d := &Decoder{
r: r,
}
+
+ for _, opt := range opts {
+ opt(d)
+ }
+
+ return d
+}
+
+// DecodeWithLogger adds a logger to be used by the decoder when decoding
+// stream events.
+func DecodeWithLogger(logger aws.Logger) func(*Decoder) {
+ return func(d *Decoder) {
+ d.logger = logger
+ }
}
// Decode attempts to decode a single message from the event stream reader.
@@ -40,6 +54,15 @@ func (d *Decoder) Decode(payloadBuf []byte) (m Message, err error) {
}()
}
+ m, err = Decode(reader, payloadBuf)
+
+ return m, err
+}
+
+// Decode attempts to decode a single message from the event stream reader.
+// Will return the event stream message, or error if Decode fails to read
+// the message from the reader.
+func Decode(reader io.Reader, payloadBuf []byte) (m Message, err error) {
crc := crc32.New(crc32IEEETable)
hashReader := io.TeeReader(reader, crc)
@@ -72,12 +95,6 @@ func (d *Decoder) Decode(payloadBuf []byte) (m Message, err error) {
return m, nil
}
-// UseLogger specifies the Logger that that the decoder should use to log the
-// message decode to.
-func (d *Decoder) UseLogger(logger aws.Logger) {
- d.logger = logger
-}
-
func logMessageDecode(logger aws.Logger, msgBuf *bytes.Buffer, msg Message, decodeErr error) {
w := bytes.NewBuffer(nil)
defer func() { logger.Log(w.String()) }()
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
index 150a60981..ffade3bc0 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go
@@ -3,61 +3,107 @@ package eventstream
import (
"bytes"
"encoding/binary"
+ "encoding/hex"
+ "encoding/json"
+ "fmt"
"hash"
"hash/crc32"
"io"
+
+ "github.com/aws/aws-sdk-go/aws"
)
// Encoder provides EventStream message encoding.
type Encoder struct {
- w io.Writer
+ w io.Writer
+ logger aws.Logger
headersBuf *bytes.Buffer
}
// NewEncoder initializes and returns an Encoder to encode Event Stream
// messages to an io.Writer.
-func NewEncoder(w io.Writer) *Encoder {
- return &Encoder{
+func NewEncoder(w io.Writer, opts ...func(*Encoder)) *Encoder {
+ e := &Encoder{
w: w,
headersBuf: bytes.NewBuffer(nil),
}
+
+ for _, opt := range opts {
+ opt(e)
+ }
+
+ return e
+}
+
+// EncodeWithLogger adds a logger to be used by the encode when decoding
+// stream events.
+func EncodeWithLogger(logger aws.Logger) func(*Encoder) {
+ return func(d *Encoder) {
+ d.logger = logger
+ }
}
// Encode encodes a single EventStream message to the io.Writer the Encoder
// was created with. An error is returned if writing the message fails.
-func (e *Encoder) Encode(msg Message) error {
+func (e *Encoder) Encode(msg Message) (err error) {
e.headersBuf.Reset()
- err := encodeHeaders(e.headersBuf, msg.Headers)
- if err != nil {
+ writer := e.w
+ if e.logger != nil {
+ encodeMsgBuf := bytes.NewBuffer(nil)
+ writer = io.MultiWriter(writer, encodeMsgBuf)
+ defer func() {
+ logMessageEncode(e.logger, encodeMsgBuf, msg, err)
+ }()
+ }
+
+ if err = EncodeHeaders(e.headersBuf, msg.Headers); err != nil {
return err
}
crc := crc32.New(crc32IEEETable)
- hashWriter := io.MultiWriter(e.w, crc)
+ hashWriter := io.MultiWriter(writer, crc)
headersLen := uint32(e.headersBuf.Len())
payloadLen := uint32(len(msg.Payload))
- if err := encodePrelude(hashWriter, crc, headersLen, payloadLen); err != nil {
+ if err = encodePrelude(hashWriter, crc, headersLen, payloadLen); err != nil {
return err
}
if headersLen > 0 {
- if _, err := io.Copy(hashWriter, e.headersBuf); err != nil {
+ if _, err = io.Copy(hashWriter, e.headersBuf); err != nil {
return err
}
}
if payloadLen > 0 {
- if _, err := hashWriter.Write(msg.Payload); err != nil {
+ if _, err = hashWriter.Write(msg.Payload); err != nil {
return err
}
}
msgCRC := crc.Sum32()
- return binary.Write(e.w, binary.BigEndian, msgCRC)
+ return binary.Write(writer, binary.BigEndian, msgCRC)
+}
+
+func logMessageEncode(logger aws.Logger, msgBuf *bytes.Buffer, msg Message, encodeErr error) {
+ w := bytes.NewBuffer(nil)
+ defer func() { logger.Log(w.String()) }()
+
+ fmt.Fprintf(w, "Message to encode:\n")
+ encoder := json.NewEncoder(w)
+ if err := encoder.Encode(msg); err != nil {
+ fmt.Fprintf(w, "Failed to get encoded message, %v\n", err)
+ }
+
+ if encodeErr != nil {
+ fmt.Fprintf(w, "Encode error: %v\n", encodeErr)
+ return
+ }
+
+ fmt.Fprintf(w, "Raw message:\n%s\n", hex.Dump(msgBuf.Bytes()))
}
func encodePrelude(w io.Writer, crc hash.Hash32, headersLen, payloadLen uint32) error {
@@ -86,7 +132,9 @@ func encodePrelude(w io.Writer, crc hash.Hash32, headersLen, payloadLen uint32)
return nil
}
-func encodeHeaders(w io.Writer, headers Headers) error {
+// EncodeHeaders writes the header values to the writer encoded in the event
+// stream format. Returns an error if a header fails to encode.
+func EncodeHeaders(w io.Writer, headers Headers) error {
for _, h := range headers {
hn := headerName{
Len: uint8(len(h.Name)),
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
index 5ea5a988b..34c2e89d5 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go
@@ -1,6 +1,9 @@
package eventstreamapi
-import "fmt"
+import (
+ "fmt"
+ "sync"
+)
type messageError struct {
code string
@@ -22,3 +25,53 @@ func (e messageError) Error() string {
func (e messageError) OrigErr() error {
return nil
}
+
+// OnceError wraps the behavior of recording an error
+// once and signal on a channel when this has occurred.
+// Signaling is done by closing of the channel.
+//
+// Type is safe for concurrent usage.
+type OnceError struct {
+ mu sync.RWMutex
+ err error
+ ch chan struct{}
+}
+
+// NewOnceError return a new OnceError
+func NewOnceError() *OnceError {
+ return &OnceError{
+ ch: make(chan struct{}, 1),
+ }
+}
+
+// Err acquires a read-lock and returns an
+// error if one has been set.
+func (e *OnceError) Err() error {
+ e.mu.RLock()
+ err := e.err
+ e.mu.RUnlock()
+
+ return err
+}
+
+// SetError acquires a write-lock and will set
+// the underlying error value if one has not been set.
+func (e *OnceError) SetError(err error) {
+ if err == nil {
+ return
+ }
+
+ e.mu.Lock()
+ if e.err == nil {
+ e.err = err
+ close(e.ch)
+ }
+ e.mu.Unlock()
+}
+
+// ErrorSet returns a channel that will be used to signal
+// that an error has been set. This channel will be closed
+// when the error value has been set for OnceError.
+func (e *OnceError) ErrorSet() <-chan struct{} {
+ return e.ch
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/api.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
similarity index 77%
rename from vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/api.go
rename to vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
index 97937c8e5..bb8ea5da1 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go
@@ -2,9 +2,7 @@ package eventstreamapi
import (
"fmt"
- "io"
- "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/private/protocol"
"github.com/aws/aws-sdk-go/private/protocol/eventstream"
)
@@ -15,27 +13,8 @@ type Unmarshaler interface {
UnmarshalEvent(protocol.PayloadUnmarshaler, eventstream.Message) error
}
-// EventStream headers with specific meaning to async API functionality.
-const (
- MessageTypeHeader = `:message-type` // Identifies type of message.
- EventMessageType = `event`
- ErrorMessageType = `error`
- ExceptionMessageType = `exception`
-
- // Message Events
- EventTypeHeader = `:event-type` // Identifies message event type e.g. "Stats".
-
- // Message Error
- ErrorCodeHeader = `:error-code`
- ErrorMessageHeader = `:error-message`
-
- // Message Exception
- ExceptionTypeHeader = `:exception-type`
-)
-
// EventReader provides reading from the EventStream of an reader.
type EventReader struct {
- reader io.ReadCloser
decoder *eventstream.Decoder
unmarshalerForEventType func(string) (Unmarshaler, error)
@@ -47,27 +26,18 @@ type EventReader struct {
// NewEventReader returns a EventReader built from the reader and unmarshaler
// provided. Use ReadStream method to start reading from the EventStream.
func NewEventReader(
- reader io.ReadCloser,
+ decoder *eventstream.Decoder,
payloadUnmarshaler protocol.PayloadUnmarshaler,
unmarshalerForEventType func(string) (Unmarshaler, error),
) *EventReader {
return &EventReader{
- reader: reader,
- decoder: eventstream.NewDecoder(reader),
+ decoder: decoder,
payloadUnmarshaler: payloadUnmarshaler,
unmarshalerForEventType: unmarshalerForEventType,
payloadBuf: make([]byte, 10*1024),
}
}
-// UseLogger instructs the EventReader to use the logger and log level
-// specified.
-func (r *EventReader) UseLogger(logger aws.Logger, logLevel aws.LogLevelType) {
- if logger != nil && logLevel.Matches(aws.LogDebugWithEventStreamBody) {
- r.decoder.UseLogger(logger)
- }
-}
-
// ReadEvent attempts to read a message from the EventStream and return the
// unmarshaled event value that the message is for.
//
@@ -95,8 +65,7 @@ func (r *EventReader) ReadEvent() (event interface{}, err error) {
case EventMessageType:
return r.unmarshalEventMessage(msg)
case ExceptionMessageType:
- err = r.unmarshalEventException(msg)
- return nil, err
+ return nil, r.unmarshalEventException(msg)
case ErrorMessageType:
return nil, r.unmarshalErrorMessage(msg)
default:
@@ -174,11 +143,6 @@ func (r *EventReader) unmarshalErrorMessage(msg eventstream.Message) (err error)
return msgErr
}
-// Close closes the EventReader's EventStream reader.
-func (r *EventReader) Close() error {
- return r.reader.Close()
-}
-
// GetHeaderString returns the value of the header as a string. If the header
// is not set or the value is not a string an error will be returned.
func GetHeaderString(msg eventstream.Message, headerName string) (string, error) {
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go
new file mode 100644
index 000000000..e46b8acc2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go
@@ -0,0 +1,23 @@
+package eventstreamapi
+
+// EventStream headers with specific meaning to async API functionality.
+const (
+ ChunkSignatureHeader = `:chunk-signature` // chunk signature for message
+ DateHeader = `:date` // Date header for signature
+
+ // Message header and values
+ MessageTypeHeader = `:message-type` // Identifies type of message.
+ EventMessageType = `event`
+ ErrorMessageType = `error`
+ ExceptionMessageType = `exception`
+
+ // Message Events
+ EventTypeHeader = `:event-type` // Identifies message event type e.g. "Stats".
+
+ // Message Error
+ ErrorCodeHeader = `:error-code`
+ ErrorMessageHeader = `:error-message`
+
+ // Message Exception
+ ExceptionTypeHeader = `:exception-type`
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go
new file mode 100644
index 000000000..3a7ba5cd5
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go
@@ -0,0 +1,123 @@
+package eventstreamapi
+
+import (
+ "bytes"
+ "strings"
+ "time"
+
+ "github.com/aws/aws-sdk-go/private/protocol/eventstream"
+)
+
+var timeNow = time.Now
+
+// StreamSigner defines an interface for the implementation of signing of event stream payloads
+type StreamSigner interface {
+ GetSignature(headers, payload []byte, date time.Time) ([]byte, error)
+}
+
+// SignEncoder envelopes event stream messages
+// into an event stream message payload with included
+// signature headers using the provided signer and encoder.
+type SignEncoder struct {
+ signer StreamSigner
+ encoder Encoder
+ bufEncoder *BufferEncoder
+
+ closeErr error
+ closed bool
+}
+
+// NewSignEncoder returns a new SignEncoder using the provided stream signer and
+// event stream encoder.
+func NewSignEncoder(signer StreamSigner, encoder Encoder) *SignEncoder {
+ // TODO: Need to pass down logging
+
+ return &SignEncoder{
+ signer: signer,
+ encoder: encoder,
+ bufEncoder: NewBufferEncoder(),
+ }
+}
+
+// Close encodes a final event stream signing envelope with an empty event stream
+// payload. This final end-frame is used to mark the conclusion of the stream.
+func (s *SignEncoder) Close() error {
+ if s.closed {
+ return s.closeErr
+ }
+
+ if err := s.encode([]byte{}); err != nil {
+ if strings.Contains(err.Error(), "on closed pipe") {
+ return nil
+ }
+
+ s.closeErr = err
+ s.closed = true
+ return s.closeErr
+ }
+
+ return nil
+}
+
+// Encode takes the provided message and add envelopes the message
+// with the required signature.
+func (s *SignEncoder) Encode(msg eventstream.Message) error {
+ payload, err := s.bufEncoder.Encode(msg)
+ if err != nil {
+ return err
+ }
+
+ return s.encode(payload)
+}
+
+func (s SignEncoder) encode(payload []byte) error {
+ date := timeNow()
+
+ var msg eventstream.Message
+ msg.Headers.Set(DateHeader, eventstream.TimestampValue(date))
+ msg.Payload = payload
+
+ var headers bytes.Buffer
+ if err := eventstream.EncodeHeaders(&headers, msg.Headers); err != nil {
+ return err
+ }
+
+ sig, err := s.signer.GetSignature(headers.Bytes(), msg.Payload, date)
+ if err != nil {
+ return err
+ }
+
+ msg.Headers.Set(ChunkSignatureHeader, eventstream.BytesValue(sig))
+
+ return s.encoder.Encode(msg)
+}
+
+// BufferEncoder is a utility that provides a buffered
+// event stream encoder
+type BufferEncoder struct {
+ encoder Encoder
+ buffer *bytes.Buffer
+}
+
+// NewBufferEncoder returns a new BufferEncoder initialized
+// with a 1024 byte buffer.
+func NewBufferEncoder() *BufferEncoder {
+ buf := bytes.NewBuffer(make([]byte, 1024))
+ return &BufferEncoder{
+ encoder: eventstream.NewEncoder(buf),
+ buffer: buf,
+ }
+}
+
+// Encode returns the encoded message as a byte slice.
+// The returned byte slice will be modified on the next encode call
+// and should not be held onto.
+func (e *BufferEncoder) Encode(msg eventstream.Message) ([]byte, error) {
+ e.buffer.Reset()
+
+ if err := e.encoder.Encode(msg); err != nil {
+ return nil, err
+ }
+
+ return e.buffer.Bytes(), nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go
new file mode 100644
index 000000000..433bb1630
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go
@@ -0,0 +1,129 @@
+package eventstreamapi
+
+import (
+ "fmt"
+ "io"
+ "sync"
+
+ "github.com/aws/aws-sdk-go/aws"
+)
+
+// StreamWriter provides concurrent safe writing to an event stream.
+type StreamWriter struct {
+ eventWriter *EventWriter
+ stream chan eventWriteAsyncReport
+
+ done chan struct{}
+ closeOnce sync.Once
+ err *OnceError
+
+ streamCloser io.Closer
+}
+
+// NewStreamWriter returns a StreamWriter for the event writer, and stream
+// closer provided.
+func NewStreamWriter(eventWriter *EventWriter, streamCloser io.Closer) *StreamWriter {
+ w := &StreamWriter{
+ eventWriter: eventWriter,
+ streamCloser: streamCloser,
+ stream: make(chan eventWriteAsyncReport),
+ done: make(chan struct{}),
+ err: NewOnceError(),
+ }
+ go w.writeStream()
+
+ return w
+}
+
+// Close terminates the writers ability to write new events to the stream. Any
+// future call to Send will fail with an error.
+func (w *StreamWriter) Close() error {
+ w.closeOnce.Do(w.safeClose)
+ return w.Err()
+}
+
+func (w *StreamWriter) safeClose() {
+ close(w.done)
+}
+
+// ErrorSet returns a channel which will be closed
+// if an error occurs.
+func (w *StreamWriter) ErrorSet() <-chan struct{} {
+ return w.err.ErrorSet()
+}
+
+// Err returns any error that occurred while attempting to write an event to the
+// stream.
+func (w *StreamWriter) Err() error {
+ return w.err.Err()
+}
+
+// Send writes a single event to the stream returning an error if the write
+// failed.
+//
+// Send may be called concurrently. Events will be written to the stream
+// safely.
+func (w *StreamWriter) Send(ctx aws.Context, event Marshaler) error {
+ if err := w.Err(); err != nil {
+ return err
+ }
+
+ resultCh := make(chan error)
+ wrapped := eventWriteAsyncReport{
+ Event: event,
+ Result: resultCh,
+ }
+
+ select {
+ case w.stream <- wrapped:
+ case <-ctx.Done():
+ return ctx.Err()
+ case <-w.done:
+ return fmt.Errorf("stream closed, unable to send event")
+ }
+
+ select {
+ case err := <-resultCh:
+ return err
+ case <-ctx.Done():
+ return ctx.Err()
+ case <-w.done:
+ return fmt.Errorf("stream closed, unable to send event")
+ }
+}
+
+func (w *StreamWriter) writeStream() {
+ defer w.Close()
+
+ for {
+ select {
+ case wrapper := <-w.stream:
+ err := w.eventWriter.WriteEvent(wrapper.Event)
+ wrapper.ReportResult(w.done, err)
+ if err != nil {
+ w.err.SetError(err)
+ return
+ }
+
+ case <-w.done:
+ if err := w.streamCloser.Close(); err != nil {
+ w.err.SetError(err)
+ }
+ return
+ }
+ }
+}
+
+type eventWriteAsyncReport struct {
+ Event Marshaler
+ Result chan<- error
+}
+
+func (e eventWriteAsyncReport) ReportResult(cancel <-chan struct{}, err error) bool {
+ select {
+ case e.Result <- err:
+ return true
+ case <-cancel:
+ return false
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
new file mode 100644
index 000000000..10a3823df
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
@@ -0,0 +1,109 @@
+package eventstreamapi
+
+import (
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/eventstream"
+)
+
+// Marshaler provides a marshaling interface for event types to event stream
+// messages.
+type Marshaler interface {
+ MarshalEvent(protocol.PayloadMarshaler) (eventstream.Message, error)
+}
+
+// Encoder is an stream encoder that will encode an event stream message for
+// the transport.
+type Encoder interface {
+ Encode(eventstream.Message) error
+}
+
+// EventWriter provides a wrapper around the underlying event stream encoder
+// for an io.WriteCloser.
+type EventWriter struct {
+ encoder Encoder
+ payloadMarshaler protocol.PayloadMarshaler
+ eventTypeFor func(Marshaler) (string, error)
+}
+
+// NewEventWriter returns a new event stream writer, that will write to the
+// writer provided. Use the WriteEvent method to write an event to the stream.
+func NewEventWriter(encoder Encoder, pm protocol.PayloadMarshaler, eventTypeFor func(Marshaler) (string, error),
+) *EventWriter {
+ return &EventWriter{
+ encoder: encoder,
+ payloadMarshaler: pm,
+ eventTypeFor: eventTypeFor,
+ }
+}
+
+// WriteEvent writes an event to the stream. Returns an error if the event
+// fails to marshal into a message, or writing to the underlying writer fails.
+func (w *EventWriter) WriteEvent(event Marshaler) error {
+ msg, err := w.marshal(event)
+ if err != nil {
+ return err
+ }
+
+ return w.encoder.Encode(msg)
+}
+
+func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) {
+ eventType, err := w.eventTypeFor(event)
+ if err != nil {
+ return eventstream.Message{}, err
+ }
+
+ msg, err := event.MarshalEvent(w.payloadMarshaler)
+ if err != nil {
+ return eventstream.Message{}, err
+ }
+
+ msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType))
+ return msg, nil
+}
+
+//type EventEncoder struct {
+// encoder Encoder
+// ppayloadMarshaler protocol.PayloadMarshaler
+// eventTypeFor func(Marshaler) (string, error)
+//}
+//
+//func (e EventEncoder) Encode(event Marshaler) error {
+// msg, err := e.marshal(event)
+// if err != nil {
+// return err
+// }
+//
+// return w.encoder.Encode(msg)
+//}
+//
+//func (e EventEncoder) marshal(event Marshaler) (eventstream.Message, error) {
+// eventType, err := w.eventTypeFor(event)
+// if err != nil {
+// return eventstream.Message{}, err
+// }
+//
+// msg, err := event.MarshalEvent(w.payloadMarshaler)
+// if err != nil {
+// return eventstream.Message{}, err
+// }
+//
+// msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType))
+// return msg, nil
+//}
+//
+//func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) {
+// eventType, err := w.eventTypeFor(event)
+// if err != nil {
+// return eventstream.Message{}, err
+// }
+//
+// msg, err := event.MarshalEvent(w.payloadMarshaler)
+// if err != nil {
+// return eventstream.Message{}, err
+// }
+//
+// msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType))
+// return msg, nil
+//}
+//
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
index e3fc0766a..9f509d8f6 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go
@@ -461,6 +461,11 @@ func (v *TimestampValue) decode(r io.Reader) error {
return nil
}
+// MarshalJSON implements the json.Marshaler interface
+func (v TimestampValue) MarshalJSON() ([]byte, error) {
+ return []byte(v.String()), nil
+}
+
func timeFromEpochMilli(t int64) time.Time {
secs := t / 1e3
msec := t % 1e3
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
index 2dc012a66..25c9783cd 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go
@@ -27,7 +27,7 @@ func (m *Message) rawMessage() (rawMessage, error) {
if len(m.Headers) > 0 {
var headers bytes.Buffer
- if err := encodeHeaders(&headers, m.Headers); err != nil {
+ if err := EncodeHeaders(&headers, m.Headers); err != nil {
return rawMessage{}, err
}
raw.Headers = headers.Bytes()
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
index ea0da79a5..5e9499699 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
@@ -7,6 +7,7 @@ import (
"fmt"
"io"
"reflect"
+ "strings"
"time"
"github.com/aws/aws-sdk-go/aws"
@@ -45,10 +46,31 @@ func UnmarshalJSON(v interface{}, stream io.Reader) error {
return err
}
- return unmarshalAny(reflect.ValueOf(v), out, "")
+ return unmarshaler{}.unmarshalAny(reflect.ValueOf(v), out, "")
}
-func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+// UnmarshalJSONCaseInsensitive reads a stream and unmarshals the result into the
+// object v. Ignores casing for structure members.
+func UnmarshalJSONCaseInsensitive(v interface{}, stream io.Reader) error {
+ var out interface{}
+
+ err := json.NewDecoder(stream).Decode(&out)
+ if err == io.EOF {
+ return nil
+ } else if err != nil {
+ return err
+ }
+
+ return unmarshaler{
+ caseInsensitive: true,
+ }.unmarshalAny(reflect.ValueOf(v), out, "")
+}
+
+type unmarshaler struct {
+ caseInsensitive bool
+}
+
+func (u unmarshaler) unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
vtype := value.Type()
if vtype.Kind() == reflect.Ptr {
vtype = vtype.Elem() // check kind of actual element type
@@ -80,17 +102,17 @@ func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag)
if field, ok := vtype.FieldByName("_"); ok {
tag = field.Tag
}
- return unmarshalStruct(value, data, tag)
+ return u.unmarshalStruct(value, data, tag)
case "list":
- return unmarshalList(value, data, tag)
+ return u.unmarshalList(value, data, tag)
case "map":
- return unmarshalMap(value, data, tag)
+ return u.unmarshalMap(value, data, tag)
default:
- return unmarshalScalar(value, data, tag)
+ return u.unmarshalScalar(value, data, tag)
}
}
-func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
if data == nil {
return nil
}
@@ -114,7 +136,7 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
// unwrap any payloads
if payload := tag.Get("payload"); payload != "" {
field, _ := t.FieldByName(payload)
- return unmarshalAny(value.FieldByName(payload), data, field.Tag)
+ return u.unmarshalAny(value.FieldByName(payload), data, field.Tag)
}
for i := 0; i < t.NumField(); i++ {
@@ -128,9 +150,19 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
if locName := field.Tag.Get("locationName"); locName != "" {
name = locName
}
+ if u.caseInsensitive {
+ if _, ok := mapData[name]; !ok {
+ // Fallback to uncased name search if the exact name didn't match.
+ for kn, v := range mapData {
+ if strings.EqualFold(kn, name) {
+ mapData[name] = v
+ }
+ }
+ }
+ }
member := value.FieldByIndex(field.Index)
- err := unmarshalAny(member, mapData[name], field.Tag)
+ err := u.unmarshalAny(member, mapData[name], field.Tag)
if err != nil {
return err
}
@@ -138,7 +170,7 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa
return nil
}
-func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
if data == nil {
return nil
}
@@ -153,7 +185,7 @@ func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag)
}
for i, c := range listData {
- err := unmarshalAny(value.Index(i), c, "")
+ err := u.unmarshalAny(value.Index(i), c, "")
if err != nil {
return err
}
@@ -162,7 +194,7 @@ func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag)
return nil
}
-func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
if data == nil {
return nil
}
@@ -179,14 +211,14 @@ func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag)
kvalue := reflect.ValueOf(k)
vvalue := reflect.New(value.Type().Elem()).Elem()
- unmarshalAny(vvalue, v, "")
+ u.unmarshalAny(vvalue, v, "")
value.SetMapIndex(kvalue, vvalue)
}
return nil
}
-func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
+func (u unmarshaler) unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
switch d := data.(type) {
case nil:
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
index e21614a12..0ea0647a5 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go
@@ -64,7 +64,7 @@ func (h HandlerPayloadMarshal) MarshalPayload(w io.Writer, v interface{}) error
metadata.ClientInfo{},
request.Handlers{},
nil,
- &request.Operation{HTTPMethod: "GET"},
+ &request.Operation{HTTPMethod: "PUT"},
v,
nil,
)
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
new file mode 100644
index 000000000..9d521dcb9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go
@@ -0,0 +1,49 @@
+package protocol
+
+import (
+ "fmt"
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// RequireHTTPMinProtocol request handler is used to enforce that
+// the target endpoint supports the given major and minor HTTP protocol version.
+type RequireHTTPMinProtocol struct {
+ Major, Minor int
+}
+
+// Handler will mark the request.Request with an error if the
+// target endpoint did not connect with the required HTTP protocol
+// major and minor version.
+func (p RequireHTTPMinProtocol) Handler(r *request.Request) {
+ if r.Error != nil || r.HTTPResponse == nil {
+ return
+ }
+
+ if !strings.HasPrefix(r.HTTPResponse.Proto, "HTTP") {
+ r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
+ }
+
+ if r.HTTPResponse.ProtoMajor < p.Major || r.HTTPResponse.ProtoMinor < p.Minor {
+ r.Error = newMinHTTPProtoError(p.Major, p.Minor, r)
+ }
+}
+
+// ErrCodeMinimumHTTPProtocolError error code is returned when the target endpoint
+// did not match the required HTTP major and minor protocol version.
+const ErrCodeMinimumHTTPProtocolError = "MinimumHTTPProtocolError"
+
+func newMinHTTPProtoError(major, minor int, r *request.Request) error {
+ return awserr.NewRequestFailure(
+ awserr.New("MinimumHTTPProtocolError",
+ fmt.Sprintf(
+ "operation requires minimum HTTP protocol of HTTP/%d.%d, but was %s",
+ major, minor, r.HTTPResponse.Proto,
+ ),
+ nil,
+ ),
+ r.HTTPResponse.StatusCode, r.RequestID,
+ )
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
index 0cb99eb57..d40346a77 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
@@ -1,7 +1,7 @@
// Package query provides serialization of AWS query requests, and responses.
package query
-//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/query.json build_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/query.json build_test.go
import (
"net/url"
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
index f69c1efc9..9231e95d1 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
@@ -1,6 +1,6 @@
package query
-//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/query.json unmarshal_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/query.json unmarshal_test.go
import (
"encoding/xml"
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
index 74e361e07..92f8b4d9a 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
@@ -15,6 +15,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/request"
+ awsStrings "github.com/aws/aws-sdk-go/internal/strings"
"github.com/aws/aws-sdk-go/private/protocol"
)
@@ -28,7 +29,9 @@ var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.rest.UnmarshalMeta
func Unmarshal(r *request.Request) {
if r.DataFilled() {
v := reflect.Indirect(reflect.ValueOf(r.Data))
- unmarshalBody(r, v)
+ if err := unmarshalBody(r, v); err != nil {
+ r.Error = err
+ }
}
}
@@ -40,12 +43,21 @@ func UnmarshalMeta(r *request.Request) {
r.RequestID = r.HTTPResponse.Header.Get("X-Amz-Request-Id")
}
if r.DataFilled() {
- v := reflect.Indirect(reflect.ValueOf(r.Data))
- unmarshalLocationElements(r, v)
+ if err := UnmarshalResponse(r.HTTPResponse, r.Data, aws.BoolValue(r.Config.LowerCaseHeaderMaps)); err != nil {
+ r.Error = err
+ }
}
}
-func unmarshalBody(r *request.Request, v reflect.Value) {
+// UnmarshalResponse attempts to unmarshal the REST response headers to
+// the data type passed in. The type must be a pointer. An error is returned
+// with any error unmarshaling the response into the target datatype.
+func UnmarshalResponse(resp *http.Response, data interface{}, lowerCaseHeaderMaps bool) error {
+ v := reflect.Indirect(reflect.ValueOf(data))
+ return unmarshalLocationElements(resp, v, lowerCaseHeaderMaps)
+}
+
+func unmarshalBody(r *request.Request, v reflect.Value) error {
if field, ok := v.Type().FieldByName("_"); ok {
if payloadName := field.Tag.Get("payload"); payloadName != "" {
pfield, _ := v.Type().FieldByName(payloadName)
@@ -57,35 +69,38 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
defer r.HTTPResponse.Body.Close()
b, err := ioutil.ReadAll(r.HTTPResponse.Body)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
- } else {
- payload.Set(reflect.ValueOf(b))
+ return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
+
+ payload.Set(reflect.ValueOf(b))
+
case *string:
defer r.HTTPResponse.Body.Close()
b, err := ioutil.ReadAll(r.HTTPResponse.Body)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
- } else {
- str := string(b)
- payload.Set(reflect.ValueOf(&str))
+ return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
+
+ str := string(b)
+ payload.Set(reflect.ValueOf(&str))
+
default:
switch payload.Type().String() {
case "io.ReadCloser":
payload.Set(reflect.ValueOf(r.HTTPResponse.Body))
+
case "io.ReadSeeker":
b, err := ioutil.ReadAll(r.HTTPResponse.Body)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization,
+ return awserr.New(request.ErrCodeSerialization,
"failed to read response body", err)
- return
}
payload.Set(reflect.ValueOf(ioutil.NopCloser(bytes.NewReader(b))))
+
default:
io.Copy(ioutil.Discard, r.HTTPResponse.Body)
- defer r.HTTPResponse.Body.Close()
- r.Error = awserr.New(request.ErrCodeSerialization,
+ r.HTTPResponse.Body.Close()
+ return awserr.New(request.ErrCodeSerialization,
"failed to decode REST response",
fmt.Errorf("unknown payload type %s", payload.Type()))
}
@@ -94,9 +109,11 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
}
}
}
+
+ return nil
}
-func unmarshalLocationElements(r *request.Request, v reflect.Value) {
+func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHeaderMaps bool) error {
for i := 0; i < v.NumField(); i++ {
m, field := v.Field(i), v.Type().Field(i)
if n := field.Name; n[0:1] == strings.ToLower(n[0:1]) {
@@ -111,26 +128,25 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) {
switch field.Tag.Get("location") {
case "statusCode":
- unmarshalStatusCode(m, r.HTTPResponse.StatusCode)
+ unmarshalStatusCode(m, resp.StatusCode)
+
case "header":
- err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag)
+ err := unmarshalHeader(m, resp.Header.Get(name), field.Tag)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
- break
+ return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
+
case "headers":
prefix := field.Tag.Get("locationName")
- err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix)
+ err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps)
if err != nil {
- r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
- break
+ awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
}
}
- if r.Error != nil {
- return
- }
}
+
+ return nil
}
func unmarshalStatusCode(v reflect.Value, statusCode int) {
@@ -145,7 +161,7 @@ func unmarshalStatusCode(v reflect.Value, statusCode int) {
}
}
-func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) error {
+func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string, normalize bool) error {
if len(headers) == 0 {
return nil
}
@@ -153,8 +169,12 @@ func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) err
case map[string]*string: // we only support string map value types
out := map[string]*string{}
for k, v := range headers {
- k = http.CanonicalHeaderKey(k)
- if strings.HasPrefix(strings.ToLower(k), strings.ToLower(prefix)) {
+ if awsStrings.HasPrefixFold(k, prefix) {
+ if normalize == true {
+ k = strings.ToLower(k)
+ } else {
+ k = http.CanonicalHeaderKey(k)
+ }
out[k[len(prefix):]] = &v[0]
}
}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
index 07a6187ea..b1ae36487 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
@@ -2,8 +2,8 @@
// requests and responses.
package restxml
-//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/rest-xml.json build_test.go
-//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/rest-xml.json unmarshal_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-xml.json build_test.go
+//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-xml.json unmarshal_test.go
import (
"bytes"
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
index da1a68111..f614ef898 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go
@@ -19,3 +19,9 @@ func UnmarshalDiscardBody(r *request.Request) {
io.Copy(ioutil.Discard, r.HTTPResponse.Body)
r.HTTPResponse.Body.Close()
}
+
+// ResponseMetadata provides the SDK response metadata attributes.
+type ResponseMetadata struct {
+ StatusCode int
+ RequestID string
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
new file mode 100644
index 000000000..cc857f136
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go
@@ -0,0 +1,65 @@
+package protocol
+
+import (
+ "net/http"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// UnmarshalErrorHandler provides unmarshaling errors API response errors for
+// both typed and untyped errors.
+type UnmarshalErrorHandler struct {
+ unmarshaler ErrorUnmarshaler
+}
+
+// ErrorUnmarshaler is an abstract interface for concrete implementations to
+// unmarshal protocol specific response errors.
+type ErrorUnmarshaler interface {
+ UnmarshalError(*http.Response, ResponseMetadata) (error, error)
+}
+
+// NewUnmarshalErrorHandler returns an UnmarshalErrorHandler
+// initialized for the set of exception names to the error unmarshalers
+func NewUnmarshalErrorHandler(unmarshaler ErrorUnmarshaler) *UnmarshalErrorHandler {
+ return &UnmarshalErrorHandler{
+ unmarshaler: unmarshaler,
+ }
+}
+
+// UnmarshalErrorHandlerName is the name of the named handler.
+const UnmarshalErrorHandlerName = "awssdk.protocol.UnmarshalError"
+
+// NamedHandler returns a NamedHandler for the unmarshaler using the set of
+// errors the unmarshaler was initialized for.
+func (u *UnmarshalErrorHandler) NamedHandler() request.NamedHandler {
+ return request.NamedHandler{
+ Name: UnmarshalErrorHandlerName,
+ Fn: u.UnmarshalError,
+ }
+}
+
+// UnmarshalError will attempt to unmarshal the API response's error message
+// into either a generic SDK error type, or a typed error corresponding to the
+// errors exception name.
+func (u *UnmarshalErrorHandler) UnmarshalError(r *request.Request) {
+ defer r.HTTPResponse.Body.Close()
+
+ respMeta := ResponseMetadata{
+ StatusCode: r.HTTPResponse.StatusCode,
+ RequestID: r.RequestID,
+ }
+
+ v, err := u.unmarshaler.UnmarshalError(r.HTTPResponse, respMeta)
+ if err != nil {
+ r.Error = awserr.NewRequestFailure(
+ awserr.New(request.ErrCodeSerialization,
+ "failed to unmarshal response error", err),
+ respMeta.StatusCode,
+ respMeta.RequestID,
+ )
+ return
+ }
+
+ r.Error = v
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
index cf981fe95..09ad95159 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
@@ -8,6 +8,7 @@ import (
"reflect"
"sort"
"strconv"
+ "strings"
"time"
"github.com/aws/aws-sdk-go/private/protocol"
@@ -60,6 +61,14 @@ func (b *xmlBuilder) buildValue(value reflect.Value, current *XMLNode, tag refle
return nil
}
+ xml := tag.Get("xml")
+ if len(xml) != 0 {
+ name := strings.SplitAfterN(xml, ",", 2)[0]
+ if name == "-" {
+ return nil
+ }
+ }
+
t := tag.Get("type")
if t == "" {
switch value.Kind() {
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
index 7108d3800..107c053f8 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
@@ -64,6 +64,14 @@ func UnmarshalXML(v interface{}, d *xml.Decoder, wrapper string) error {
// parse deserializes any value from the XMLNode. The type tag is used to infer the type, or reflect
// will be used to determine the type from r.
func parse(r reflect.Value, node *XMLNode, tag reflect.StructTag) error {
+ xml := tag.Get("xml")
+ if len(xml) != 0 {
+ name := strings.SplitAfterN(xml, ",", 2)[0]
+ if name == "-" {
+ return nil
+ }
+ }
+
rtype := r.Type()
if rtype.Kind() == reflect.Ptr {
rtype = rtype.Elem() // check kind of actual element type
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
index b4a4e8c4a..228cd3cfe 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
@@ -7,7 +7,6 @@ import (
"fmt"
"io"
"sync"
- "sync/atomic"
"time"
"github.com/aws/aws-sdk-go/aws"
@@ -15,11 +14,13 @@ import (
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/checksum"
"github.com/aws/aws-sdk-go/private/protocol"
"github.com/aws/aws-sdk-go/private/protocol/eventstream"
"github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi"
"github.com/aws/aws-sdk-go/private/protocol/rest"
"github.com/aws/aws-sdk-go/private/protocol/restxml"
+ "github.com/aws/aws-sdk-go/service/s3/internal/arn"
)
const opAbortMultipartUpload = "AbortMultipartUpload"
@@ -66,11 +67,31 @@ func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req
// AbortMultipartUpload API operation for Amazon Simple Storage Service.
//
-// Aborts a multipart upload.
+// This operation aborts a multipart upload. After a multipart upload is aborted,
+// no additional parts can be uploaded using that upload ID. The storage consumed
+// by any previously uploaded parts will be freed. However, if any part uploads
+// are currently in progress, those part uploads might or might not succeed.
+// As a result, it might be necessary to abort a given multipart upload multiple
+// times in order to completely free all storage consumed by all parts.
//
// To verify that all parts have been removed, so you don't get charged for
-// the part storage, you should call the List Parts operation and ensure the
-// parts list is empty.
+// the part storage, you should call the ListParts operation and ensure that
+// the parts list is empty.
+//
+// For information about permissions required to use the multipart upload API,
+// see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// The following operations are related to AbortMultipartUpload:
+//
+// * CreateMultipartUpload
+//
+// * UploadPart
+//
+// * CompleteMultipartUpload
+//
+// * ListParts
+//
+// * ListMultipartUploads
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -151,6 +172,64 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput)
//
// Completes a multipart upload by assembling previously uploaded parts.
//
+// You first initiate the multipart upload and then upload all parts using the
+// UploadPart operation. After successfully uploading all relevant parts of
+// an upload, you call this operation to complete the upload. Upon receiving
+// this request, Amazon S3 concatenates all the parts in ascending order by
+// part number to create a new object. In the Complete Multipart Upload request,
+// you must provide the parts list. You must ensure that the parts list is complete.
+// This operation concatenates the parts that you provide in the list. For each
+// part in the list, you must provide the part number and the ETag value, returned
+// after that part was uploaded.
+//
+// Processing of a Complete Multipart Upload request could take several minutes
+// to complete. After Amazon S3 begins processing the request, it sends an HTTP
+// response header that specifies a 200 OK response. While processing is in
+// progress, Amazon S3 periodically sends white space characters to keep the
+// connection from timing out. Because a request could fail after the initial
+// 200 OK response has been sent, it is important that you check the response
+// body to determine whether the request succeeded.
+//
+// Note that if CompleteMultipartUpload fails, applications should be prepared
+// to retry the failed requests. For more information, see Amazon S3 Error Best
+// Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html).
+//
+// For more information about multipart uploads, see Uploading Objects Using
+// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
+//
+// For information about permissions required to use the multipart upload API,
+// see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// GetBucketLifecycle has the following special errors:
+//
+// * Error code: EntityTooSmall Description: Your proposed upload is smaller
+// than the minimum allowed object size. Each part must be at least 5 MB
+// in size, except the last part. 400 Bad Request
+//
+// * Error code: InvalidPart Description: One or more of the specified parts
+// could not be found. The part might not have been uploaded, or the specified
+// entity tag might not have matched the part's entity tag. 400 Bad Request
+//
+// * Error code: InvalidPartOrder Description: The list of parts was not
+// in ascending order. The parts list must be specified in order by part
+// number. 400 Bad Request
+//
+// * Error code: NoSuchUpload Description: The specified multipart upload
+// does not exist. The upload ID might be invalid, or the multipart upload
+// might have been aborted or completed. 404 Not Found
+//
+// The following operations are related to CompleteMultipartUpload:
+//
+// * CreateMultipartUpload
+//
+// * UploadPart
+//
+// * AbortMultipartUpload
+//
+// * ListParts
+//
+// * ListMultipartUploads
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -225,6 +304,153 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou
//
// Creates a copy of an object that is already stored in Amazon S3.
//
+// You can store individual objects of up to 5 TB in Amazon S3. You create a
+// copy of your object up to 5 GB in size in a single atomic operation using
+// this API. However, to copy an object greater than 5 GB, you must use the
+// multipart upload Upload Part - Copy API. For more information, see Copy Object
+// Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html).
+//
+// All copy requests must be authenticated. Additionally, you must have read
+// access to the source object and write access to the destination bucket. For
+// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html).
+// Both the Region that you want to copy the object from and the Region that
+// you want to copy the object to must be enabled for your account.
+//
+// A copy request might return an error when Amazon S3 receives the copy request
+// or while Amazon S3 is copying the files. If the error occurs before the copy
+// operation starts, you receive a standard Amazon S3 error. If the error occurs
+// during the copy operation, the error response is embedded in the 200 OK response.
+// This means that a 200 OK response can contain either a success or an error.
+// Design your application to parse the contents of the response and handle
+// it appropriately.
+//
+// If the copy is successful, you receive a response with information about
+// the copied object.
+//
+// If the request is an HTTP 1.1 request, the response is chunk encoded. If
+// it were not, it would not contain the content-length, and you would need
+// to read the entire body.
+//
+// The copy request charge is based on the storage class and Region that you
+// specify for the destination object. For pricing information, see Amazon S3
+// pricing (https://aws.amazon.com/s3/pricing/).
+//
+// Amazon S3 transfer acceleration does not support cross-Region copies. If
+// you request a cross-Region copy using a transfer acceleration endpoint, you
+// get a 400 Bad Request error. For more information, see Transfer Acceleration
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
+//
+// Metadata
+//
+// When copying an object, you can preserve all metadata (default) or specify
+// new metadata. However, the ACL is not preserved and is set to private for
+// the user making the request. To override the default ACL setting, specify
+// a new ACL when generating a copy request. For more information, see Using
+// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
+//
+// To specify whether you want the object metadata copied from the source object
+// or replaced with metadata provided in the request, you can optionally add
+// the x-amz-metadata-directive header. When you grant permissions, you can
+// use the s3:x-amz-metadata-directive condition key to enforce certain metadata
+// behavior when objects are uploaded. For more information, see Specifying
+// Conditions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html)
+// in the Amazon S3 Developer Guide. For a complete list of Amazon S3-specific
+// condition keys, see Actions, Resources, and Condition Keys for Amazon S3
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html).
+//
+// x-amz-copy-source-if Headers
+//
+// To only copy an object under certain conditions, such as whether the Etag
+// matches or whether the object was modified before or after a specified date,
+// use the following request parameters:
+//
+// * x-amz-copy-source-if-match
+//
+// * x-amz-copy-source-if-none-match
+//
+// * x-amz-copy-source-if-unmodified-since
+//
+// * x-amz-copy-source-if-modified-since
+//
+// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
+// headers are present in the request and evaluate as follows, Amazon S3 returns
+// 200 OK and copies the data:
+//
+// * x-amz-copy-source-if-match condition evaluates to true
+//
+// * x-amz-copy-source-if-unmodified-since condition evaluates to false
+//
+// If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since
+// headers are present in the request and evaluate as follows, Amazon S3 returns
+// the 412 Precondition Failed response code:
+//
+// * x-amz-copy-source-if-none-match condition evaluates to false
+//
+// * x-amz-copy-source-if-modified-since condition evaluates to true
+//
+// All headers with the x-amz- prefix, including x-amz-copy-source, must be
+// signed.
+//
+// Encryption
+//
+// The source object that you are copying can be encrypted or unencrypted. The
+// source object can be encrypted with server-side encryption using AWS managed
+// encryption keys (SSE-S3 or SSE-KMS) or by using a customer-provided encryption
+// key. With server-side encryption, Amazon S3 encrypts your data as it writes
+// it to disks in its data centers and decrypts the data when you access it.
+//
+// You can optionally use the appropriate encryption-related headers to request
+// server-side encryption for the target object. You have the option to provide
+// your own encryption key or use SSE-S3 or SSE-KMS, regardless of the form
+// of server-side encryption that was used to encrypt the source object. You
+// can even request encryption if the source object was not encrypted. For more
+// information about server-side encryption, see Using Server-Side Encryption
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
+//
+// Access Control List (ACL)-Specific Request Headers
+//
+// When copying an object, you can optionally use headers to grant ACL-based
+// permissions. By default, all objects are private. Only the owner has full
+// access control. When adding a new object, you can grant permissions to individual
+// AWS accounts or to predefined groups defined by Amazon S3. These permissions
+// are then added to the ACL on the object. For more information, see Access
+// Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html).
+//
+// Storage Class Options
+//
+// You can use the CopyObject operation to change the storage class of an object
+// that is already stored in Amazon S3 using the StorageClass parameter. For
+// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+// in the Amazon S3 Service Developer Guide.
+//
+// Versioning
+//
+// By default, x-amz-copy-source identifies the current version of an object
+// to copy. If the current version is a delete marker, Amazon S3 behaves as
+// if the object was deleted. To copy a different version, use the versionId
+// subresource.
+//
+// If you enable versioning on the target bucket, Amazon S3 generates a unique
+// version ID for the object being copied. This version ID is different from
+// the version ID of the source object. Amazon S3 returns the version ID of
+// the copied object in the x-amz-version-id response header in the response.
+//
+// If you do not enable versioning or suspend it on the target bucket, the version
+// ID that Amazon S3 generates is always null.
+//
+// If the source object's storage class is GLACIER, you must restore a copy
+// of this object before you can use it as a source object for the copy operation.
+// For more information, see .
+//
+// The following operations are related to CopyObject:
+//
+// * PutObject
+//
+// * GetObject
+//
+// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html).
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -235,7 +461,7 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou
// Returned Error Codes:
// * ErrCodeObjectNotInActiveTierError "ObjectNotInActiveTierError"
// The source object of the COPY operation is not in the active tier and is
-// only stored in Amazon Glacier.
+// only stored in Amazon S3 Glacier.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject
func (c *S3) CopyObject(input *CopyObjectInput) (*CopyObjectOutput, error) {
@@ -303,7 +529,67 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request
// CreateBucket API operation for Amazon Simple Storage Service.
//
-// Creates a new bucket.
+// Creates a new bucket. To create a bucket, you must register with Amazon S3
+// and have a valid AWS Access Key ID to authenticate requests. Anonymous requests
+// are never allowed to create buckets. By creating the bucket, you become the
+// bucket owner.
+//
+// Not every string is an acceptable bucket name. For information on bucket
+// naming restrictions, see Working with Amazon S3 Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html).
+//
+// By default, the bucket is created in the US East (N. Virginia) Region. You
+// can optionally specify a Region in the request body. You might choose a Region
+// to optimize latency, minimize costs, or address regulatory requirements.
+// For example, if you reside in Europe, you will probably find it advantageous
+// to create buckets in the Europe (Ireland) Region. For more information, see
+// How to Select a Region for Your Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
+//
+// If you send your create bucket request to the s3.amazonaws.com endpoint,
+// the request goes to the us-east-1 Region. Accordingly, the signature calculations
+// in Signature Version 4 must use us-east-1 as the Region, even if the location
+// constraint in the request specifies another Region where the bucket is to
+// be created. If you create a bucket in a Region other than US East (N. Virginia),
+// your application must be able to handle 307 redirect. For more information,
+// see Virtual Hosting of Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html).
+//
+// When creating a bucket using this operation, you can optionally specify the
+// accounts or groups that should be granted specific permissions on the bucket.
+// There are two ways to grant the appropriate permissions using the request
+// headers.
+//
+// * Specify a canned ACL using the x-amz-acl request header. Amazon S3 supports
+// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a
+// predefined set of grantees and permissions. For more information, see
+// Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+// * Specify access permissions explicitly using the x-amz-grant-read, x-amz-grant-write,
+// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control
+// headers. These headers map to the set of permissions Amazon S3 supports
+// in an ACL. For more information, see Access Control List (ACL) Overview
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You
+// specify each grantee as a type=value pair, where the type is one of the
+// following: id – if the value specified is the canonical user ID of an
+// AWS account uri – if you are granting permissions to a predefined group
+// emailAddress – if the value specified is the email address of an AWS
+// account Using email addresses to specify a grantee is only supported in
+// the following AWS Regions: US East (N. Virginia) US West (N. California)
+// US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific
+// (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all
+// the Amazon S3 supported Regions and endpoints, see Regions and Endpoints
+// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in
+// the AWS General Reference. For example, the following x-amz-grant-read
+// header grants the AWS accounts identified by account IDs permissions to
+// read object data and its metadata: x-amz-grant-read: id="11112222333",
+// id="444455556666"
+//
+// You can use either a canned ACL or specify access permissions explicitly.
+// You cannot do both.
+//
+// The following operations are related to CreateBucket:
+//
+// * PutObject
+//
+// * DeleteBucket
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -318,6 +604,11 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request
// by all users of the system. Please select a different name and try again.
//
// * ErrCodeBucketAlreadyOwnedByYou "BucketAlreadyOwnedByYou"
+// The bucket you tried to create already exists, and you own it. Amazon S3
+// returns this error in all AWS Regions except in the North Virginia Region.
+// For legacy compatibility, if you re-create an existing bucket that you already
+// own in the North Virginia Region, Amazon S3 returns 200 OK and resets the
+// bucket access control lists (ACLs).
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucket
func (c *S3) CreateBucket(input *CreateBucketInput) (*CreateBucketOutput, error) {
@@ -385,13 +676,154 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re
// CreateMultipartUpload API operation for Amazon Simple Storage Service.
//
-// Initiates a multipart upload and returns an upload ID.
+// This operation initiates a multipart upload and returns an upload ID. This
+// upload ID is used to associate all of the parts in the specific multipart
+// upload. You specify this upload ID in each of your subsequent upload part
+// requests (see UploadPart). You also include this upload ID in the final request
+// to either complete or abort the multipart upload request.
//
-// Note: After you initiate multipart upload and upload one or more parts, you
-// must either complete or abort multipart upload in order to stop getting charged
-// for storage of the uploaded parts. Only after you either complete or abort
-// multipart upload, Amazon S3 frees up the parts storage and stops charging
-// you for the parts storage.
+// For more information about multipart uploads, see Multipart Upload Overview
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html).
+//
+// If you have configured a lifecycle rule to abort incomplete multipart uploads,
+// the upload must complete within the number of days specified in the bucket
+// lifecycle configuration. Otherwise, the incomplete multipart upload becomes
+// eligible for an abort operation and Amazon S3 aborts the multipart upload.
+// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
+//
+// For information about the permissions required to use the multipart upload
+// API, see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// For request signing, multipart upload is just a series of regular requests.
+// You initiate a multipart upload, send one or more requests to upload parts,
+// and then complete the multipart upload process. You sign each request individually.
+// There is nothing special about signing multipart upload requests. For more
+// information about signing, see Authenticating Requests (AWS Signature Version
+// 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).
+//
+// After you initiate a multipart upload and upload one or more parts, to stop
+// being charged for storing the uploaded parts, you must either complete or
+// abort the multipart upload. Amazon S3 frees up the space used to store the
+// parts and stop charging you for storing them only after you either complete
+// or abort a multipart upload.
+//
+// You can optionally request server-side encryption. For server-side encryption,
+// Amazon S3 encrypts your data as it writes it to disks in its data centers
+// and decrypts it when you access it. You can provide your own encryption key,
+// or use AWS Key Management Service (AWS KMS) customer master keys (CMKs) or
+// Amazon S3-managed encryption keys. If you choose to provide your own encryption
+// key, the request headers you provide in UploadPart) and UploadPartCopy) requests
+// must match the headers you used in the request to initiate the upload by
+// using CreateMultipartUpload.
+//
+// To perform a multipart upload with encryption using an AWS KMS CMK, the requester
+// must have permission to the kms:Encrypt, kms:Decrypt, kms:ReEncrypt*, kms:GenerateDataKey*,
+// and kms:DescribeKey actions on the key. These permissions are required because
+// Amazon S3 must decrypt and read data from the encrypted file parts before
+// it completes the multipart upload.
+//
+// If your AWS Identity and Access Management (IAM) user or role is in the same
+// AWS account as the AWS KMS CMK, then you must have these permissions on the
+// key policy. If your IAM user or role belongs to a different account than
+// the key, then you must have the permissions on both the key policy and your
+// IAM user or role.
+//
+// For more information, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html).
+//
+// Access Permissions
+//
+// When copying an object, you can optionally specify the accounts or groups
+// that should be granted specific permissions on the new object. There are
+// two ways to grant the permissions using the request headers:
+//
+// * Specify a canned ACL with the x-amz-acl request header. For more information,
+// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+// * Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
+// x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters
+// map to the set of permissions that Amazon S3 supports in an ACL. For more
+// information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+//
+// You can use either a canned ACL or specify access permissions explicitly.
+// You cannot do both.
+//
+// Server-Side- Encryption-Specific Request Headers
+//
+// You can optionally tell Amazon S3 to encrypt data at rest using server-side
+// encryption. Server-side encryption is for data encryption at rest. Amazon
+// S3 encrypts your data as it writes it to disks in its data centers and decrypts
+// it when you access it. The option you use depends on whether you want to
+// use AWS managed encryption keys or provide your own encryption key.
+//
+// * Use encryption keys managed by Amazon S3 or customer master keys (CMKs)
+// stored in AWS Key Management Service (AWS KMS) – If you want AWS to
+// manage the keys used to encrypt data, specify the following headers in
+// the request. x-amz-server-side-encryption x-amz-server-side-encryption-aws-kms-key-id
+// x-amz-server-side-encryption-context If you specify x-amz-server-side-encryption:aws:kms,
+// but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon
+// S3 uses the AWS managed CMK in AWS KMS to protect the data. All GET and
+// PUT requests for an object protected by AWS KMS fail if you don't make
+// them with SSL or by using SigV4. For more information about server-side
+// encryption with CMKs stored in AWS KMS (SSE-KMS), see Protecting Data
+// Using Server-Side Encryption with CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html).
+//
+// * Use customer-provided encryption keys – If you want to manage your
+// own encryption keys, provide all the following headers in the request.
+// x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key
+// x-amz-server-side-encryption-customer-key-MD5 For more information
+// about server-side encryption with CMKs stored in AWS KMS (SSE-KMS), see
+// Protecting Data Using Server-Side Encryption with CMKs stored in AWS KMS
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html).
+//
+// Access-Control-List (ACL)-Specific Request Headers
+//
+// You also can use the following access control–related headers with this
+// operation. By default, all objects are private. Only the owner has full access
+// control. When adding a new object, you can grant permissions to individual
+// AWS accounts or to predefined groups defined by Amazon S3. These permissions
+// are then added to the access control list (ACL) on the object. For more information,
+// see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
+// With this operation, you can grant access permissions using one of the following
+// two methods:
+//
+// * Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined
+// ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees
+// and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+// * Specify access permissions explicitly — To explicitly grant access
+// permissions to specific AWS accounts or groups, use the following headers.
+// Each header maps to specific permissions that Amazon S3 supports in an
+// ACL. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+// In the header, you specify a list of grantees who get the specific permission.
+// To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write
+// x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You
+// specify each grantee as a type=value pair, where the type is one of the
+// following: id – if the value specified is the canonical user ID of an
+// AWS account uri – if you are granting permissions to a predefined group
+// emailAddress – if the value specified is the email address of an AWS
+// account Using email addresses to specify a grantee is only supported in
+// the following AWS Regions: US East (N. Virginia) US West (N. California)
+// US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific
+// (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all
+// the Amazon S3 supported Regions and endpoints, see Regions and Endpoints
+// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in
+// the AWS General Reference. For example, the following x-amz-grant-read
+// header grants the AWS accounts identified by account IDs permissions to
+// read object data and its metadata: x-amz-grant-read: id="11112222333",
+// id="444455556666"
+//
+// The following operations are related to CreateMultipartUpload:
+//
+// * UploadPart
+//
+// * CompleteMultipartUpload
+//
+// * AbortMultipartUpload
+//
+// * ListParts
+//
+// * ListMultipartUploads
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -466,8 +898,14 @@ func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request
// DeleteBucket API operation for Amazon Simple Storage Service.
//
-// Deletes the bucket. All objects (including all object versions and Delete
-// Markers) in the bucket must be deleted before the bucket itself can be deleted.
+// Deletes the bucket. All objects (including all object versions and delete
+// markers) in the bucket must be deleted before the bucket itself can be deleted.
+//
+// Related Resources
+//
+// *
+//
+// *
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -547,7 +985,20 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt
//
// To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration
// action. The bucket owner has this permission by default. The bucket owner
-// can grant this permission to others.
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For information about the Amazon S3 analytics feature, see Amazon S3 Analytics
+// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
+//
+// The following operations are related to DeleteBucketAnalyticsConfiguration:
+//
+// *
+//
+// *
+//
+// *
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -622,7 +1073,20 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request
// DeleteBucketCors API operation for Amazon Simple Storage Service.
//
-// Deletes the CORS configuration information set for the bucket.
+// Deletes the cors configuration information set for the bucket.
+//
+// To use this operation, you must have permission to perform the s3:PutBucketCORS
+// action. The bucket owner has this permission by default and can grant this
+// permission to others.
+//
+// For information about cors, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Related Resources:
+//
+// *
+//
+// * RESTOPTIONSobject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -697,7 +1161,23 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) (
// DeleteBucketEncryption API operation for Amazon Simple Storage Service.
//
-// Deletes the server-side encryption configuration from the bucket.
+// This implementation of the DELETE operation removes default encryption from
+// the bucket. For information about the Amazon S3 default encryption feature,
+// see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Related Resources
+//
+// * PutBucketEncryption
+//
+// * GetBucketEncryption
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -775,6 +1255,23 @@ func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInvent
// Deletes an inventory configuration (identified by the inventory ID) from
// the bucket.
//
+// To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html).
+//
+// Operations related to DeleteBucketInventoryConfiguration include:
+//
+// * GetBucketInventoryConfiguration
+//
+// * PutBucketInventoryConfiguration
+//
+// * ListBucketInventoryConfigurations
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -848,7 +1345,27 @@ func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (re
// DeleteBucketLifecycle API operation for Amazon Simple Storage Service.
//
-// Deletes the lifecycle configuration from the bucket.
+// Deletes the lifecycle configuration from the specified bucket. Amazon S3
+// removes all the lifecycle configuration rules in the lifecycle subresource
+// associated with the bucket. Your objects never expire, and Amazon S3 no longer
+// automatically deletes any objects on the basis of rules contained in the
+// deleted lifecycle configuration.
+//
+// To use this operation, you must have permission to perform the s3:PutLifecycleConfiguration
+// action. By default, the bucket owner has this permission and the bucket owner
+// can grant this permission to others.
+//
+// There is usually some time lag before lifecycle configuration deletion is
+// fully propagated to all the Amazon S3 systems.
+//
+// For more information about the object expiration, see Elements to Describe
+// Lifecycle Actions (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions).
+//
+// Related actions include:
+//
+// * PutBucketLifecycleConfiguration
+//
+// * GetBucketLifecycleConfiguration
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -923,8 +1440,28 @@ func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsC
// DeleteBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
//
-// Deletes a metrics configuration (specified by the metrics configuration ID)
-// from the bucket.
+// Deletes a metrics configuration for the Amazon CloudWatch request metrics
+// (specified by the metrics configuration ID) from the bucket. Note that this
+// doesn't include the daily storage metrics.
+//
+// To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For information about CloudWatch request metrics for Amazon S3, see Monitoring
+// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
+//
+// The following operations are related to DeleteBucketMetricsConfiguration:
+//
+// * GetBucketMetricsConfiguration
+//
+// * PutBucketMetricsConfiguration
+//
+// * ListBucketMetricsConfigurations
+//
+// * Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -999,7 +1536,29 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req
// DeleteBucketPolicy API operation for Amazon Simple Storage Service.
//
-// Deletes the policy from the bucket.
+// This implementation of the DELETE operation uses the policy subresource to
+// delete the policy of a specified bucket. If you are using an identity other
+// than the root user of the AWS account that owns the bucket, the calling identity
+// must have the DeleteBucketPolicy permissions on the specified bucket and
+// belong to the bucket owner's account to use this operation.
+//
+// If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403
+// Access Denied error. If you have the correct permissions, but you're not
+// using an identity that belongs to the bucket owner's account, Amazon S3 returns
+// a 405 Method Not Allowed error.
+//
+// As a security precaution, the root user of the AWS account that owns a bucket
+// can always use this operation, even if the policy explicitly denies the root
+// user the ability to perform this action.
+//
+// For more information about bucket policies, see Using Bucket Policies and
+// UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// The following operations are related to DeleteBucketPolicy
+//
+// * CreateBucket
+//
+// * DeleteObject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1074,10 +1633,26 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput)
// DeleteBucketReplication API operation for Amazon Simple Storage Service.
//
-// Deletes the replication configuration from the bucket. For information about
-// replication configuration, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
+// Deletes the replication configuration from the bucket.
+//
+// To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration
+// action. The bucket owner has these permissions by default and can grant it
+// to others. For more information about permissions, see Permissions Related
+// to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// It can take a while for the deletion of a replication configuration to fully
+// propagate.
+//
+// For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
// in the Amazon S3 Developer Guide.
//
+// The following operations are related to DeleteBucketReplication:
+//
+// * PutBucketReplication
+//
+// * GetBucketReplication
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -1153,6 +1728,16 @@ func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *r
//
// Deletes the tags from the bucket.
//
+// To use this operation, you must have permission to perform the s3:PutBucketTagging
+// action. By default, the bucket owner has this permission and can grant this
+// permission to others.
+//
+// The following operations are related to DeleteBucketTagging:
+//
+// * GetBucketTagging
+//
+// * PutBucketTagging
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -1226,7 +1811,26 @@ func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *r
// DeleteBucketWebsite API operation for Amazon Simple Storage Service.
//
-// This operation removes the website configuration from the bucket.
+// This operation removes the website configuration for a bucket. Amazon S3
+// returns a 200 OK response upon successfully deleting a website configuration
+// on the specified bucket. You will get a 200 OK response if the website configuration
+// you are trying to delete does not exist on the bucket. Amazon S3 returns
+// a 404 response if the bucket specified in the request does not exist.
+//
+// This DELETE operation requires the S3:DeleteBucketWebsite permission. By
+// default, only the bucket owner can delete the website configuration attached
+// to a bucket. However, bucket owners can grant other users permission to delete
+// the website configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite
+// permission.
+//
+// For more information about hosting websites, see Hosting Websites on Amazon
+// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
+//
+// The following operations are related to DeleteBucketWebsite:
+//
+// * GetBucketWebsite
+//
+// * PutBucketWebsite
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1304,6 +1908,29 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request
// marker, which becomes the latest version of the object. If there isn't a
// null version, Amazon S3 does not remove any objects.
//
+// To remove a specific version, you must be the bucket owner and you must use
+// the version Id subresource. Using this subresource permanently deletes the
+// version. If the object deleted is a delete marker, Amazon S3 sets the response
+// header, x-amz-delete-marker, to true.
+//
+// If the object you want to delete is in a bucket where the bucket versioning
+// configuration is MFA Delete enabled, you must include the x-amz-mfa request
+// header in the DELETE versionId request. Requests that include x-amz-mfa must
+// use HTTPS.
+//
+// For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html).
+// To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete).
+//
+// You can delete objects by explicitly calling the DELETE Object API or configure
+// its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for
+// you. If you want to block users or accounts from removing or deleting objects
+// from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion,
+// and s3:PutLifeCycleConfiguration actions.
+//
+// The following operation is related to DeleteObject:
+//
+// * PutObject
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -1376,7 +2003,21 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r
// DeleteObjectTagging API operation for Amazon Simple Storage Service.
//
-// Removes the tag-set from an existing object.
+// Removes the entire tag set from the specified object. For more information
+// about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
+//
+// To use this operation, you must have permission to perform the s3:DeleteObjectTagging
+// action.
+//
+// To delete tags of a specific object version, add the versionId query parameter
+// in the request. You will need permission for the s3:DeleteObjectVersionTagging
+// action.
+//
+// The following operations are related to DeleteBucketMetricsConfiguration:
+//
+// * PutObjectTagging
+//
+// * GetObjectTagging
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1445,13 +2086,57 @@ func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Reque
output = &DeleteObjectsOutput{}
req = c.newRequest(op, input, output)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// DeleteObjects API operation for Amazon Simple Storage Service.
//
// This operation enables you to delete multiple objects from a bucket using
-// a single HTTP request. You may specify up to 1000 keys.
+// a single HTTP request. If you know the object keys that you want to delete,
+// then this operation provides a suitable alternative to sending individual
+// delete requests, reducing per-request overhead.
+//
+// The request contains a list of up to 1000 keys that you want to delete. In
+// the XML, you provide the object key names, and optionally, version IDs if
+// you want to delete a specific version of the object from a versioning-enabled
+// bucket. For each key, Amazon S3 performs a delete operation and returns the
+// result of that delete, success, or failure, in the response. Note that if
+// the object specified in the request is not found, Amazon S3 returns the result
+// as deleted.
+//
+// The operation supports two modes for the response: verbose and quiet. By
+// default, the operation uses verbose mode in which the response includes the
+// result of deletion of each key in your request. In quiet mode the response
+// includes only keys where the delete operation encountered an error. For a
+// successful deletion, the operation does not return any information about
+// the delete in the response body.
+//
+// When performing this operation on an MFA Delete enabled bucket, that attempts
+// to delete any versioned objects, you must include an MFA token. If you do
+// not provide one, the entire request will fail, even if there are non-versioned
+// objects you are trying to delete. If you provide an invalid token, whether
+// there are versioned keys in the request or not, the entire Multi-Object Delete
+// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete).
+//
+// Finally, the Content-MD5 header is required for all Multi-Object Delete requests.
+// Amazon S3 uses the header value to ensure that your request body has not
+// been altered in transit.
+//
+// The following operations are related to DeleteObjects:
+//
+// * CreateMultipartUpload
+//
+// * UploadPart
+//
+// * CompleteMultipartUpload
+//
+// * ListParts
+//
+// * AbortMultipartUpload
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1526,7 +2211,21 @@ func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput)
// DeletePublicAccessBlock API operation for Amazon Simple Storage Service.
//
-// Removes the PublicAccessBlock configuration from an Amazon S3 bucket.
+// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use
+// this operation, you must have the s3:PutBucketPublicAccessBlock permission.
+// For more information about permissions, see Permissions Related to Bucket
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// The following operations are related to DeletePublicAccessBlock:
+//
+// * Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//
+// * GetPublicAccessBlock
+//
+// * PutPublicAccessBlock
+//
+// * GetBucketPolicyStatus
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1600,7 +2299,32 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC
// GetBucketAccelerateConfiguration API operation for Amazon Simple Storage Service.
//
-// Returns the accelerate configuration of a bucket.
+// This implementation of the GET operation uses the accelerate subresource
+// to return the Transfer Acceleration state of a bucket, which is either Enabled
+// or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that
+// enables you to perform faster data transfers to and from Amazon S3.
+//
+// To use this operation, you must have permission to perform the s3:GetAccelerateConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// You set the Transfer Acceleration state of an existing bucket to Enabled
+// or Suspended by using the PutBucketAccelerateConfiguration operation.
+//
+// A GET accelerate request does not return a state value for a bucket that
+// has no transfer acceleration state. A bucket has no Transfer Acceleration
+// state if a state has never been set on the bucket.
+//
+// For more information about transfer acceleration, see Transfer Acceleration
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Related Resources
+//
+// * PutBucketAccelerateConfiguration
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1674,7 +2398,15 @@ func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request
// GetBucketAcl API operation for Amazon Simple Storage Service.
//
-// Gets the access control policy for the bucket.
+// This implementation of the GET operation uses the acl subresource to return
+// the access control list (ACL) of a bucket. To use GET to return the ACL of
+// the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission
+// is granted to the anonymous user, you can return the ACL of the bucket without
+// using an authorization header.
+//
+// Related Resources
+//
+// *
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1748,8 +2480,27 @@ func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsCon
// GetBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service.
//
-// Gets an analytics configuration for the bucket (specified by the analytics
-// configuration ID).
+// This implementation of the GET operation returns an analytics configuration
+// (identified by the analytics configuration ID) from the bucket.
+//
+// To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// For information about Amazon S3 analytics feature, see Amazon S3 Analytics
+// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Related Resources
+//
+// *
+//
+// *
+//
+// *
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1823,7 +2574,20 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque
// GetBucketCors API operation for Amazon Simple Storage Service.
//
-// Returns the CORS configuration for the bucket.
+// Returns the cors configuration information set for the bucket.
+//
+// To use this operation, you must have permission to perform the s3:GetBucketCORS
+// action. By default, the bucket owner has this permission and can grant it
+// to others.
+//
+// For more information about cors, see Enabling Cross-Origin Resource Sharing
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html).
+//
+// The following operations are related to GetBucketCors:
+//
+// * PutBucketCors
+//
+// * DeleteBucketCors
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1897,7 +2661,21 @@ func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *r
// GetBucketEncryption API operation for Amazon Simple Storage Service.
//
-// Returns the server-side encryption configuration of a bucket.
+// Returns the default encryption configuration for an Amazon S3 bucket. For
+// information about the Amazon S3 default encryption feature, see Amazon S3
+// Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html).
+//
+// To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// The following operations are related to GetBucketEncryption:
+//
+// * PutBucketEncryption
+//
+// * DeleteBucketEncryption
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -1971,8 +2749,25 @@ func (c *S3) GetBucketInventoryConfigurationRequest(input *GetBucketInventoryCon
// GetBucketInventoryConfiguration API operation for Amazon Simple Storage Service.
//
-// Returns an inventory configuration (identified by the inventory ID) from
-// the bucket.
+// Returns an inventory configuration (identified by the inventory configuration
+// ID) from the bucket.
+//
+// To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html).
+//
+// The following operations are related to GetBucketInventoryConfiguration:
+//
+// * DeleteBucketInventoryConfiguration
+//
+// * ListBucketInventoryConfigurations
+//
+// * PutBucketInventoryConfiguration
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2051,7 +2846,34 @@ func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *req
// GetBucketLifecycle API operation for Amazon Simple Storage Service.
//
-// No longer used, see the GetBucketLifecycleConfiguration operation.
+//
+// For an updated version of this API, see GetBucketLifecycleConfiguration.
+// If you configured a bucket lifecycle using the filter element, you should
+// see the updated version of this topic. This topic is provided for backward
+// compatibility.
+//
+// Returns the lifecycle configuration information set on the bucket. For information
+// about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html).
+//
+// To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// GetBucketLifecycle has the following special error:
+//
+// * Error code: NoSuchLifecycleConfiguration Description: The lifecycle
+// configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault
+// Code Prefix: Client
+//
+// The following operations are related to GetBucketLifecycle:
+//
+// * GetBucketLifecycleConfiguration
+//
+// * PutBucketLifecycle
+//
+// * DeleteBucketLifecycle
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2129,7 +2951,37 @@ func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleCon
// GetBucketLifecycleConfiguration API operation for Amazon Simple Storage Service.
//
-// Returns the lifecycle configuration information set on the bucket.
+//
+// Bucket lifecycle configuration now supports specifying a lifecycle rule using
+// an object key name prefix, one or more object tags, or a combination of both.
+// Accordingly, this section describes the latest API. The response describes
+// the new filter element that you can use to specify a filter to select a subset
+// of objects to which the rule applies. If you are still using previous version
+// of the lifecycle configuration, it works. For the earlier API description,
+// see GetBucketLifecycle.
+//
+// Returns the lifecycle configuration information set on the bucket. For information
+// about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html).
+//
+// To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration
+// action. The bucket owner has this permission, by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// GetBucketLifecycleConfiguration has the following special error:
+//
+// * Error code: NoSuchLifecycleConfiguration Description: The lifecycle
+// configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault
+// Code Prefix: Client
+//
+// The following operations are related to GetBucketLifecycleConfiguration:
+//
+// * GetBucketLifecycle
+//
+// * PutBucketLifecycle
+//
+// * DeleteBucketLifecycle
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2203,7 +3055,17 @@ func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *reque
// GetBucketLocation API operation for Amazon Simple Storage Service.
//
-// Returns the region the bucket resides in.
+// Returns the Region the bucket resides in. You set the bucket's Region using
+// the LocationConstraint request parameter in a CreateBucket request. For more
+// information, see CreateBucket.
+//
+// To use this implementation of the operation, you must be the bucket owner.
+//
+// The following operations are related to GetBucketLocation:
+//
+// * GetObject
+//
+// * CreateBucket
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2280,6 +3142,12 @@ func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request
// Returns the logging status of a bucket and the permissions users have to
// view and modify that status. To use GET, you must be the bucket owner.
//
+// The following operations are related to GetBucketLogging:
+//
+// * CreateBucket
+//
+// * PutBucketLogging
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -2353,7 +3221,26 @@ func (c *S3) GetBucketMetricsConfigurationRequest(input *GetBucketMetricsConfigu
// GetBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
//
// Gets a metrics configuration (specified by the metrics configuration ID)
-// from the bucket.
+// from the bucket. Note that this doesn't include the daily storage metrics.
+//
+// To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For information about CloudWatch request metrics for Amazon S3, see Monitoring
+// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
+//
+// The following operations are related to GetBucketMetricsConfiguration:
+//
+// * PutBucketMetricsConfiguration
+//
+// * DeleteBucketMetricsConfiguration
+//
+// * ListBucketMetricsConfigurations
+//
+// * Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html)
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2432,7 +3319,7 @@ func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurat
// GetBucketNotification API operation for Amazon Simple Storage Service.
//
-// No longer used, see the GetBucketNotificationConfiguration operation.
+// No longer used, see GetBucketNotificationConfiguration.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2512,6 +3399,22 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat
//
// Returns the notification configuration of a bucket.
//
+// If notifications are not enabled on the bucket, the operation returns an
+// empty NotificationConfiguration element.
+//
+// By default, you must be the bucket owner to read the notification configuration
+// of a bucket. However, the bucket owner can use a bucket policy to grant permission
+// to other users to read this configuration with the s3:GetBucketNotification
+// permission.
+//
+// For more information about setting and reading the notification configuration
+// on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+// For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// The following operation is related to GetBucketNotification:
+//
+// * PutBucketNotification
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -2584,7 +3487,26 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R
// GetBucketPolicy API operation for Amazon Simple Storage Service.
//
-// Returns the policy of a specified bucket.
+// Returns the policy of a specified bucket. If you are using an identity other
+// than the root user of the AWS account that owns the bucket, the calling identity
+// must have the GetBucketPolicy permissions on the specified bucket and belong
+// to the bucket owner's account in order to use this operation.
+//
+// If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access
+// Denied error. If you have the correct permissions, but you're not using an
+// identity that belongs to the bucket owner's account, Amazon S3 returns a
+// 405 Method Not Allowed error.
+//
+// As a security precaution, the root user of the AWS account that owns a bucket
+// can always use this operation, even if the policy explicitly denies the root
+// user the ability to perform this action.
+//
+// For more information about bucket policies, see Using Bucket Policies and
+// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// The following operation is related to GetBucketPolicy:
+//
+// * GetObject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2659,7 +3581,22 @@ func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (re
// GetBucketPolicyStatus API operation for Amazon Simple Storage Service.
//
// Retrieves the policy status for an Amazon S3 bucket, indicating whether the
-// bucket is public.
+// bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus
+// permission. For more information about Amazon S3 permissions, see Specifying
+// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+//
+// For more information about when Amazon S3 considers a bucket public, see
+// The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
+//
+// The following operations are related to GetBucketPolicyStatus:
+//
+// * Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//
+// * GetPublicAccessBlock
+//
+// * PutPublicAccessBlock
+//
+// * DeletePublicAccessBlock
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2739,6 +3676,25 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req
// to all Amazon S3 systems. Therefore, a get request soon after put or delete
// can return a wrong result.
//
+// For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// This operation requires permissions for the s3:GetReplicationConfiguration
+// action. For more information about permissions, see Using Bucket Policies
+// and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// If you include the Filter element in a replication configuration, you must
+// also include the DeleteMarkerReplication and Priority elements. The response
+// also returns those elements.
+//
+// For information about GetBucketReplication errors, see ReplicationErrorCodeList
+//
+// The following operations are related to GetBucketReplication:
+//
+// * PutBucketReplication
+//
+// * DeleteBucketReplication
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -2811,7 +3767,13 @@ func (c *S3) GetBucketRequestPaymentRequest(input *GetBucketRequestPaymentInput)
// GetBucketRequestPayment API operation for Amazon Simple Storage Service.
//
-// Returns the request payment configuration of a bucket.
+// Returns the request payment configuration of a bucket. To use this version
+// of the operation, you must be the bucket owner. For more information, see
+// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html).
+//
+// The following operations are related to GetBucketRequestPayment:
+//
+// * ListObjects
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -2887,6 +3849,21 @@ func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request
//
// Returns the tag set associated with the bucket.
//
+// To use this operation, you must have permission to perform the s3:GetBucketTagging
+// action. By default, the bucket owner has this permission and can grant this
+// permission to others.
+//
+// GetBucketTagging has the following special error:
+//
+// * Error code: NoSuchTagSetError Description: There is no tag set associated
+// with the bucket.
+//
+// The following operations are related to GetBucketTagging:
+//
+// * PutBucketTagging
+//
+// * DeleteBucketTagging
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -2961,6 +3938,20 @@ func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *r
//
// Returns the versioning state of a bucket.
//
+// To retrieve the versioning state of a bucket, you must be the bucket owner.
+//
+// This implementation also returns the MFA Delete status of the versioning
+// state. If the MFA Delete status is enabled, the bucket owner must use an
+// authentication device to change the versioning state of the bucket.
+//
+// The following operations are related to GetBucketVersioning:
+//
+// * GetObject
+//
+// * PutObject
+//
+// * DeleteObject
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -3033,7 +4024,21 @@ func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request
// GetBucketWebsite API operation for Amazon Simple Storage Service.
//
-// Returns the website configuration for a bucket.
+// Returns the website configuration for a bucket. To host website on Amazon
+// S3, you can configure a bucket as website by adding a website configuration.
+// For more information about hosting websites, see Hosting Websites on Amazon
+// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
+//
+// This GET operation requires the S3:GetBucketWebsite permission. By default,
+// only the bucket owner can read the bucket website configuration. However,
+// bucket owners can allow other users to read the website configuration by
+// writing a bucket policy granting them the S3:GetBucketWebsite permission.
+//
+// The following operations are related to DeleteBucketWebsite:
+//
+// * DeleteBucketWebsite
+//
+// * PutBucketWebsite
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3107,7 +4112,130 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp
// GetObject API operation for Amazon Simple Storage Service.
//
-// Retrieves objects from Amazon S3.
+// Retrieves objects from Amazon S3. To use GET, you must have READ access to
+// the object. If you grant READ access to the anonymous user, you can return
+// the object without using an authorization header.
+//
+// An Amazon S3 bucket has no directory hierarchy such as you would find in
+// a typical computer file system. You can, however, create a logical hierarchy
+// by using object key names that imply a folder structure. For example, instead
+// of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg.
+//
+// To get an object from such a logical hierarchy, specify the full key name
+// for the object in the GET operation. For a virtual hosted-style request example,
+// if you have the object photos/2006/February/sample.jpg, specify the resource
+// as /photos/2006/February/sample.jpg. For a path-style request example, if
+// you have the object photos/2006/February/sample.jpg in the bucket named examplebucket,
+// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For
+// more information about request types, see HTTP Host Header Bucket Specification
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket).
+//
+// To distribute large files to many people, you can save bandwidth costs by
+// using BitTorrent. For more information, see Amazon S3 Torrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html).
+// For more information about returning the ACL of an object, see GetObjectAcl.
+//
+// If the object you are retrieving is stored in the GLACIER or DEEP_ARCHIVE
+// storage classes, before you can retrieve the object you must first restore
+// a copy using . Otherwise, this operation returns an InvalidObjectStateError
+// error. For information about restoring archived objects, see Restoring Archived
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html).
+//
+// Encryption request headers, like x-amz-server-side-encryption, should not
+// be sent for GET requests if your object uses server-side encryption with
+// CMKs stored in AWS KMS (SSE-KMS) or server-side encryption with Amazon S3–managed
+// encryption keys (SSE-S3). If your object does use these types of keys, you’ll
+// get an HTTP 400 BadRequest error.
+//
+// If you encrypt an object by using server-side encryption with customer-provided
+// encryption keys (SSE-C) when you store the object in Amazon S3, then when
+// you GET the object, you must use the following headers:
+//
+// * x-amz-server-side-encryption-customer-algorithm
+//
+// * x-amz-server-side-encryption-customer-key
+//
+// * x-amz-server-side-encryption-customer-key-MD5
+//
+// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
+// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
+//
+// Assuming you have permission to read object tags (permission for the s3:GetObjectVersionTagging
+// action), the response also returns the x-amz-tagging-count header that provides
+// the count of number of tags associated with the object. You can use GetObjectTagging
+// to retrieve the tag set associated with an object.
+//
+// Permissions
+//
+// You need the s3:GetObject permission for this operation. For more information,
+// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+// If the object you request does not exist, the error Amazon S3 returns depends
+// on whether you also have the s3:ListBucket permission.
+//
+// * If you have the s3:ListBucket permission on the bucket, Amazon S3 will
+// return an HTTP status code 404 ("no such key") error.
+//
+// * If you don’t have the s3:ListBucket permission, Amazon S3 will return
+// an HTTP status code 403 ("access denied") error.
+//
+// Versioning
+//
+// By default, the GET operation returns the current version of an object. To
+// return a different version, use the versionId subresource.
+//
+// If the current version of the object is a delete marker, Amazon S3 behaves
+// as if the object was deleted and includes x-amz-delete-marker: true in the
+// response.
+//
+// For more information about versioning, see PutBucketVersioning.
+//
+// Overriding Response Header Values
+//
+// There are times when you want to override certain response header values
+// in a GET response. For example, you might override the Content-Disposition
+// response header value in your GET request.
+//
+// You can override values for a set of response headers using the following
+// query parameters. These response header values are sent only on a successful
+// request, that is, when status code 200 OK is returned. The set of headers
+// you can override using these parameters is a subset of the headers that Amazon
+// S3 accepts when you create an object. The response headers that you can override
+// for the GET response are Content-Type, Content-Language, Expires, Cache-Control,
+// Content-Disposition, and Content-Encoding. To override these header values
+// in the GET response, you use the following request parameters.
+//
+// You must sign the request, either using an Authorization header or a presigned
+// URL, when using these parameters. They cannot be used with an unsigned (anonymous)
+// request.
+//
+// * response-content-type
+//
+// * response-content-language
+//
+// * response-expires
+//
+// * response-cache-control
+//
+// * response-content-disposition
+//
+// * response-content-encoding
+//
+// Additional Considerations about Request Headers
+//
+// If both of the If-Match and If-Unmodified-Since headers are present in the
+// request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since
+// condition evaluates to false; then, S3 returns 200 OK and the data requested.
+//
+// If both of the If-None-Match and If-Modified-Since headers are present in
+// the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since
+// condition evaluates to true; then, S3 returns 304 Not Modified response code.
+//
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232).
+//
+// The following operations are related to GetObject:
+//
+// * ListBuckets
+//
+// * GetObjectAcl
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3186,7 +4314,21 @@ func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request
// GetObjectAcl API operation for Amazon Simple Storage Service.
//
-// Returns the access control list (ACL) of an object.
+// Returns the access control list (ACL) of an object. To use this operation,
+// you must have READ_ACP access to the object.
+//
+// Versioning
+//
+// By default, GET returns ACL information about the current version of an object.
+// To return ACL information about a different version, use the versionId subresource.
+//
+// The following operations are related to GetObjectAcl:
+//
+// * GetObject
+//
+// * DeleteObject
+//
+// * PutObject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3265,7 +4407,8 @@ func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *req
// GetObjectLegalHold API operation for Amazon Simple Storage Service.
//
-// Gets an object's current Legal Hold status.
+// Gets an object's current Legal Hold status. For more information, see Locking
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3339,9 +4482,10 @@ func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfiguration
// GetObjectLockConfiguration API operation for Amazon Simple Storage Service.
//
-// Gets the object lock configuration for a bucket. The rule specified in the
-// object lock configuration will be applied by default to every new object
-// placed in the specified bucket.
+// Gets the Object Lock configuration for a bucket. The rule specified in the
+// Object Lock configuration will be applied by default to every new object
+// placed in the specified bucket. For more information, see Locking Objects
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3415,7 +4559,8 @@ func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *req
// GetObjectRetention API operation for Amazon Simple Storage Service.
//
-// Retrieves an object's retention settings.
+// Retrieves an object's retention settings. For more information, see Locking
+// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3489,7 +4634,25 @@ func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request
// GetObjectTagging API operation for Amazon Simple Storage Service.
//
-// Returns the tag-set of an object.
+// Returns the tag-set of an object. You send the GET request against the tagging
+// subresource associated with the object.
+//
+// To use this operation, you must have permission to perform the s3:GetObjectTagging
+// action. By default, the GET operation returns information about current version
+// of an object. For a versioned bucket, you can have multiple versions of an
+// object in your bucket. To retrieve tags of any other version, use the versionId
+// query parameter. You also need permission for the s3:GetObjectVersionTagging
+// action.
+//
+// By default, the bucket owner has this permission and can grant this permission
+// to others.
+//
+// For information about the Amazon S3 object tagging feature, see Object Tagging
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
+//
+// The following operation is related to GetObjectTagging:
+//
+// * PutObjectTagging
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3563,7 +4726,19 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request
// GetObjectTorrent API operation for Amazon Simple Storage Service.
//
-// Return torrent files from a bucket.
+// Return torrent files from a bucket. BitTorrent can save you bandwidth when
+// you're distributing large files. For more information about BitTorrent, see
+// Amazon S3 Torrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html).
+//
+// You can get torrent only for objects that are less than 5 GB in size and
+// that are not encrypted using server-side encryption with customer-provided
+// encryption key.
+//
+// To use GET, you must have READ access to the object.
+//
+// The following operation is related to GetObjectTorrent:
+//
+// * GetObject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3637,7 +4812,30 @@ func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req
// GetPublicAccessBlock API operation for Amazon Simple Storage Service.
//
-// Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket.
+// Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To
+// use this operation, you must have the s3:GetBucketPublicAccessBlock permission.
+// For more information about Amazon S3 permissions, see Specifying Permissions
+// in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+//
+// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket
+// or an object, it checks the PublicAccessBlock configuration for both the
+// bucket (or the bucket that contains the object) and the bucket owner's account.
+// If the PublicAccessBlock settings are different between the bucket and the
+// account, Amazon S3 uses the most restrictive combination of the bucket-level
+// and account-level settings.
+//
+// For more information about when Amazon S3 considers a bucket or an object
+// public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
+//
+// The following operations are related to GetPublicAccessBlock:
+//
+// * Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
+//
+// * PutPublicAccessBlock
+//
+// * GetPublicAccessBlock
+//
+// * DeletePublicAccessBlock
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3713,7 +4911,15 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou
// HeadBucket API operation for Amazon Simple Storage Service.
//
// This operation is useful to determine if a bucket exists and you have permission
-// to access it.
+// to access it. The operation returns a 200 OK if the bucket exists and you
+// have permission to access it. Otherwise, the operation might return responses
+// such as 404 Not Found and 403 Forbidden.
+//
+// To use this operation, you must have permissions to perform the s3:ListBucket
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3796,6 +5002,63 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou
// object itself. This operation is useful if you're only interested in an object's
// metadata. To use HEAD, you must have READ access to the object.
//
+// A HEAD request has the same options as a GET operation on an object. The
+// response is identical to the GET response except that there is no response
+// body.
+//
+// If you encrypt an object by using server-side encryption with customer-provided
+// encryption keys (SSE-C) when you store the object in Amazon S3, then when
+// you retrieve the metadata from the object, you must use the following headers:
+//
+// * x-amz-server-side-encryption-customer-algorithm
+//
+// * x-amz-server-side-encryption-customer-key
+//
+// * x-amz-server-side-encryption-customer-key-MD5
+//
+// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided
+// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
+//
+// Encryption request headers, like x-amz-server-side-encryption, should not
+// be sent for GET requests if your object uses server-side encryption with
+// CMKs stored in AWS KMS (SSE-KMS) or server-side encryption with Amazon S3–managed
+// encryption keys (SSE-S3). If your object does use these types of keys, you’ll
+// get an HTTP 400 BadRequest error.
+//
+// Request headers are limited to 8 KB in size. For more information, see Common
+// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html).
+//
+// Consider the following when using request headers:
+//
+// * Consideration 1 – If both of the If-Match and If-Unmodified-Since
+// headers are present in the request as follows: If-Match condition evaluates
+// to true, and; If-Unmodified-Since condition evaluates to false; Then Amazon
+// S3 returns 200 OK and the data requested.
+//
+// * Consideration 2 – If both of the If-None-Match and If-Modified-Since
+// headers are present in the request as follows: If-None-Match condition
+// evaluates to false, and; If-Modified-Since condition evaluates to true;
+// Then Amazon S3 returns the 304 Not Modified response code.
+//
+// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232).
+//
+// Permissions
+//
+// You need the s3:GetObject permission for this operation. For more information,
+// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+// If the object you request does not exist, the error Amazon S3 returns depends
+// on whether you also have the s3:ListBucket permission.
+//
+// * If you have the s3:ListBucket permission on the bucket, Amazon S3 returns
+// an HTTP status code 404 ("no such key") error.
+//
+// * If you don’t have the s3:ListBucket permission, Amazon S3 returns
+// an HTTP status code 403 ("access denied") error.
+//
+// The following operation is related to HeadObject:
+//
+// * GetObject
+//
// See http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#RESTErrorResponses
// for more information on returned errors.
//
@@ -3871,7 +5134,33 @@ func (c *S3) ListBucketAnalyticsConfigurationsRequest(input *ListBucketAnalytics
// ListBucketAnalyticsConfigurations API operation for Amazon Simple Storage Service.
//
-// Lists the analytics configurations for the bucket.
+// Lists the analytics configurations for the bucket. You can have up to 1,000
+// analytics configurations per bucket.
+//
+// This operation supports list pagination and does not return more than 100
+// configurations at a time. You should always check the IsTruncated element
+// in the response. If there are no more configurations to list, IsTruncated
+// is set to false. If there are more configurations to list, IsTruncated is
+// set to true, and there will be a value in NextContinuationToken. You use
+// the NextContinuationToken value to continue the pagination of the list by
+// passing the value in continuation-token in the request to GET the next page.
+//
+// To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For information about Amazon S3 analytics feature, see Amazon S3 Analytics
+// – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
+//
+// The following operations are related to ListBucketAnalyticsConfigurations:
+//
+// * GetBucketAnalyticsConfiguration
+//
+// * DeleteBucketAnalyticsConfiguration
+//
+// * PutBucketAnalyticsConfiguration
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -3945,7 +5234,33 @@ func (c *S3) ListBucketInventoryConfigurationsRequest(input *ListBucketInventory
// ListBucketInventoryConfigurations API operation for Amazon Simple Storage Service.
//
-// Returns a list of inventory configurations for the bucket.
+// Returns a list of inventory configurations for the bucket. You can have up
+// to 1,000 analytics configurations per bucket.
+//
+// This operation supports list pagination and does not return more than 100
+// configurations at a time. Always check the IsTruncated element in the response.
+// If there are no more configurations to list, IsTruncated is set to false.
+// If there are more configurations to list, IsTruncated is set to true, and
+// there is a value in NextContinuationToken. You use the NextContinuationToken
+// value to continue the pagination of the list by passing the value in continuation-token
+// in the request to GET the next page.
+//
+// To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For information about the Amazon S3 inventory feature, see Amazon S3 Inventory
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+//
+// The following operations are related to ListBucketInventoryConfigurations:
+//
+// * GetBucketInventoryConfiguration
+//
+// * DeleteBucketInventoryConfiguration
+//
+// * PutBucketInventoryConfiguration
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4019,7 +5334,34 @@ func (c *S3) ListBucketMetricsConfigurationsRequest(input *ListBucketMetricsConf
// ListBucketMetricsConfigurations API operation for Amazon Simple Storage Service.
//
-// Lists the metrics configurations for the bucket.
+// Lists the metrics configurations for the bucket. The metrics configurations
+// are only for the request metrics of the bucket and do not provide information
+// on daily storage metrics. You can have up to 1,000 configurations per bucket.
+//
+// This operation supports list pagination and does not return more than 100
+// configurations at a time. Always check the IsTruncated element in the response.
+// If there are no more configurations to list, IsTruncated is set to false.
+// If there are more configurations to list, IsTruncated is set to true, and
+// there is a value in NextContinuationToken. You use the NextContinuationToken
+// value to continue the pagination of the list by passing the value in continuation-token
+// in the request to GET the next page.
+//
+// To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For more information about metrics configurations and CloudWatch request
+// metrics, see Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
+//
+// The following operations are related to ListBucketMetricsConfigurations:
+//
+// * PutBucketMetricsConfiguration
+//
+// * GetBucketMetricsConfiguration
+//
+// * DeleteBucketMetricsConfiguration
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4173,7 +5515,40 @@ func (c *S3) ListMultipartUploadsRequest(input *ListMultipartUploadsInput) (req
// ListMultipartUploads API operation for Amazon Simple Storage Service.
//
-// This operation lists in-progress multipart uploads.
+// This operation lists in-progress multipart uploads. An in-progress multipart
+// upload is a multipart upload that has been initiated using the Initiate Multipart
+// Upload request, but has not yet been completed or aborted.
+//
+// This operation returns at most 1,000 multipart uploads in the response. 1,000
+// multipart uploads is the maximum number of uploads a response can include,
+// which is also the default value. You can further limit the number of uploads
+// in a response by specifying the max-uploads parameter in the response. If
+// additional multipart uploads satisfy the list criteria, the response will
+// contain an IsTruncated element with the value true. To list the additional
+// multipart uploads, use the key-marker and upload-id-marker request parameters.
+//
+// In the response, the uploads are sorted by key. If your application has initiated
+// more than one multipart upload using the same object key, then uploads in
+// the response are first sorted by key. Additionally, uploads are sorted in
+// ascending order within each key by the upload initiation time.
+//
+// For more information on multipart uploads, see Uploading Objects Using Multipart
+// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
+//
+// For information on permissions required to use the multipart upload API,
+// see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// The following operations are related to ListMultipartUploads:
+//
+// * CreateMultipartUpload
+//
+// * UploadPart
+//
+// * CompleteMultipartUpload
+//
+// * ListParts
+//
+// * AbortMultipartUpload
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4246,10 +5621,12 @@ func (c *S3) ListMultipartUploadsPagesWithContext(ctx aws.Context, input *ListMu
},
}
- cont := true
- for p.Next() && cont {
- cont = fn(p.Page().(*ListMultipartUploadsOutput), !p.HasNextPage())
+ for p.Next() {
+ if !fn(p.Page().(*ListMultipartUploadsOutput), !p.HasNextPage()) {
+ break
+ }
}
+
return p.Err()
}
@@ -4303,7 +5680,24 @@ func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *req
// ListObjectVersions API operation for Amazon Simple Storage Service.
//
-// Returns metadata about all of the versions of objects in a bucket.
+// Returns metadata about all of the versions of objects in a bucket. You can
+// also use request parameters as selection criteria to return metadata about
+// a subset of all the object versions.
+//
+// A 200 OK response can contain valid or invalid XML. Make sure to design your
+// application to parse the contents of the response and handle it appropriately.
+//
+// To use this operation, you must have READ access to the bucket.
+//
+// The following operations are related to ListObjectVersions:
+//
+// * ListObjectsV2
+//
+// * GetObject
+//
+// * PutObject
+//
+// * DeleteObject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4376,10 +5770,12 @@ func (c *S3) ListObjectVersionsPagesWithContext(ctx aws.Context, input *ListObje
},
}
- cont := true
- for p.Next() && cont {
- cont = fn(p.Page().(*ListObjectVersionsOutput), !p.HasNextPage())
+ for p.Next() {
+ if !fn(p.Page().(*ListObjectVersionsOutput), !p.HasNextPage()) {
+ break
+ }
}
+
return p.Err()
}
@@ -4433,9 +5829,27 @@ func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request,
// ListObjects API operation for Amazon Simple Storage Service.
//
-// Returns some or all (up to 1000) of the objects in a bucket. You can use
+// Returns some or all (up to 1,000) of the objects in a bucket. You can use
// the request parameters as selection criteria to return a subset of the objects
-// in a bucket.
+// in a bucket. A 200 OK response can contain valid or invalid XML. Be sure
+// to design your application to parse the contents of the response and handle
+// it appropriately.
+//
+// This API has been revised. We recommend that you use the newer version, ListObjectsV2,
+// when developing applications. For backward compatibility, Amazon S3 continues
+// to support ListObjects.
+//
+// The following operations are related to ListObjects:
+//
+// * ListObjectsV2
+//
+// * GetObject
+//
+// * PutObject
+//
+// * CreateBucket
+//
+// * ListBuckets
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4513,10 +5927,12 @@ func (c *S3) ListObjectsPagesWithContext(ctx aws.Context, input *ListObjectsInpu
},
}
- cont := true
- for p.Next() && cont {
- cont = fn(p.Page().(*ListObjectsOutput), !p.HasNextPage())
+ for p.Next() {
+ if !fn(p.Page().(*ListObjectsOutput), !p.HasNextPage()) {
+ break
+ }
}
+
return p.Err()
}
@@ -4570,10 +5986,34 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque
// ListObjectsV2 API operation for Amazon Simple Storage Service.
//
-// Returns some or all (up to 1000) of the objects in a bucket. You can use
+// Returns some or all (up to 1,000) of the objects in a bucket. You can use
// the request parameters as selection criteria to return a subset of the objects
-// in a bucket. Note: ListObjectsV2 is the revised List Objects API and we recommend
-// you use this revised API for new application development.
+// in a bucket. A 200 OK response can contain valid or invalid XML. Make sure
+// to design your application to parse the contents of the response and handle
+// it appropriately.
+//
+// To use this operation, you must have READ access to the bucket.
+//
+// To use this operation in an AWS Identity and Access Management (IAM) policy,
+// you must have permissions to perform the s3:ListBucket action. The bucket
+// owner has this permission by default and can grant this permission to others.
+// For more information about permissions, see Permissions Related to Bucket
+// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// This section describes the latest revision of the API. We recommend that
+// you use this revised API for application development. For backward compatibility,
+// Amazon S3 continues to support the prior version of this API, ListObjects.
+//
+// To get a list of your buckets, see ListBuckets.
+//
+// The following operations are related to ListObjectsV2:
+//
+// * GetObject
+//
+// * PutObject
+//
+// * CreateBucket
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4651,10 +6091,12 @@ func (c *S3) ListObjectsV2PagesWithContext(ctx aws.Context, input *ListObjectsV2
},
}
- cont := true
- for p.Next() && cont {
- cont = fn(p.Page().(*ListObjectsV2Output), !p.HasNextPage())
+ for p.Next() {
+ if !fn(p.Page().(*ListObjectsV2Output), !p.HasNextPage()) {
+ break
+ }
}
+
return p.Err()
}
@@ -4709,6 +6151,33 @@ func (c *S3) ListPartsRequest(input *ListPartsInput) (req *request.Request, outp
// ListParts API operation for Amazon Simple Storage Service.
//
// Lists the parts that have been uploaded for a specific multipart upload.
+// This operation must include the upload ID, which you obtain by sending the
+// initiate multipart upload request (see CreateMultipartUpload). This request
+// returns a maximum of 1,000 uploaded parts. The default number of parts returned
+// is 1,000 parts. You can restrict the number of parts returned by specifying
+// the max-parts request parameter. If your multipart upload consists of more
+// than 1,000 parts, the response returns an IsTruncated field with the value
+// of true, and a NextPartNumberMarker element. In subsequent ListParts requests
+// you can include the part-number-marker query string parameter and set its
+// value to the NextPartNumberMarker field value from the previous response.
+//
+// For more information on multipart uploads, see Uploading Objects Using Multipart
+// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html).
+//
+// For information on permissions required to use the multipart upload API,
+// see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html).
+//
+// The following operations are related to ListParts:
+//
+// * CreateMultipartUpload
+//
+// * UploadPart
+//
+// * CompleteMultipartUpload
+//
+// * AbortMultipartUpload
+//
+// * ListMultipartUploads
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4781,10 +6250,12 @@ func (c *S3) ListPartsPagesWithContext(ctx aws.Context, input *ListPartsInput, f
},
}
- cont := true
- for p.Next() && cont {
- cont = fn(p.Page().(*ListPartsOutput), !p.HasNextPage())
+ for p.Next() {
+ if !fn(p.Page().(*ListPartsOutput), !p.HasNextPage()) {
+ break
+ }
}
+
return p.Err()
}
@@ -4833,7 +6304,41 @@ func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateC
// PutBucketAccelerateConfiguration API operation for Amazon Simple Storage Service.
//
-// Sets the accelerate configuration of an existing bucket.
+// Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer
+// Acceleration is a bucket-level feature that enables you to perform faster
+// data transfers to Amazon S3.
+//
+// To use this operation, you must have permission to perform the s3:PutAccelerateConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// The Transfer Acceleration state of a bucket can be set to one of the following
+// two values:
+//
+// * Enabled – Enables accelerated data transfers to the bucket.
+//
+// * Suspended – Disables accelerated data transfers to the bucket.
+//
+// The GetBucketAccelerateConfiguration operation returns the transfer acceleration
+// state of a bucket.
+//
+// After setting the Transfer Acceleration state of a bucket to Enabled, it
+// might take up to thirty minutes before the data transfer rates to the bucket
+// increase.
+//
+// The name of the bucket used for Transfer Acceleration must be DNS-compliant
+// and must not contain periods (".").
+//
+// For more information about transfer acceleration, see Transfer Acceleration
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
+//
+// The following operations are related to PutBucketAccelerateConfiguration:
+//
+// * GetBucketAccelerateConfiguration
+//
+// * CreateBucket
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4903,12 +6408,101 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request
output = &PutBucketAclOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketAcl API operation for Amazon Simple Storage Service.
//
-// Sets the permissions on a bucket using access control lists (ACL).
+// Sets the permissions on an existing bucket using access control lists (ACL).
+// For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html).
+// To set the ACL of a bucket, you must have WRITE_ACP permission.
+//
+// You can use one of the following two ways to set a bucket's permissions:
+//
+// * Specify the ACL in the request body
+//
+// * Specify permissions using request headers
+//
+// You cannot specify access permission using both the body and the request
+// headers.
+//
+// Depending on your application needs, you may choose to set the ACL on a bucket
+// using either the request body or the headers. For example, if you have an
+// existing application that updates a bucket ACL using the request body, then
+// you can continue to use that approach.
+//
+// Access Permissions
+//
+// You can set access permissions using one of the following methods:
+//
+// * Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports
+// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a
+// predefined set of grantees and permissions. Specify the canned ACL name
+// as the value of x-amz-acl. If you use this header, you cannot use other
+// access control-specific headers in your request. For more information,
+// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+// * Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
+// x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using
+// these headers, you specify explicit access permissions and grantees (AWS
+// accounts or Amazon S3 groups) who will receive the permission. If you
+// use these ACL-specific headers, you cannot use the x-amz-acl header to
+// set a canned ACL. These parameters map to the set of permissions that
+// Amazon S3 supports in an ACL. For more information, see Access Control
+// List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+// You specify each grantee as a type=value pair, where the type is one of
+// the following: id – if the value specified is the canonical user ID
+// of an AWS account uri – if you are granting permissions to a predefined
+// group emailAddress – if the value specified is the email address of
+// an AWS account Using email addresses to specify a grantee is only supported
+// in the following AWS Regions: US East (N. Virginia) US West (N. California)
+// US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific
+// (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all
+// the Amazon S3 supported Regions and endpoints, see Regions and Endpoints
+// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in
+// the AWS General Reference. For example, the following x-amz-grant-write
+// header grants create, overwrite, and delete objects permission to LogDelivery
+// group predefined by Amazon S3 and two AWS accounts identified by their
+// email addresses. x-amz-grant-write: uri="http://acs.amazonaws.com/groups/s3/LogDelivery",
+// id="111122223333", id="555566667777"
+//
+// You can use either a canned ACL or specify access permissions explicitly.
+// You cannot do both.
+//
+// Grantee Values
+//
+// You can specify the person (grantee) to whom you're assigning access rights
+// (using request elements) in the following ways:
+//
+// * By the person's ID: <>ID<><>GranteesEmail<>
+// DisplayName is optional and ignored in the request
+//
+// * By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
+//
+// * By Email address: <>Grantees@email.com<>lt;/Grantee>
+// The grantee is resolved to the CanonicalUser and, in a response to a GET
+// Object acl request, appears as the CanonicalUser. Using email addresses
+// to specify a grantee is only supported in the following AWS Regions: US
+// East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific
+// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland)
+// South America (São Paulo) For a list of all the Amazon S3 supported Regions
+// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+// in the AWS General Reference.
+//
+// Related Resources
+//
+// * CreateBucket
+//
+// * DeleteBucket
+//
+// * GetObjectAcl
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -4984,7 +6578,50 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon
// PutBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service.
//
// Sets an analytics configuration for the bucket (specified by the analytics
-// configuration ID).
+// configuration ID). You can have up to 1,000 analytics configurations per
+// bucket.
+//
+// You can choose to have storage class analysis export analysis reports sent
+// to a comma-separated values (CSV) flat file. See the DataExport request element.
+// Reports are updated daily and are based on the object filters that you configure.
+// When selecting data export, you specify a destination bucket and an optional
+// destination prefix where the file is written. You can export the data to
+// a destination bucket in a different account. However, the destination bucket
+// must be in the same Region as the bucket that you are making the PUT analytics
+// configuration to. For more information, see Amazon S3 Analytics – Storage
+// Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html).
+//
+// You must create a bucket policy on the destination bucket where the exported
+// file is written to grant permissions to Amazon S3 to write objects to the
+// bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory
+// and Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
+//
+// To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// Special Errors
+//
+// * HTTP Error: HTTP 400 Bad Request Code: InvalidArgument Cause: Invalid
+// argument.
+//
+// * HTTP Error: HTTP 400 Bad Request Code: TooManyConfigurations Cause:
+// You are attempting to create a new configuration but have already reached
+// the 1,000-configuration limit.
+//
+// * HTTP Error: HTTP 403 Forbidden Code: AccessDenied Cause: You are not
+// the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration
+// bucket permission to set the configuration on the bucket.
+//
+// Related Resources
+//
+// *
+//
+// *
+//
+// *
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5054,12 +6691,58 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque
output = &PutBucketCorsOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketCors API operation for Amazon Simple Storage Service.
//
-// Sets the CORS configuration for a bucket.
+// Sets the cors configuration for your bucket. If the configuration exists,
+// Amazon S3 replaces it.
+//
+// To use this operation, you must be allowed to perform the s3:PutBucketCORS
+// action. By default, the bucket owner has this permission and can grant it
+// to others.
+//
+// You set this configuration on a bucket so that the bucket can service cross-origin
+// requests. For example, you might want to enable a request whose origin is
+// http://www.example.com to access your Amazon S3 bucket at my.example.bucket.com
+// by using the browser's XMLHttpRequest capability.
+//
+// To enable cross-origin resource sharing (CORS) on a bucket, you add the cors
+// subresource to the bucket. The cors subresource is an XML document in which
+// you configure rules that identify origins and the HTTP methods that can be
+// executed on your bucket. The document is limited to 64 KB in size.
+//
+// When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS request)
+// against a bucket, it evaluates the cors configuration on the bucket and uses
+// the first CORSRule rule that matches the incoming browser request to enable
+// a cross-origin request. For a rule to match, the following conditions must
+// be met:
+//
+// * The request's Origin header must match AllowedOrigin elements.
+//
+// * The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method
+// header in case of a pre-flight OPTIONS request must be one of the AllowedMethod
+// elements.
+//
+// * Every header specified in the Access-Control-Request-Headers request
+// header of a pre-flight request must match an AllowedHeader element.
+//
+// For more information about CORS, go to Enabling Cross-Origin Resource Sharing
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
+// Simple Storage Service Developer Guide.
+//
+// Related Resources
+//
+// * GetBucketCors
+//
+// * DeleteBucketCors
+//
+// * RESTOPTIONSobject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5129,13 +6812,38 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r
output = &PutBucketEncryptionOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketEncryption API operation for Amazon Simple Storage Service.
//
-// Creates a new server-side encryption configuration (or replaces an existing
-// one, if present).
+// This implementation of the PUT operation uses the encryption subresource
+// to set the default encryption state of an existing bucket.
+//
+// This implementation of the PUT operation sets default encryption for a bucket
+// using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS
+// customer master keys (CMKs) (SSE-KMS). For information about the Amazon S3
+// default encryption feature, see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html).
+//
+// This operation requires AWS Signature Version 4. For more information, see
+// Authenticating Requests (AWS Signature Version 4) (sig-v4-authenticating-requests.html).
+//
+// To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Related Resources
+//
+// * GetBucketEncryption
+//
+// * DeleteBucketEncryption
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5210,8 +6918,54 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon
// PutBucketInventoryConfiguration API operation for Amazon Simple Storage Service.
//
-// Adds an inventory configuration (identified by the inventory ID) from the
-// bucket.
+// This implementation of the PUT operation adds an inventory configuration
+// (identified by the inventory ID) to the bucket. You can have up to 1,000
+// inventory configurations per bucket.
+//
+// Amazon S3 inventory generates inventories of the objects in the bucket on
+// a daily or weekly basis, and the results are published to a flat file. The
+// bucket that is inventoried is called the source bucket, and the bucket where
+// the inventory flat file is stored is called the destination bucket. The destination
+// bucket must be in the same AWS Region as the source bucket.
+//
+// When you configure an inventory for a source bucket, you specify the destination
+// bucket where you want the inventory to be stored, and whether to generate
+// the inventory daily or weekly. You can also configure what object metadata
+// to include and whether to inventory all object versions or only current versions.
+// For more information, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// You must create a bucket policy on the destination bucket to grant permissions
+// to Amazon S3 to write objects to the bucket in the defined location. For
+// an example policy, see Granting Permissions for Amazon S3 Inventory and Storage
+// Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9).
+//
+// To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Special Errors
+//
+// * HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument
+//
+// * HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are
+// attempting to create a new configuration but have already reached the
+// 1,000-configuration limit.
+//
+// * HTTP 403 Forbidden Error Code: AccessDenied Cause: You are not the owner
+// of the specified bucket, or you do not have the s3:PutInventoryConfiguration
+// bucket permission to set the configuration on the bucket.
+//
+// Related Resources
+//
+// * GetBucketInventoryConfiguration
+//
+// * DeleteBucketInventoryConfiguration
+//
+// * ListBucketInventoryConfigurations
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5286,12 +7040,64 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req
output = &PutBucketLifecycleOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketLifecycle API operation for Amazon Simple Storage Service.
//
-// No longer used, see the PutBucketLifecycleConfiguration operation.
+//
+// For an updated version of this API, see PutBucketLifecycleConfiguration.
+// This version has been deprecated. Existing lifecycle configurations will
+// work. For new lifecycle configurations, use the updated API.
+//
+// Creates a new lifecycle configuration for the bucket or replaces an existing
+// lifecycle configuration. For information about lifecycle configuration, see
+// Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// By default, all Amazon S3 resources, including buckets, objects, and related
+// subresources (for example, lifecycle configuration and website configuration)
+// are private. Only the resource owner, the AWS account that created the resource,
+// can access it. The resource owner can optionally grant access permissions
+// to others by writing an access policy. For this operation, users must get
+// the s3:PutLifecycleConfiguration permission.
+//
+// You can also explicitly deny permissions. Explicit denial also supersedes
+// any other permissions. If you want to prevent users or accounts from removing
+// or deleting objects from your bucket, you must deny them permissions for
+// the following actions:
+//
+// * s3:DeleteObject
+//
+// * s3:DeleteObjectVersion
+//
+// * s3:PutLifecycleConfiguration
+//
+// For more information about permissions, see Managing Access Permissions to
+// your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// For more examples of transitioning objects to storage classes such as STANDARD_IA
+// or ONEZONE_IA, see Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples).
+//
+// Related Resources
+//
+// * GetBucketLifecycle(Deprecated)
+//
+// * GetBucketLifecycleConfiguration
+//
+// *
+//
+// * By default, a resource owner—in this case, a bucket owner, which is
+// the AWS account that created the bucket—can perform any of the operations.
+// A resource owner can also grant others permission to perform the operation.
+// For more information, see the following topics in the Amazon Simple Storage
+// Service Developer Guide: Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5365,24 +7171,89 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon
output = &PutBucketLifecycleConfigurationOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketLifecycleConfiguration API operation for Amazon Simple Storage Service.
//
-// Sets lifecycle configuration for your bucket. If a lifecycle configuration
-// exists, it replaces it.
+// Creates a new lifecycle configuration for the bucket or replaces an existing
+// lifecycle configuration. For information about lifecycle configuration, see
+// Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
//
-// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
-// with awserr.Error's Code and Message methods to get detailed information about
-// the error.
+// Bucket lifecycle configuration now supports specifying a lifecycle rule using
+// an object key name prefix, one or more object tags, or a combination of both.
+// Accordingly, this section describes the latest API. The previous version
+// of the API supported filtering based only on an object key name prefix, which
+// is supported for backward compatibility. For the related API description,
+// see PutBucketLifecycle.
//
-// See the AWS API reference guide for Amazon Simple Storage Service's
-// API operation PutBucketLifecycleConfiguration for usage and error information.
-// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration
-func (c *S3) PutBucketLifecycleConfiguration(input *PutBucketLifecycleConfigurationInput) (*PutBucketLifecycleConfigurationOutput, error) {
- req, out := c.PutBucketLifecycleConfigurationRequest(input)
- return out, req.Send()
+// Rules
+//
+// You specify the lifecycle configuration in your request body. The lifecycle
+// configuration is specified as XML consisting of one or more rules. Each rule
+// consists of the following:
+//
+// * Filter identifying a subset of objects to which the rule applies. The
+// filter can be based on a key name prefix, object tags, or a combination
+// of both.
+//
+// * Status whether the rule is in effect.
+//
+// * One or more lifecycle transition and expiration actions that you want
+// Amazon S3 to perform on the objects identified by the filter. If the state
+// of your bucket is versioning-enabled or versioning-suspended, you can
+// have many versions of the same object (one current version and zero or
+// more noncurrent versions). Amazon S3 provides predefined actions that
+// you can specify for current and noncurrent object versions.
+//
+// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// and Lifecycle Configuration Elements (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html).
+//
+// Permissions
+//
+// By default, all Amazon S3 resources are private, including buckets, objects,
+// and related subresources (for example, lifecycle configuration and website
+// configuration). Only the resource owner (that is, the AWS account that created
+// it) can access the resource. The resource owner can optionally grant access
+// permissions to others by writing an access policy. For this operation, a
+// user must get the s3:PutLifecycleConfiguration permission.
+//
+// You can also explicitly deny permissions. Explicit deny also supersedes any
+// other permissions. If you want to block users or accounts from removing or
+// deleting objects from your bucket, you must deny them permissions for the
+// following actions:
+//
+// * s3:DeleteObject
+//
+// * s3:DeleteObjectVersion
+//
+// * s3:PutLifecycleConfiguration
+//
+// For more information about permissions, see Managing Access Permissions to
+// Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// The following are related to PutBucketLifecycleConfiguration:
+//
+// * Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html)
+//
+// * GetBucketLifecycleConfiguration
+//
+// * DeleteBucketLifecycle
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon Simple Storage Service's
+// API operation PutBucketLifecycleConfiguration for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration
+func (c *S3) PutBucketLifecycleConfiguration(input *PutBucketLifecycleConfigurationInput) (*PutBucketLifecycleConfigurationOutput, error) {
+ req, out := c.PutBucketLifecycleConfigurationRequest(input)
+ return out, req.Send()
}
// PutBucketLifecycleConfigurationWithContext is the same as PutBucketLifecycleConfiguration with the addition of
@@ -5441,15 +7312,62 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request
output = &PutBucketLoggingOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketLogging API operation for Amazon Simple Storage Service.
//
// Set the logging parameters for a bucket and to specify permissions for who
-// can view and modify the logging parameters. To set the logging status of
+// can view and modify the logging parameters. All logs are saved to buckets
+// in the same AWS Region as the source bucket. To set the logging status of
// a bucket, you must be the bucket owner.
//
+// The bucket owner is automatically granted FULL_CONTROL to all logs. You use
+// the Grantee request element to grant access to other people. The Permissions
+// request element specifies the kind of access the grantee has to the logs.
+//
+// Grantee Values
+//
+// You can specify the person (grantee) to whom you're assigning access rights
+// (using request elements) in the following ways:
+//
+// * By the person's ID: <>ID<><>GranteesEmail<>
+// DisplayName is optional and ignored in the request.
+//
+// * By Email address: <>Grantees@email.com<>
+// The grantee is resolved to the CanonicalUser and, in a response to a GET
+// Object acl request, appears as the CanonicalUser.
+//
+// * By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
+//
+// To enable logging, you use LoggingEnabled and its children request elements.
+// To disable logging, you use an empty BucketLoggingStatus request element:
+//
+//
+//
+// For more information about server access logging, see Server Access Logging
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html).
+//
+// For more information about creating a bucket, see CreateBucket. For more
+// information about returning the logging status of a bucket, see GetBucketLogging.
+//
+// The following operations are related to PutBucketLogging:
+//
+// * PutObject
+//
+// * DeleteBucket
+//
+// * CreateBucket
+//
+// * GetBucketLogging
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -5524,7 +7442,33 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu
// PutBucketMetricsConfiguration API operation for Amazon Simple Storage Service.
//
// Sets a metrics configuration (specified by the metrics configuration ID)
-// for the bucket.
+// for the bucket. You can have up to 1,000 metrics configurations per bucket.
+// If you're updating an existing metrics configuration, note that this is a
+// full replacement of the existing metrics configuration. If you don't include
+// the elements you want to keep, they are erased.
+//
+// To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration
+// action. The bucket owner has this permission by default. The bucket owner
+// can grant this permission to others. For more information about permissions,
+// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// For information about CloudWatch request metrics for Amazon S3, see Monitoring
+// Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html).
+//
+// The following operations are related to PutBucketMetricsConfiguration:
+//
+// * DeleteBucketMetricsConfiguration
+//
+// * PutBucketMetricsConfiguration
+//
+// * ListBucketMetricsConfigurations
+//
+// GetBucketLifecycle has the following special error:
+//
+// * Error code: TooManyConfigurations Description: You are attempting to
+// create a new configuration but have already reached the 1,000-configuration
+// limit. HTTP Status Code: HTTP 400 Bad Request
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5599,6 +7543,10 @@ func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (re
output = &PutBucketNotificationOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
@@ -5683,7 +7631,55 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat
// PutBucketNotificationConfiguration API operation for Amazon Simple Storage Service.
//
-// Enables notifications of specified events for a bucket.
+// Enables notifications of specified events for a bucket. For more information
+// about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+//
+// Using this API, you can replace an existing notification configuration. The
+// configuration is an XML file that defines the event types that you want Amazon
+// S3 to publish and the destination where you want Amazon S3 to publish an
+// event notification when it detects an event of the specified type.
+//
+// By default, your bucket has no event notifications configured. That is, the
+// notification configuration will be an empty NotificationConfiguration.
+//
+//
+//
+//
+//
+// This operation replaces the existing notification configuration with the
+// configuration you include in the request body.
+//
+// After Amazon S3 receives this request, it first verifies that any Amazon
+// Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon
+// SQS) destination exists, and that the bucket owner has permission to publish
+// to it by sending a test notification. In the case of AWS Lambda destinations,
+// Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission
+// to invoke the function from the Amazon S3 bucket. For more information, see
+// Configuring Notifications for Amazon S3 Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
+//
+// You can disable notifications by adding the empty NotificationConfiguration
+// element.
+//
+// By default, only the bucket owner can configure notifications on a bucket.
+// However, bucket owners can use a bucket policy to grant permission to other
+// users to set this configuration with s3:PutBucketNotification permission.
+//
+// The PUT notification is an atomic operation. For example, suppose your notification
+// configuration includes SNS topic, SQS queue, and Lambda function configurations.
+// When you send a PUT request with this configuration, Amazon S3 sends test
+// messages to your SNS topic. If the message fails, the entire PUT operation
+// will fail, and Amazon S3 will not add the configuration to your bucket.
+//
+// Responses
+//
+// If the configuration in the request body includes only one TopicConfiguration
+// specifying only the s3:ReducedRedundancyLostObject event type, the response
+// will also include the x-amz-sns-test-message-id header containing the message
+// ID of the test notification sent to the topic.
+//
+// The following operation is related to PutBucketNotificationConfiguration:
+//
+// * GetBucketNotificationConfiguration
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5753,12 +7749,37 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R
output = &PutBucketPolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketPolicy API operation for Amazon Simple Storage Service.
//
-// Applies an Amazon S3 bucket policy to an Amazon S3 bucket.
+// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using
+// an identity other than the root user of the AWS account that owns the bucket,
+// the calling identity must have the PutBucketPolicy permissions on the specified
+// bucket and belong to the bucket owner's account in order to use this operation.
+//
+// If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access
+// Denied error. If you have the correct permissions, but you're not using an
+// identity that belongs to the bucket owner's account, Amazon S3 returns a
+// 405 Method Not Allowed error.
+//
+// As a security precaution, the root user of the AWS account that owns a bucket
+// can always use this operation, even if the policy explicitly denies the root
+// user the ability to perform this action.
+//
+// For more information about bucket policies, see Using Bucket Policies and
+// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html).
+//
+// The following operations are related to PutBucketPolicy:
+//
+// * CreateBucket
+//
+// * DeleteBucket
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5828,15 +7849,66 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req
output = &PutBucketReplicationOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketReplication API operation for Amazon Simple Storage Service.
//
// Creates a replication configuration or replaces an existing one. For more
-// information, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
+// information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
// in the Amazon S3 Developer Guide.
//
+// To perform this operation, the user or role performing the operation must
+// have the iam:PassRole (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html)
+// permission.
+//
+// Specify the replication configuration in the request body. In the replication
+// configuration, you provide the name of the destination bucket where you want
+// Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to
+// replicate objects on your behalf, and other relevant information.
+//
+// A replication configuration must include at least one rule, and can contain
+// a maximum of 1,000. Each rule identifies a subset of objects to replicate
+// by filtering the objects in the source bucket. To choose additional subsets
+// of objects to replicate, add a rule for each subset. All rules must specify
+// the same destination bucket.
+//
+// To specify a subset of the objects in the source bucket to apply a replication
+// rule to, add the Filter element as a child of the Rule element. You can filter
+// objects based on an object key prefix, one or more object tags, or both.
+// When you add the Filter element in the configuration, you must also add the
+// following elements: DeleteMarkerReplication, Status, and Priority.
+//
+// For information about enabling versioning on a bucket, see Using Versioning
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html).
+//
+// By default, a resource owner, in this case the AWS account that created the
+// bucket, can perform this operation. The resource owner can also grant others
+// permissions to perform the operation. For more information about permissions,
+// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// Handling Replication of Encrypted Objects
+//
+// By default, Amazon S3 doesn't replicate objects that are stored at rest using
+// server-side encryption with CMKs stored in AWS KMS. To replicate AWS KMS-encrypted
+// objects, add the following: SourceSelectionCriteria, SseKmsEncryptedObjects,
+// Status, EncryptionConfiguration, and ReplicaKmsKeyID. For information about
+// replication configuration, see Replicating Objects Created with SSE Using
+// CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html).
+//
+// For information on PutBucketReplication errors, see ReplicationErrorCodeList
+//
+// The following operations are related to PutBucketReplication:
+//
+// * GetBucketReplication
+//
+// * DeleteBucketReplication
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -5905,6 +7977,10 @@ func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput)
output = &PutBucketRequestPaymentOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
@@ -5913,8 +7989,14 @@ func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput)
// Sets the request payment configuration for a bucket. By default, the bucket
// owner pays for downloads from the bucket. This configuration parameter enables
// the bucket owner (only) to specify that the person requesting the download
-// will be charged for the download. Documentation on requester pays buckets
-// can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html
+// will be charged for the download. For more information, see Requester Pays
+// Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html).
+//
+// The following operations are related to PutBucketRequestPayment:
+//
+// * CreateBucket
+//
+// * GetBucketRequestPayment
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -5984,6 +8066,10 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request
output = &PutBucketTaggingOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
@@ -5991,6 +8077,47 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request
//
// Sets the tags for a bucket.
//
+// Use tags to organize your AWS bill to reflect your own cost structure. To
+// do this, sign up to get your AWS account bill with tag key values included.
+// Then, to see the cost of combined resources, organize your billing information
+// according to resources with the same tag key values. For example, you can
+// tag several resources with a specific application name, and then organize
+// your billing information to see the total cost of that application across
+// several services. For more information, see Cost Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html).
+//
+// Within a bucket, if you add a tag that has the same key as an existing tag,
+// the new value overwrites the old value. For more information, see Using Cost
+// Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html).
+//
+// To use this operation, you must have permissions to perform the s3:PutBucketTagging
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html).
+//
+// PutBucketTagging has the following special errors:
+//
+// * Error code: InvalidTagError Description: The tag provided was not a
+// valid tag. This error can occur if the tag did not pass input validation.
+// For information about tag restrictions, see User-Defined Tag Restrictions
+// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
+// and AWS-Generated Cost Allocation Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html).
+//
+// * Error code: MalformedXMLError Description: The XML provided does not
+// match the schema.
+//
+// * Error code: OperationAbortedError Description: A conflicting conditional
+// operation is currently in progress against this resource. Please try again.
+//
+// * Error code: InternalError Description: The service was unable to apply
+// the provided tag to the bucket.
+//
+// The following operations are related to PutBucketTagging:
+//
+// * GetBucketTagging
+//
+// * DeleteBucketTagging
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -6059,6 +8186,10 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r
output = &PutBucketVersioningOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
@@ -6067,6 +8198,38 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r
// Sets the versioning state of an existing bucket. To set the versioning state,
// you must be the bucket owner.
//
+// You can set the versioning state with one of the following values:
+//
+// Enabled—Enables versioning for the objects in the bucket. All objects added
+// to the bucket receive a unique version ID.
+//
+// Suspended—Disables versioning for the objects in the bucket. All objects
+// added to the bucket receive the version ID null.
+//
+// If the versioning state has never been set on a bucket, it has no versioning
+// state; a GetBucketVersioning request does not return a versioning state value.
+//
+// If the bucket owner enables MFA Delete in the bucket versioning configuration,
+// the bucket owner must include the x-amz-mfa request header and the Status
+// and the MfaDelete request elements in a request to set the versioning state
+// of the bucket.
+//
+// If you have an object expiration lifecycle policy in your non-versioned bucket
+// and you want to maintain the same permanent delete behavior when you enable
+// versioning, you must add a noncurrent expiration policy. The noncurrent expiration
+// lifecycle policy will manage the deletes of the noncurrent object versions
+// in the version-enabled bucket. (A version-enabled bucket maintains one current
+// and zero or more noncurrent object versions.) For more information, see Lifecycle
+// and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config).
+//
+// Related Resources
+//
+// * CreateBucket
+//
+// * DeleteBucket
+//
+// * GetBucketVersioning
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -6135,12 +8298,81 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request
output = &PutBucketWebsiteOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutBucketWebsite API operation for Amazon Simple Storage Service.
//
-// Set the website configuration for a bucket.
+// Sets the configuration of the website that is specified in the website subresource.
+// To configure a bucket as a website, you can add this subresource on the bucket
+// with website configuration information such as the file name of the index
+// document and any redirect rules. For more information, see Hosting Websites
+// on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
+//
+// This PUT operation requires the S3:PutBucketWebsite permission. By default,
+// only the bucket owner can configure the website attached to a bucket; however,
+// bucket owners can allow other users to set the website configuration by writing
+// a bucket policy that grants them the S3:PutBucketWebsite permission.
+//
+// To redirect all website requests sent to the bucket's website endpoint, you
+// add a website configuration with the following elements. Because all requests
+// are sent to another website, you don't need to provide index document name
+// for the bucket.
+//
+// * WebsiteConfiguration
+//
+// * RedirectAllRequestsTo
+//
+// * HostName
+//
+// * Protocol
+//
+// If you want granular control over redirects, you can use the following elements
+// to add routing rules that describe conditions for redirecting requests and
+// information about the redirect destination. In this case, the website configuration
+// must provide an index document for the bucket, because some requests might
+// not be redirected.
+//
+// * WebsiteConfiguration
+//
+// * IndexDocument
+//
+// * Suffix
+//
+// * ErrorDocument
+//
+// * Key
+//
+// * RoutingRules
+//
+// * RoutingRule
+//
+// * Condition
+//
+// * HttpErrorCodeReturnedEquals
+//
+// * KeyPrefixEquals
+//
+// * Redirect
+//
+// * Protocol
+//
+// * HostName
+//
+// * ReplaceKeyPrefixWith
+//
+// * ReplaceKeyWith
+//
+// * HttpRedirectCode
+//
+// Amazon S3 has a limitation of 50 routing rules per website configuration.
+// If you require more than 50 routing rules, you can use object redirect. For
+// more information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html)
+// in the Amazon Simple Storage Service Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -6214,7 +8446,70 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp
// PutObject API operation for Amazon Simple Storage Service.
//
-// Adds an object to a bucket.
+// Adds an object to a bucket. You must have WRITE permissions on a bucket to
+// add an object to it.
+//
+// Amazon S3 never adds partial objects; if you receive a success response,
+// Amazon S3 added the entire object to the bucket.
+//
+// Amazon S3 is a distributed system. If it receives multiple write requests
+// for the same object simultaneously, it overwrites all but the last object
+// written. Amazon S3 does not provide object locking; if you need this, make
+// sure to build it into your application layer or use versioning instead.
+//
+// To ensure that data is not corrupted traversing the network, use the Content-MD5
+// header. When you use this header, Amazon S3 checks the object against the
+// provided MD5 value and, if they do not match, returns an error. Additionally,
+// you can calculate the MD5 while putting an object to Amazon S3 and compare
+// the returned ETag to the calculated MD5 value.
+//
+// The Content-MD5 header is required for any request to upload an object with
+// a retention period configured using Amazon S3 Object Lock. For more information
+// about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Server-side Encryption
+//
+// You can optionally request server-side encryption. With server-side encryption,
+// Amazon S3 encrypts your data as it writes it to disks in its data centers
+// and decrypts the data when you access it. You have the option to provide
+// your own encryption key or use AWS managed encryption keys. For more information,
+// see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html).
+//
+// Access Control List (ACL)-Specific Request Headers
+//
+// You can use headers to grant ACL- based permissions. By default, all objects
+// are private. Only the owner has full access control. When adding a new object,
+// you can grant permissions to individual AWS accounts or to predefined groups
+// defined by Amazon S3. These permissions are then added to the ACL on the
+// object. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html).
+//
+// Storage Class Options
+//
+// By default, Amazon S3 uses the STANDARD storage class to store newly created
+// objects. The STANDARD storage class provides high durability and high availability.
+// Depending on performance needs, you can specify a different storage class.
+// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
+// in the Amazon S3 Service Developer Guide.
+//
+// Versioning
+//
+// If you enable versioning for a bucket, Amazon S3 automatically generates
+// a unique version ID for the object being stored. Amazon S3 returns this ID
+// in the response. When you enable versioning for a bucket, if Amazon S3 receives
+// multiple write requests for the same object simultaneously, it stores all
+// of the objects.
+//
+// For more information about versioning, see Adding Objects to Versioning Enabled
+// Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html).
+// For information about returning the versioning state of a bucket, see GetBucketVersioning.
+//
+// Related Resources
+//
+// * CopyObject
+//
+// * DeleteObject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -6283,13 +8578,97 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request
output = &PutObjectAclOutput{}
req = c.newRequest(op, input, output)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutObjectAcl API operation for Amazon Simple Storage Service.
//
-// uses the acl subresource to set the access control list (ACL) permissions
-// for an object that already exists in a bucket
+// Uses the acl subresource to set the access control list (ACL) permissions
+// for an object that already exists in a bucket. You must have WRITE_ACP permission
+// to set the ACL of an object.
+//
+// Depending on your application needs, you can choose to set the ACL on an
+// object using either the request body or the headers. For example, if you
+// have an existing application that updates a bucket ACL using the request
+// body, you can continue to use that approach. For more information, see Access
+// Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html)
+// in the Amazon S3 Developer Guide.
+//
+// Access Permissions
+//
+// You can set access permissions using one of the following methods:
+//
+// * Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports
+// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a
+// predefined set of grantees and permissions. Specify the canned ACL name
+// as the value of x-amz-acl. If you use this header, you cannot use other
+// access control-specific headers in your request. For more information,
+// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
+//
+// * Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp,
+// x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using
+// these headers, you specify explicit access permissions and grantees (AWS
+// accounts or Amazon S3 groups) who will receive the permission. If you
+// use these ACL-specific headers, you cannot use x-amz-acl header to set
+// a canned ACL. These parameters map to the set of permissions that Amazon
+// S3 supports in an ACL. For more information, see Access Control List (ACL)
+// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html).
+// You specify each grantee as a type=value pair, where the type is one of
+// the following: id – if the value specified is the canonical user ID
+// of an AWS account uri – if you are granting permissions to a predefined
+// group emailAddress – if the value specified is the email address of
+// an AWS account Using email addresses to specify a grantee is only supported
+// in the following AWS Regions: US East (N. Virginia) US West (N. California)
+// US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific
+// (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all
+// the Amazon S3 supported Regions and endpoints, see Regions and Endpoints
+// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in
+// the AWS General Reference. For example, the following x-amz-grant-read
+// header grants list objects permission to the two AWS accounts identified
+// by their email addresses. x-amz-grant-read: emailAddress="xyz@amazon.com",
+// emailAddress="abc@amazon.com"
+//
+// You can use either a canned ACL or specify access permissions explicitly.
+// You cannot do both.
+//
+// Grantee Values
+//
+// You can specify the person (grantee) to whom you're assigning access rights
+// (using request elements) in the following ways:
+//
+// * By the person's ID: <>ID<><>GranteesEmail<>
+// DisplayName is optional and ignored in the request.
+//
+// * By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
+//
+// * By Email address: <>Grantees@email.com<>lt;/Grantee>
+// The grantee is resolved to the CanonicalUser and, in a response to a GET
+// Object acl request, appears as the CanonicalUser. Using email addresses
+// to specify a grantee is only supported in the following AWS Regions: US
+// East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific
+// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland)
+// South America (São Paulo) For a list of all the Amazon S3 supported Regions
+// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+// in the AWS General Reference.
+//
+// Versioning
+//
+// The ACL of an object is set at the object version level. By default, PUT
+// sets the ACL of the current version of an object. To set the ACL of a different
+// version, use the versionId subresource.
+//
+// Related Resources
+//
+// * CopyObject
+//
+// * GetObject
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -6363,6 +8742,10 @@ func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *req
output = &PutObjectLegalHoldOutput{}
req = c.newRequest(op, input, output)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
@@ -6370,6 +8753,10 @@ func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *req
//
// Applies a Legal Hold configuration to the specified object.
//
+// Related Resources
+//
+// * Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -6437,15 +8824,26 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration
output = &PutObjectLockConfigurationOutput{}
req = c.newRequest(op, input, output)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutObjectLockConfiguration API operation for Amazon Simple Storage Service.
//
-// Places an object lock configuration on the specified bucket. The rule specified
-// in the object lock configuration will be applied by default to every new
+// Places an Object Lock configuration on the specified bucket. The rule specified
+// in the Object Lock configuration will be applied by default to every new
// object placed in the specified bucket.
//
+// DefaultRetention requires either Days or Years. You can't specify both at
+// the same time.
+//
+// Related Resources
+//
+// * Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -6513,6 +8911,10 @@ func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *req
output = &PutObjectRetentionOutput{}
req = c.newRequest(op, input, output)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
@@ -6520,6 +8922,10 @@ func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *req
//
// Places an Object Retention configuration on an object.
//
+// Related Resources
+//
+// * Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html)
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -6587,12 +8993,53 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request
output = &PutObjectTaggingOutput{}
req = c.newRequest(op, input, output)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutObjectTagging API operation for Amazon Simple Storage Service.
//
-// Sets the supplied tag-set to an object that already exists in a bucket
+// Sets the supplied tag-set to an object that already exists in a bucket.
+//
+// A tag is a key-value pair. You can associate tags with an object by sending
+// a PUT request against the tagging subresource that is associated with the
+// object. You can retrieve tags by sending a GET request. For more information,
+// see GetObjectTagging.
+//
+// For tagging-related restrictions related to characters and encodings, see
+// Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html).
+// Note that Amazon S3 limits the maximum number of tags to 10 tags per object.
+//
+// To use this operation, you must have permission to perform the s3:PutObjectTagging
+// action. By default, the bucket owner has this permission and can grant this
+// permission to others.
+//
+// To put tags of any other version, use the versionId query parameter. You
+// also need permission for the s3:PutObjectVersionTagging action.
+//
+// For information about the Amazon S3 object tagging feature, see Object Tagging
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
+//
+// Special Errors
+//
+// * Code: InvalidTagError Cause: The tag provided was not a valid tag. This
+// error can occur if the tag did not pass input validation. For more information,
+// see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html).
+//
+// * Code: MalformedXMLError Cause: The XML provided does not match the schema.
+//
+// * Code: OperationAbortedError Cause: A conflicting conditional operation
+// is currently in progress against this resource. Please try again.
+//
+// * Code: InternalError Cause: The service was unable to apply the provided
+// tag to the object.
+//
+// Related Resources
+//
+// * GetObjectTagging
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -6662,13 +9109,39 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req
output = &PutPublicAccessBlockOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ req.Handlers.Build.PushBackNamed(request.NamedHandler{
+ Name: "contentMd5Handler",
+ Fn: checksum.AddBodyContentMD5Handler,
+ })
return
}
// PutPublicAccessBlock API operation for Amazon Simple Storage Service.
//
// Creates or modifies the PublicAccessBlock configuration for an Amazon S3
-// bucket.
+// bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock
+// permission. For more information about Amazon S3 permissions, see Specifying
+// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html).
+//
+// When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket
+// or an object, it checks the PublicAccessBlock configuration for both the
+// bucket (or the bucket that contains the object) and the bucket owner's account.
+// If the PublicAccessBlock configurations are different between the bucket
+// and the account, Amazon S3 uses the most restrictive combination of the bucket-level
+// and account-level settings.
+//
+// For more information about when Amazon S3 considers a bucket or an object
+// public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status).
+//
+// Related Resources
+//
+// * GetPublicAccessBlock
+//
+// * DeletePublicAccessBlock
+//
+// * GetBucketPolicyStatus
+//
+// * Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html)
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -6744,6 +9217,190 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque
//
// Restores an archived copy of an object back into Amazon S3
//
+// This operation performs the following types of requests:
+//
+// * select - Perform a select query on an archived object
+//
+// * restore an archive - Restore an archived object
+//
+// To use this operation, you must have permissions to perform the s3:RestoreObject
+// action. The bucket owner has this permission by default and can grant this
+// permission to others. For more information about permissions, see Permissions
+// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
+// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Querying Archives with Select Requests
+//
+// You use a select type of request to perform SQL queries on archived objects.
+// The archived objects that are being queried by the select request must be
+// formatted as uncompressed comma-separated values (CSV) files. You can run
+// queries and custom analytics on your archived data without having to restore
+// your data to a hotter Amazon S3 tier. For an overview about select requests,
+// see Querying Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// When making a select request, do the following:
+//
+// * Define an output location for the select query's output. This must be
+// an Amazon S3 bucket in the same AWS Region as the bucket that contains
+// the archive object that is being queried. The AWS account that initiates
+// the job must have permissions to write to the S3 bucket. You can specify
+// the storage class and encryption for the output objects stored in the
+// bucket. For more information about output, see Querying Archived Objects
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html)
+// in the Amazon Simple Storage Service Developer Guide. For more information
+// about the S3 structure in the request body, see the following: PutObject
+// Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html)
+// in the Amazon Simple Storage Service Developer Guide Protecting Data Using
+// Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+// in the Amazon Simple Storage Service Developer Guide
+//
+// * Define the SQL expression for the SELECT type of restoration for your
+// query in the request body's SelectParameters structure. You can use expressions
+// like the following examples. The following expression returns all records
+// from the specified object. SELECT * FROM Object Assuming that you are
+// not using any headers for data stored in the object, you can specify columns
+// with positional headers. SELECT s._1, s._2 FROM Object s WHERE s._3 >
+// 100 If you have headers and you set the fileHeaderInfo in the CSV structure
+// in the request body to USE, you can specify headers in the query. (If
+// you set the fileHeaderInfo field to IGNORE, the first row is skipped for
+// the query.) You cannot mix ordinal positions with header column names.
+// SELECT s.Id, s.FirstName, s.SSN FROM S3Object s
+//
+// For more information about using SQL with S3 Glacier Select restore, see
+// SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// When making a select request, you can also do the following:
+//
+// * To expedite your queries, specify the Expedited tier. For more information
+// about tiers, see "Restoring Archives," later in this topic.
+//
+// * Specify details about the data serialization format of both the input
+// object that is being queried and the serialization of the CSV-encoded
+// query results.
+//
+// The following are additional important facts about the select feature:
+//
+// * The output results are new Amazon S3 objects. Unlike archive retrievals,
+// they are stored until explicitly deleted-manually or through a lifecycle
+// policy.
+//
+// * You can issue more than one select request on the same Amazon S3 object.
+// Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests.
+//
+// * Amazon S3 accepts a select request even if the object has already been
+// restored. A select request doesn’t return error response 409.
+//
+// Restoring Archives
+//
+// Objects in the GLACIER and DEEP_ARCHIVE storage classes are archived. To
+// access an archived object, you must first initiate a restore request. This
+// restores a temporary copy of the archived object. In a restore request, you
+// specify the number of days that you want the restored copy to exist. After
+// the specified period, Amazon S3 deletes the temporary copy but the object
+// remains archived in the GLACIER or DEEP_ARCHIVE storage class that object
+// was restored from.
+//
+// To restore a specific object version, you can provide a version ID. If you
+// don't provide a version ID, Amazon S3 restores the current version.
+//
+// The time it takes restore jobs to finish depends on which storage class the
+// object is being restored from and which data access tier you specify.
+//
+// When restoring an archived object (or using a select request), you can specify
+// one of the following data access tier options in the Tier element of the
+// request body:
+//
+// * Expedited - Expedited retrievals allow you to quickly access your data
+// stored in the GLACIER storage class when occasional urgent requests for
+// a subset of archives are required. For all but the largest archived objects
+// (250 MB+), data accessed using Expedited retrievals are typically made
+// available within 1–5 minutes. Provisioned capacity ensures that retrieval
+// capacity for Expedited retrievals is available when you need it. Expedited
+// retrievals and provisioned capacity are not available for the DEEP_ARCHIVE
+// storage class.
+//
+// * Standard - S3 Standard retrievals allow you to access any of your archived
+// objects within several hours. This is the default option for the GLACIER
+// and DEEP_ARCHIVE retrieval requests that do not specify the retrieval
+// option. S3 Standard retrievals typically complete within 3-5 hours from
+// the GLACIER storage class and typically complete within 12 hours from
+// the DEEP_ARCHIVE storage class.
+//
+// * Bulk - Bulk retrievals are Amazon S3 Glacier’s lowest-cost retrieval
+// option, enabling you to retrieve large amounts, even petabytes, of data
+// inexpensively in a day. Bulk retrievals typically complete within 5-12
+// hours from the GLACIER storage class and typically complete within 48
+// hours from the DEEP_ARCHIVE storage class.
+//
+// For more information about archive retrieval options and provisioned capacity
+// for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// You can use Amazon S3 restore speed upgrade to change the restore speed to
+// a faster speed while it is in progress. You upgrade the speed of an in-progress
+// restoration by issuing another restore request to the same object, setting
+// a new Tier request element. When issuing a request to upgrade the restore
+// tier, you must choose a tier that is faster than the tier that the in-progress
+// restore is using. You must not change any other parameters, such as the Days
+// request element. For more information, see Upgrading the Speed of an In-Progress
+// Restore (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// To get the status of object restoration, you can send a HEAD request. Operations
+// return the x-amz-restore header, which provides information about the restoration
+// status, in the response. You can use Amazon S3 event notifications to notify
+// you when a restore is initiated or completed. For more information, see Configuring
+// Amazon S3 Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// After restoring an archived object, you can update the restoration period
+// by reissuing the request with a new period. Amazon S3 updates the restoration
+// period relative to the current time and charges only for the request-there
+// are no data transfer charges. You cannot update the restoration period when
+// Amazon S3 is actively processing your current restore request for the object.
+//
+// If your bucket has a lifecycle configuration with a rule that includes an
+// expiration action, the object expiration overrides the life span that you
+// specify in a restore request. For example, if you restore an object copy
+// for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes
+// the object in 3 days. For more information about lifecycle configuration,
+// see PutBucketLifecycleConfiguration and Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
+// in Amazon Simple Storage Service Developer Guide.
+//
+// Responses
+//
+// A successful operation returns either the 200 OK or 202 Accepted status code.
+//
+// * If the object copy is not previously restored, then Amazon S3 returns
+// 202 Accepted in the response.
+//
+// * If the object copy is previously restored, Amazon S3 returns 200 OK
+// in the response.
+//
+// Special Errors
+//
+// * Code: RestoreAlreadyInProgress Cause: Object restore is already in progress.
+// (This error does not apply to SELECT type requests.) HTTP Status Code:
+// 409 Conflict SOAP Fault Code Prefix: Client
+//
+// * Code: GlacierExpeditedRetrievalNotAvailable Cause: S3 Glacier expedited
+// retrievals are currently not available. Try again later. (Returned if
+// there is insufficient capacity to process the Expedited request. This
+// error applies only to Expedited retrievals and not to S3 Standard or Bulk
+// retrievals.) HTTP Status Code: 503 SOAP Fault Code Prefix: N/A
+//
+// Related Resources
+//
+// * PutBucketLifecycleConfiguration
+//
+// * GetBucketNotificationConfiguration
+//
+// * SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
+// in the Amazon Simple Storage Service Developer Guide
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -6753,7 +9410,7 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque
//
// Returned Error Codes:
// * ErrCodeObjectAlreadyInActiveTierError "ObjectAlreadyInActiveTierError"
-// This operation is not allowed against this storage tier
+// This operation is not allowed against this storage tier.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObject
func (c *S3) RestoreObject(input *RestoreObjectInput) (*RestoreObjectOutput, error) {
@@ -6816,20 +9473,103 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r
output = &SelectObjectContentOutput{}
req = c.newRequest(op, input, output)
+
+ es := newSelectObjectContentEventStream()
+ req.Handlers.Unmarshal.PushBack(es.setStreamCloser)
+ output.EventStream = es
+
req.Handlers.Send.Swap(client.LogHTTPResponseHandler.Name, client.LogHTTPResponseHeaderHandler)
req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, rest.UnmarshalHandler)
- req.Handlers.Unmarshal.PushBack(output.runEventStreamLoop)
+ req.Handlers.Unmarshal.PushBack(es.runOutputStream)
+ req.Handlers.Unmarshal.PushBack(es.runOnStreamPartClose)
return
}
// SelectObjectContent API operation for Amazon Simple Storage Service.
//
// This operation filters the contents of an Amazon S3 object based on a simple
-// Structured Query Language (SQL) statement. In the request, along with the
-// SQL expression, you must also specify a data serialization format (JSON or
-// CSV) of the object. Amazon S3 uses this to parse object data into records,
-// and returns only records that match the specified SQL expression. You must
-// also specify the data serialization format for the response.
+// structured query language (SQL) statement. In the request, along with the
+// SQL expression, you must also specify a data serialization format (JSON,
+// CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse
+// object data into records, and returns only records that match the specified
+// SQL expression. You must also specify the data serialization format for the
+// response.
+//
+// For more information about Amazon S3 Select, see Selecting Content from Objects
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// For more information about using SQL with Amazon S3 Select, see SQL Reference
+// for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Permissions
+//
+// You must have s3:GetObject permission for this operation. Amazon S3 Select
+// does not support anonymous access. For more information about permissions,
+// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Object Data Formats
+//
+// You can use Amazon S3 Select to query objects that have the following format
+// properties:
+//
+// * CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.
+//
+// * UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.
+//
+// * GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2.
+// GZIP and BZIP2 are the only compression formats that Amazon S3 Select
+// supports for CSV and JSON files. Amazon S3 Select supports columnar compression
+// for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object
+// compression for Parquet objects.
+//
+// * Server-side encryption - Amazon S3 Select supports querying objects
+// that are protected with server-side encryption. For objects that are encrypted
+// with customer-provided encryption keys (SSE-C), you must use HTTPS, and
+// you must use the headers that are documented in the GetObject. For more
+// information about SSE-C, see Server-Side Encryption (Using Customer-Provided
+// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html)
+// in the Amazon Simple Storage Service Developer Guide. For objects that
+// are encrypted with Amazon S3 managed encryption keys (SSE-S3) and customer
+// master keys (CMKs) stored in AWS Key Management Service (SSE-KMS), server-side
+// encryption is handled transparently, so you don't need to specify anything.
+// For more information about server-side encryption, including SSE-S3 and
+// SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Working with the Response Body
+//
+// Given the response size is unknown, Amazon S3 Select streams the response
+// as a series of messages and includes a Transfer-Encoding header with chunked
+// as its value in the response. For more information, see RESTSelectObjectAppendix .
+//
+// GetObject Support
+//
+// The SelectObjectContent operation does not support the following GetObject
+// functionality. For more information, see GetObject.
+//
+// * Range: Although you can specify a scan range for an Amazon S3 Select
+// request (see SelectObjectContentRequest$ScanRange in the request parameters),
+// you cannot specify the range of bytes of an object to return.
+//
+// * GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot
+// specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes.
+// For more information, about storage classes see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Special Errors
+//
+// For a list of special errors for this operation, see SelectObjectContentErrorCodeList
+//
+// Related Resources
+//
+// * GetObject
+//
+// * GetBucketLifecycleConfiguration
+//
+// * PutBucketLifecycleConfiguration
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -6859,11 +9599,152 @@ func (c *S3) SelectObjectContentWithContext(ctx aws.Context, input *SelectObject
return out, req.Send()
}
-const opUploadPart = "UploadPart"
+// SelectObjectContentEventStream provides the event stream handling for the SelectObjectContent.
+type SelectObjectContentEventStream struct {
-// UploadPartRequest generates a "aws/request.Request" representing the
-// client's request for the UploadPart operation. The "output" return
-// value will be populated with the request's response once the request completes
+ // Reader is the EventStream reader for the SelectObjectContentEventStream
+ // events. This value is automatically set by the SDK when the API call is made
+ // Use this member when unit testing your code with the SDK to mock out the
+ // EventStream Reader.
+ //
+ // Must not be nil.
+ Reader SelectObjectContentEventStreamReader
+
+ outputReader io.ReadCloser
+
+ // StreamCloser is the io.Closer for the EventStream connection. For HTTP
+ // EventStream this is the response Body. The stream will be closed when
+ // the Close method of the EventStream is called.
+ StreamCloser io.Closer
+
+ done chan struct{}
+ closeOnce sync.Once
+ err *eventstreamapi.OnceError
+}
+
+func newSelectObjectContentEventStream() *SelectObjectContentEventStream {
+ return &SelectObjectContentEventStream{
+ done: make(chan struct{}),
+ err: eventstreamapi.NewOnceError(),
+ }
+}
+
+func (es *SelectObjectContentEventStream) setStreamCloser(r *request.Request) {
+ es.StreamCloser = r.HTTPResponse.Body
+}
+
+func (es *SelectObjectContentEventStream) runOnStreamPartClose(r *request.Request) {
+ if es.done == nil {
+ return
+ }
+ go es.waitStreamPartClose()
+
+}
+
+func (es *SelectObjectContentEventStream) waitStreamPartClose() {
+ var outputErrCh <-chan struct{}
+ if v, ok := es.Reader.(interface{ ErrorSet() <-chan struct{} }); ok {
+ outputErrCh = v.ErrorSet()
+ }
+ var outputClosedCh <-chan struct{}
+ if v, ok := es.Reader.(interface{ Closed() <-chan struct{} }); ok {
+ outputClosedCh = v.Closed()
+ }
+
+ select {
+ case <-es.done:
+ case <-outputErrCh:
+ es.err.SetError(es.Reader.Err())
+ es.Close()
+ case <-outputClosedCh:
+ if err := es.Reader.Err(); err != nil {
+ es.err.SetError(es.Reader.Err())
+ }
+ es.Close()
+ }
+}
+
+// Events returns a channel to read events from.
+//
+// These events are:
+//
+// * ContinuationEvent
+// * EndEvent
+// * ProgressEvent
+// * RecordsEvent
+// * StatsEvent
+func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent {
+ return es.Reader.Events()
+}
+
+func (es *SelectObjectContentEventStream) runOutputStream(r *request.Request) {
+ var opts []func(*eventstream.Decoder)
+ if r.Config.Logger != nil && r.Config.LogLevel.Matches(aws.LogDebugWithEventStreamBody) {
+ opts = append(opts, eventstream.DecodeWithLogger(r.Config.Logger))
+ }
+
+ unmarshalerForEvent := unmarshalerForSelectObjectContentEventStreamEvent{
+ metadata: protocol.ResponseMetadata{
+ StatusCode: r.HTTPResponse.StatusCode,
+ RequestID: r.RequestID,
+ },
+ }.UnmarshalerForEventName
+
+ decoder := eventstream.NewDecoder(r.HTTPResponse.Body, opts...)
+ eventReader := eventstreamapi.NewEventReader(decoder,
+ protocol.HandlerPayloadUnmarshal{
+ Unmarshalers: r.Handlers.UnmarshalStream,
+ },
+ unmarshalerForEvent,
+ )
+
+ es.outputReader = r.HTTPResponse.Body
+ es.Reader = newReadSelectObjectContentEventStream(eventReader)
+}
+
+// Close closes the stream. This will also cause the stream to be closed.
+// Close must be called when done using the stream API. Not calling Close
+// may result in resource leaks.
+//
+// You can use the closing of the Reader's Events channel to terminate your
+// application's read from the API's stream.
+//
+func (es *SelectObjectContentEventStream) Close() (err error) {
+ es.closeOnce.Do(es.safeClose)
+ return es.Err()
+}
+
+func (es *SelectObjectContentEventStream) safeClose() {
+ if es.done != nil {
+ close(es.done)
+ }
+
+ es.Reader.Close()
+ if es.outputReader != nil {
+ es.outputReader.Close()
+ }
+
+ es.StreamCloser.Close()
+}
+
+// Err returns any error that occurred while reading or writing EventStream
+// Events from the service API's response. Returns nil if there were no errors.
+func (es *SelectObjectContentEventStream) Err() error {
+ if err := es.err.Err(); err != nil {
+ return err
+ }
+ if err := es.Reader.Err(); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+const opUploadPart = "UploadPart"
+
+// UploadPartRequest generates a "aws/request.Request" representing the
+// client's request for the UploadPart operation. The "output" return
+// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
@@ -6905,12 +9786,87 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou
//
// Uploads a part in a multipart upload.
//
+// In this operation, you provide part data in your request. However, you have
+// an option to specify your existing Amazon S3 object as a data source for
+// the part you are uploading. To upload a part from an existing object, you
+// use the UploadPartCopy operation.
+//
+// You must initiate a multipart upload (see CreateMultipartUpload) before you
+// can upload any part. In response to your initiate request, Amazon S3 returns
+// an upload ID, a unique identifier, that you must include in your upload part
+// request.
+//
+// Part numbers can be any number from 1 to 10,000, inclusive. A part number
+// uniquely identifies a part and also defines its position within the object
+// being created. If you upload a new part using the same part number that was
+// used with a previous part, the previously uploaded part is overwritten. Each
+// part must be at least 5 MB in size, except the last part. There is no size
+// limit on the last part of your multipart upload.
+//
+// To ensure that data is not corrupted when traversing the network, specify
+// the Content-MD5 header in the upload part request. Amazon S3 checks the part
+// data against the provided MD5 value. If they do not match, Amazon S3 returns
+// an error.
+//
// Note: After you initiate multipart upload and upload one or more parts, you
// must either complete or abort multipart upload in order to stop getting charged
// for storage of the uploaded parts. Only after you either complete or abort
// multipart upload, Amazon S3 frees up the parts storage and stops charging
// you for the parts storage.
//
+// For more information on multipart uploads, go to Multipart Upload Overview
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the
+// Amazon Simple Storage Service Developer Guide .
+//
+// For information on the permissions required to use the multipart upload API,
+// go to Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// You can optionally request server-side encryption where Amazon S3 encrypts
+// your data as it writes it to disks in its data centers and decrypts it for
+// you when you access it. You have the option of providing your own encryption
+// key, or you can use the AWS managed encryption keys. If you choose to provide
+// your own encryption key, the request headers you provide in the request must
+// match the headers you used in the request to initiate the upload by using
+// CreateMultipartUpload. For more information, go to Using Server-Side Encryption
+// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Server-side encryption is supported by the S3 Multipart Upload actions. Unless
+// you are using a customer-provided encryption key, you don't need to specify
+// the encryption parameters in each UploadPart request. Instead, you only need
+// to specify the server-side encryption parameters in the initial Initiate
+// Multipart request. For more information, see CreateMultipartUpload.
+//
+// If you requested server-side encryption using a customer-provided encryption
+// key in your initiate multipart upload request, you must provide identical
+// encryption information in each part upload using the following headers.
+//
+// * x-amz-server-side-encryption-customer-algorithm
+//
+// * x-amz-server-side-encryption-customer-key
+//
+// * x-amz-server-side-encryption-customer-key-MD5
+//
+// Special Errors
+//
+// * Code: NoSuchUpload Cause: The specified multipart upload does not exist.
+// The upload ID might be invalid, or the multipart upload might have been
+// aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault Code
+// Prefix: Client
+//
+// Related Resources
+//
+// * CreateMultipartUpload
+//
+// * CompleteMultipartUpload
+//
+// * AbortMultipartUpload
+//
+// * ListParts
+//
+// * ListMultipartUploads
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -6983,7 +9939,94 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req
// UploadPartCopy API operation for Amazon Simple Storage Service.
//
-// Uploads a part by copying data from an existing object as data source.
+// Uploads a part by copying data from an existing object as data source. You
+// specify the data source by adding the request header x-amz-copy-source in
+// your request and a byte range by adding the request header x-amz-copy-source-range
+// in your request.
+//
+// The minimum allowable part size for a multipart upload is 5 MB. For more
+// information about multipart upload limits, go to Quick Facts (https://docs.aws.amazon.com/AmazonS3/latest/dev/qfacts.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// Instead of using an existing object as part data, you might use the UploadPart
+// operation and provide data in your request.
+//
+// You must initiate a multipart upload before you can upload any part. In response
+// to your initiate request. Amazon S3 returns a unique identifier, the upload
+// ID, that you must include in your upload part request.
+//
+// For more information about using the UploadPartCopy operation, see the following:
+//
+// * For conceptual information about multipart uploads, see Uploading Objects
+// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// * For information about permissions required to use the multipart upload
+// API, see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// * For information about copying objects using a single atomic operation
+// vs. the multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html)
+// in the Amazon Simple Storage Service Developer Guide.
+//
+// * For information about using server-side encryption with customer-provided
+// encryption keys with the UploadPartCopy operation, see CopyObject and
+// UploadPart.
+//
+// Note the following additional considerations about the request headers x-amz-copy-source-if-match,
+// x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and
+// x-amz-copy-source-if-modified-since:
+//
+// * Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since
+// headers are present in the request as follows: x-amz-copy-source-if-match
+// condition evaluates to true, and; x-amz-copy-source-if-unmodified-since
+// condition evaluates to false; Amazon S3 returns 200 OK and copies the
+// data.
+//
+// * Consideration 2 - If both of the x-amz-copy-source-if-none-match and
+// x-amz-copy-source-if-modified-since headers are present in the request
+// as follows: x-amz-copy-source-if-none-match condition evaluates to false,
+// and; x-amz-copy-source-if-modified-since condition evaluates to true;
+// Amazon S3 returns 412 Precondition Failed response code.
+//
+// Versioning
+//
+// If your bucket has versioning enabled, you could have multiple versions of
+// the same object. By default, x-amz-copy-source identifies the current version
+// of the object to copy. If the current version is a delete marker and you
+// don't specify a versionId in the x-amz-copy-source, Amazon S3 returns a 404
+// error, because the object does not exist. If you specify versionId in the
+// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns
+// an HTTP 400 error, because you are not allowed to specify a delete marker
+// as a version for the x-amz-copy-source.
+//
+// You can optionally specify a specific version of the source object to copy
+// by adding the versionId subresource as shown in the following example:
+//
+// x-amz-copy-source: /bucket/object?versionId=version id
+//
+// Special Errors
+//
+// * Code: NoSuchUpload Cause: The specified multipart upload does not exist.
+// The upload ID might be invalid, or the multipart upload might have been
+// aborted or completed. HTTP Status Code: 404 Not Found
+//
+// * Code: InvalidRequest Cause: The specified copy source is not supported
+// as a byte-range copy source. HTTP Status Code: 400 Bad Request
+//
+// Related Resources
+//
+// * CreateMultipartUpload
+//
+// * UploadPart
+//
+// * CompleteMultipartUpload
+//
+// * AbortMultipartUpload
+//
+// * ListParts
+//
+// * ListMultipartUploads
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -7045,7 +10088,14 @@ func (s *AbortIncompleteMultipartUpload) SetDaysAfterInitiation(v int64) *AbortI
type AbortMultipartUploadInput struct {
_ struct{} `locationName:"AbortMultipartUploadRequest" type:"structure"`
- // Name of the bucket to which the multipart upload was initiated.
+ // The bucket name to which the upload was taking place.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -7055,10 +10105,11 @@ type AbortMultipartUploadInput struct {
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// Upload ID that identifies the multipart upload.
@@ -7133,6 +10184,20 @@ func (s *AbortMultipartUploadInput) SetUploadId(v string) *AbortMultipartUploadI
return s
}
+func (s *AbortMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *AbortMultipartUploadInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type AbortMultipartUploadOutput struct {
_ struct{} `type:"structure"`
@@ -7335,9 +10400,6 @@ func (s *AnalyticsAndOperator) SetTags(v []*Tag) *AnalyticsAndOperator {
// Specifies the configuration and any analyses for the analytics filter of
// an Amazon S3 bucket.
-//
-// For more information, see GET Bucket analytics (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETAnalyticsConfig.html)
-// in the Amazon Simple Storage Service API Reference.
type AnalyticsConfiguration struct {
_ struct{} `type:"structure"`
@@ -7456,6 +10518,9 @@ func (s *AnalyticsExportDestination) SetS3BucketDestination(v *AnalyticsS3Bucket
return s
}
+// The filter used to describe a set of objects for analyses. A filter must
+// have exactly one prefix, one tag, or one conjunction (AnalyticsAndOperator).
+// If no filter is provided, all objects will be considered in any analysis.
type AnalyticsFilter struct {
_ struct{} `type:"structure"`
@@ -7518,6 +10583,7 @@ func (s *AnalyticsFilter) SetTag(v *Tag) *AnalyticsFilter {
return s
}
+// Contains information about where to publish the analytics results.
type AnalyticsS3BucketDestination struct {
_ struct{} `type:"structure"`
@@ -7526,8 +10592,11 @@ type AnalyticsS3BucketDestination struct {
// Bucket is a required field
Bucket *string `type:"string" required:"true"`
- // The account ID that owns the destination bucket. If no account ID is provided,
- // the owner will not be validated prior to exporting data.
+ // The account ID that owns the destination S3 bucket. If no account ID is provided,
+ // the owner is not validated before exporting data.
+ //
+ // Although this value is optional, we strongly recommend that you set it to
+ // help prevent problems if the destination bucket ownership changes.
BucketAccountId *string `type:"string"`
// Specifies the file format used when exporting data to Amazon S3.
@@ -7596,6 +10665,8 @@ func (s *AnalyticsS3BucketDestination) SetPrefix(v string) *AnalyticsS3BucketDes
return s
}
+// In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name
+// is globally unique, and the namespace is shared by all AWS accounts.
type Bucket struct {
_ struct{} `type:"structure"`
@@ -7679,6 +10750,7 @@ func (s *BucketLifecycleConfiguration) SetRules(v []*LifecycleRule) *BucketLifec
return s
}
+// Container for logging status information.
type BucketLoggingStatus struct {
_ struct{} `type:"structure"`
@@ -7727,7 +10799,8 @@ func (s *BucketLoggingStatus) SetLoggingEnabled(v *LoggingEnabled) *BucketLoggin
type CORSConfiguration struct {
_ struct{} `type:"structure"`
- // A set of allowed origins and methods.
+ // A set of origins and methods (cross-origin access that you want to allow).
+ // You can add up to 100 rules to the configuration.
//
// CORSRules is a required field
CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"`
@@ -7859,7 +10932,8 @@ func (s *CORSRule) SetMaxAgeSeconds(v int64) *CORSRule {
return s
}
-// Describes how a CSV-formatted input object is formatted.
+// Describes how an uncompressed comma-separated values (CSV)-formatted input
+// object is formatted.
type CSVInput struct {
_ struct{} `type:"structure"`
@@ -7868,24 +10942,45 @@ type CSVInput struct {
// to TRUE may lower performance.
AllowQuotedRecordDelimiter *bool `type:"boolean"`
- // The single character used to indicate a row should be ignored when present
- // at the start of a row.
+ // A single character used to indicate that a row should be ignored when the
+ // character is present at the start of that row. You can specify any character
+ // to indicate a comment line.
Comments *string `type:"string"`
- // The value used to separate individual fields in a record.
+ // A single character used to separate individual fields in a record. You can
+ // specify an arbitrary delimiter.
FieldDelimiter *string `type:"string"`
- // Describes the first line of input. Valid values: None, Ignore, Use.
+ // Describes the first line of input. Valid values are:
+ //
+ // * NONE: First line is not a header.
+ //
+ // * IGNORE: First line is a header, but you can't use the header values
+ // to indicate the column in an expression. You can use column position (such
+ // as _1, _2, …) to indicate the column (SELECT s._1 FROM OBJECT s).
+ //
+ // * Use: First line is a header, and you can use the header value to identify
+ // a column in an expression (SELECT "name" FROM OBJECT).
FileHeaderInfo *string `type:"string" enum:"FileHeaderInfo"`
- // Value used for escaping where the field delimiter is part of the value.
+ // A single character used for escaping when the field delimiter is part of
+ // the value. For example, if the value is a, b, Amazon S3 wraps this field
+ // value in quotation marks, as follows: " a , b ".
+ //
+ // Type: String
+ //
+ // Default: "
+ //
+ // Ancestors: CSV
QuoteCharacter *string `type:"string"`
- // The single character used for escaping the quote character inside an already
- // escaped value.
+ // A single character used for escaping the quotation mark character inside
+ // an already escaped value. For example, the value """ a , b """ is parsed
+ // as " a , b ".
QuoteEscapeCharacter *string `type:"string"`
- // The value used to separate individual records.
+ // A single character used to separate individual records in the input. Instead
+ // of the default value, you can specify an arbitrary delimiter.
RecordDelimiter *string `type:"string"`
}
@@ -7941,24 +11036,33 @@ func (s *CSVInput) SetRecordDelimiter(v string) *CSVInput {
return s
}
-// Describes how CSV-formatted results are formatted.
+// Describes how uncompressed comma-separated values (CSV)-formatted results
+// are formatted.
type CSVOutput struct {
_ struct{} `type:"structure"`
- // The value used to separate individual fields in a record.
+ // The value used to separate individual fields in a record. You can specify
+ // an arbitrary delimiter.
FieldDelimiter *string `type:"string"`
- // The value used for escaping where the field delimiter is part of the value.
+ // A single character used for escaping when the field delimiter is part of
+ // the value. For example, if the value is a, b, Amazon S3 wraps this field
+ // value in quotation marks, as follows: " a , b ".
QuoteCharacter *string `type:"string"`
- // Th single character used for escaping the quote character inside an already
+ // The single character used for escaping the quote character inside an already
// escaped value.
QuoteEscapeCharacter *string `type:"string"`
- // Indicates whether or not all output fields should be quoted.
+ // Indicates whether to use quotation marks around output fields.
+ //
+ // * ALWAYS: Always use quotation marks for output fields.
+ //
+ // * ASNEEDED: Use quotation marks for output fields when needed.
QuoteFields *string `type:"string" enum:"QuoteFields"`
- // The value used to separate individual records.
+ // A single character used to separate individual records in the output. Instead
+ // of the default value, you can specify an arbitrary delimiter.
RecordDelimiter *string `type:"string"`
}
@@ -8002,9 +11106,12 @@ func (s *CSVOutput) SetRecordDelimiter(v string) *CSVOutput {
return s
}
+// Container for specifying the AWS Lambda notification configuration.
type CloudFunctionConfiguration struct {
_ struct{} `type:"structure"`
+ // Lambda cloud function ARN that Amazon S3 can invoke when it detects events
+ // of the specified type.
CloudFunction *string `type:"string"`
// The bucket event for which to send notifications.
@@ -8012,12 +11119,14 @@ type CloudFunctionConfiguration struct {
// Deprecated: Event has been deprecated
Event *string `deprecated:"true" type:"string" enum:"Event"`
+ // Bucket events for which to send notifications.
Events []*string `locationName:"Event" type:"list" flattened:"true"`
// An optional unique identifier for configurations in a notification configuration.
// If you don't provide one, Amazon S3 will assign an ID.
Id *string `type:"string"`
+ // The role supporting the invocation of the Lambda function
InvocationRole *string `type:"string"`
}
@@ -8061,9 +11170,15 @@ func (s *CloudFunctionConfiguration) SetInvocationRole(v string) *CloudFunctionC
return s
}
+// Container for all (if there are any) keys between Prefix and the next occurrence
+// of the string specified by a delimiter. CommonPrefixes lists keys that act
+// like subdirectories in the directory specified by Prefix. For example, if
+// the prefix is notes/ and the delimiter is a slash (/) as in notes/summer/july,
+// the common prefix is notes/summer/.
type CommonPrefix struct {
_ struct{} `type:"structure"`
+ // Container for the specified common prefix.
Prefix *string `type:"string"`
}
@@ -8086,20 +11201,28 @@ func (s *CommonPrefix) SetPrefix(v string) *CommonPrefix {
type CompleteMultipartUploadInput struct {
_ struct{} `locationName:"CompleteMultipartUploadRequest" type:"structure" payload:"MultipartUpload"`
+ // Name of the bucket to which the multipart upload was initiated.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Object key for which the multipart upload was initiated.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+ // The container for the multipart upload request information.
MultipartUpload *CompletedMultipartUpload `locationName:"CompleteMultipartUpload" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
+ // ID for the initiated multipart upload.
+ //
// UploadId is a required field
UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
}
@@ -8176,35 +11299,61 @@ func (s *CompleteMultipartUploadInput) SetUploadId(v string) *CompleteMultipartU
return s
}
+func (s *CompleteMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *CompleteMultipartUploadInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type CompleteMultipartUploadOutput struct {
_ struct{} `type:"structure"`
+ // The name of the bucket that contains the newly created object.
Bucket *string `type:"string"`
- // Entity tag of the object.
+ // Entity tag that identifies the newly created object's data. Objects with
+ // different object data will have different entity tags. The entity tag is
+ // an opaque string. The entity tag may or may not be an MD5 digest of the object
+ // data. If the entity tag is not an MD5 digest of the object data, it will
+ // contain one or more nonhexadecimal characters and/or will consist of less
+ // than 32 or more than 32 hexadecimal digits.
ETag *string `type:"string"`
// If the object expiration is configured, this will contain the expiration
// date (expiry-date) and rule ID (rule-id). The value of rule-id is URL encoded.
Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
+ // The object key of the newly created object.
Key *string `min:"1" type:"string"`
+ // The URI that identifies the newly created object.
Location *string `type:"string"`
// If present, indicates that the requester was successfully charged for the
// request.
RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
- // If present, specifies the ID of the AWS Key Management Service (KMS) master
- // encryption key that was used for the object.
+ // If present, specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetric customer managed customer master key (CMK) that was used for the
+ // object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // If you specified server-side encryption either with an Amazon S3-managed
+ // encryption key or an AWS KMS customer master key (CMK) in your initiate multipart
+ // upload request, the response includes this header. It confirms the encryption
+ // algorithm that Amazon S3 used to encrypt the object.
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
- // Version of the object.
+ // Version ID of the newly created object, in case the bucket has versioning
+ // turned on.
VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
}
@@ -8279,9 +11428,11 @@ func (s *CompleteMultipartUploadOutput) SetVersionId(v string) *CompleteMultipar
return s
}
+// The container for the completed multipart upload details.
type CompletedMultipartUpload struct {
_ struct{} `type:"structure"`
+ // Array of CompletedPart data types.
Parts []*CompletedPart `locationName:"Part" type:"list" flattened:"true"`
}
@@ -8301,6 +11452,7 @@ func (s *CompletedMultipartUpload) SetParts(v []*CompletedPart) *CompletedMultip
return s
}
+// Details of the parts that were uploaded.
type CompletedPart struct {
_ struct{} `type:"structure"`
@@ -8334,7 +11486,10 @@ func (s *CompletedPart) SetPartNumber(v int64) *CompletedPart {
return s
}
-// Specifies a condition that must be met for a redirect to apply.
+// A container for describing a condition that must be met for the specified
+// redirect to apply. For example, 1. If request is for pages in the /docs folder,
+// redirect to the /documents folder. 2. If request results in HTTP error 4xx,
+// redirect request to another host where you might process the error.
type Condition struct {
_ struct{} `type:"structure"`
@@ -8403,12 +11558,19 @@ func (s *ContinuationEvent) UnmarshalEvent(
return nil
}
+func (s *ContinuationEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+ msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+ return msg, err
+}
+
type CopyObjectInput struct {
_ struct{} `locationName:"CopyObjectRequest" type:"structure"`
// The canned ACL to apply to the object.
ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
+ // The name of the destination bucket.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -8448,7 +11610,8 @@ type CopyObjectInput struct {
// Copies the object if it hasn't been modified since the specified time.
CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"`
- // Specifies the algorithm to use when decrypting the source object (e.g., AES256).
+ // Specifies the algorithm to use when decrypting the source object (for example,
+ // AES256).
CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
@@ -8457,8 +11620,8 @@ type CopyObjectInput struct {
CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"`
// The date and time at which the object is no longer cacheable.
@@ -8476,6 +11639,8 @@ type CopyObjectInput struct {
// Allows grantee to write the ACL for the applicable object.
GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+ // The key of the destination object.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@@ -8489,31 +11654,33 @@ type CopyObjectInput struct {
// Specifies whether you want to apply a Legal Hold to the copied object.
ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
- // The object lock mode that you want to apply to the copied object.
+ // The Object Lock mode that you want to apply to the copied object.
ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
- // The date and time when you want the copied object's object lock to expire.
+ // The date and time when you want the copied object's Object Lock to expire.
ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
- // Specifies the algorithm to use to when encrypting the object (e.g., AES256).
+ // Specifies the algorithm to use to when encrypting the object (for example,
+ // AES256).
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
// data. This value is used to store the object and then it is discarded; Amazon
- // does not store the encryption key. The key must be appropriate for use with
- // the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+ // S3 does not store the encryption key. The key must be appropriate for use
+ // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
// header.
SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// Specifies the AWS KMS Encryption Context to use for object encryption. The
@@ -8523,12 +11690,14 @@ type CopyObjectInput struct {
// Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
// requests for an object protected by AWS KMS will fail if not made via SSL
- // or using SigV4. Documentation on configuring any of the officially supported
- // AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
+ // or using SigV4. For information about configuring using any of the officially
+ // supported AWS SDKs and AWS CLI, see Specifying the Signature Version in Request
+ // Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+ // in the Amazon S3 Developer Guide.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // The server-side encryption algorithm used when storing this object in Amazon
+ // S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
// The type of storage to use for the object. Defaults to 'STANDARD'.
@@ -8536,7 +11705,7 @@ type CopyObjectInput struct {
// The tag-set for the object destination object this value must be used in
// conjunction with the TaggingDirective. The tag-set must be encoded as URL
- // Query parameters
+ // Query parameters.
Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
// Specifies whether the object tag-set are copied from the source object or
@@ -8827,11 +11996,27 @@ func (s *CopyObjectInput) SetWebsiteRedirectLocation(v string) *CopyObjectInput
return s
}
+func (s *CopyObjectInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *CopyObjectInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type CopyObjectOutput struct {
_ struct{} `type:"structure" payload:"CopyObjectResult"`
+ // Container for all response elements.
CopyObjectResult *CopyObjectResult `type:"structure"`
+ // Version of the copied object in the destination bucket.
CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"`
// If the object expiration is configured, the response includes this header.
@@ -8847,7 +12032,7 @@ type CopyObjectOutput struct {
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// If server-side encryption with a customer-provided encryption key was requested,
- // the response will include this header to provide round trip message integrity
+ // the response will include this header to provide round-trip message integrity
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
@@ -8856,12 +12041,13 @@ type CopyObjectOutput struct {
// the encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // If present, specifies the ID of the AWS Key Management Service (KMS) master
- // encryption key that was used for the object.
+ // If present, specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetric customer managed customer master key (CMK) that was used for the
+ // object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // The server-side encryption algorithm used when storing this object in Amazon
+ // S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
// Version ID of the newly created copy.
@@ -8938,11 +12124,16 @@ func (s *CopyObjectOutput) SetVersionId(v string) *CopyObjectOutput {
return s
}
+// Container for all response elements.
type CopyObjectResult struct {
_ struct{} `type:"structure"`
+ // Returns the ETag of the new object. The ETag reflects only changes to the
+ // contents of an object, not its metadata. The source and destination ETag
+ // is identical for a successfully copied object.
ETag *string `type:"string"`
+ // Returns the date that the object was last modified.
LastModified *time.Time `type:"timestamp"`
}
@@ -8968,6 +12159,7 @@ func (s *CopyObjectResult) SetLastModified(v time.Time) *CopyObjectResult {
return s
}
+// Container for all response elements.
type CopyPartResult struct {
_ struct{} `type:"structure"`
@@ -9000,11 +12192,12 @@ func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult {
return s
}
+// The configuration information for the bucket.
type CreateBucketConfiguration struct {
_ struct{} `type:"structure"`
- // Specifies the region where the bucket will be created. If you don't specify
- // a region, the bucket is created in US East (N. Virginia) Region (us-east-1).
+ // Specifies the Region where the bucket will be created. If you don't specify
+ // a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1).
LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"`
}
@@ -9030,9 +12223,12 @@ type CreateBucketInput struct {
// The canned ACL to apply to the bucket.
ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"`
+ // The name of the bucket to create.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // The configuration information for the bucket.
CreateBucketConfiguration *CreateBucketConfiguration `locationName:"CreateBucketConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
// Allows grantee the read, write, read ACP, and write ACP permissions on the
@@ -9051,8 +12247,7 @@ type CreateBucketInput struct {
// Allows grantee to write the ACL for the applicable bucket.
GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
- // Specifies whether you want Amazon S3 object lock to be enabled for the new
- // bucket.
+ // Specifies whether you want S3 Object Lock to be enabled for the new bucket.
ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"`
}
@@ -9146,6 +12341,9 @@ func (s *CreateBucketInput) SetObjectLockEnabledForBucket(v bool) *CreateBucketI
type CreateBucketOutput struct {
_ struct{} `type:"structure"`
+ // Specifies the Region where the bucket will be created. If you are creating
+ // a bucket on the US East (N. Virginia) Region (us-east-1), you do not need
+ // to specify the location.
Location *string `location:"header" locationName:"Location" type:"string"`
}
@@ -9171,6 +12369,8 @@ type CreateMultipartUploadInput struct {
// The canned ACL to apply to the object.
ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
+ // The name of the bucket to which to initiate the upload
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -9206,6 +12406,8 @@ type CreateMultipartUploadInput struct {
// Allows grantee to write the ACL for the applicable object.
GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+ // Object key for which the multipart upload is to be initiated.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@@ -9215,31 +12417,33 @@ type CreateMultipartUploadInput struct {
// Specifies whether you want to apply a Legal Hold to the uploaded object.
ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
- // Specifies the object lock mode that you want to apply to the uploaded object.
+ // Specifies the Object Lock mode that you want to apply to the uploaded object.
ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
- // Specifies the date and time when you want the object lock to expire.
+ // Specifies the date and time when you want the Object Lock to expire.
ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
- // Specifies the algorithm to use to when encrypting the object (e.g., AES256).
+ // Specifies the algorithm to use to when encrypting the object (for example,
+ // AES256).
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
// data. This value is used to store the object and then it is discarded; Amazon
- // does not store the encryption key. The key must be appropriate for use with
- // the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+ // S3 does not store the encryption key. The key must be appropriate for use
+ // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
// header.
SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// Specifies the AWS KMS Encryption Context to use for object encryption. The
@@ -9247,20 +12451,22 @@ type CreateMultipartUploadInput struct {
// encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
- // requests for an object protected by AWS KMS will fail if not made via SSL
- // or using SigV4. Documentation on configuring any of the officially supported
- // AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
+ // Specifies the ID of the symmetric customer managed AWS KMS CMK to use for
+ // object encryption. All GET and PUT requests for an object protected by AWS
+ // KMS will fail if not made via SSL or using SigV4. For information about configuring
+ // using any of the officially supported AWS SDKs and AWS CLI, see Specifying
+ // the Signature Version in Request Authentication (https://docs.aws.amazon.com/http:/docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version)
+ // in the Amazon S3 Developer Guide.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // The server-side encryption algorithm used when storing this object in Amazon
+ // S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
// The type of storage to use for the object. Defaults to 'STANDARD'.
StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
- // The tag-set for the object. The tag-set must be encoded as URL Query parameters
+ // The tag-set for the object. The tag-set must be encoded as URL Query parameters.
Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"`
// If the bucket is configured as a website, redirects requests for this object
@@ -9477,17 +12683,47 @@ func (s *CreateMultipartUploadInput) SetWebsiteRedirectLocation(v string) *Creat
return s
}
+func (s *CreateMultipartUploadInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *CreateMultipartUploadInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type CreateMultipartUploadOutput struct {
_ struct{} `type:"structure"`
- // Date when multipart upload will become eligible for abort operation by lifecycle.
+ // If the bucket has a lifecycle rule configured with an action to abort incomplete
+ // multipart uploads and the prefix in the lifecycle rule matches the object
+ // name in the request, the response includes this header. The header indicates
+ // when the initiated multipart upload becomes eligible for an abort operation.
+ // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+ // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
+ //
+ // The response also includes the x-amz-abort-rule-id header that provides the
+ // ID of the lifecycle configuration rule that defines this action.
AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"`
- // Id of the lifecycle rule that makes a multipart upload eligible for abort
- // operation.
+ // This header is returned along with the x-amz-abort-date header. It identifies
+ // the applicable lifecycle configuration rule that defines the action to abort
+ // incomplete multipart uploads.
AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"`
// Name of the bucket to which the multipart upload was initiated.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
Bucket *string `locationName:"Bucket" type:"string"`
// Object key for which the multipart upload was initiated.
@@ -9503,7 +12739,7 @@ type CreateMultipartUploadOutput struct {
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// If server-side encryption with a customer-provided encryption key was requested,
- // the response will include this header to provide round trip message integrity
+ // the response will include this header to provide round-trip message integrity
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
@@ -9512,12 +12748,13 @@ type CreateMultipartUploadOutput struct {
// the encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // If present, specifies the ID of the AWS Key Management Service (KMS) master
- // encryption key that was used for the object.
+ // If present, specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetric customer managed customer master key (CMK) that was used for the
+ // object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // The server-side encryption algorithm used when storing this object in Amazon
+ // S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
// ID for the initiated multipart upload.
@@ -9607,7 +12844,7 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo
return s
}
-// The container element for specifying the default object lock retention settings
+// The container element for specifying the default Object Lock retention settings
// for new objects placed in the specified bucket.
type DefaultRetention struct {
_ struct{} `type:"structure"`
@@ -9615,7 +12852,7 @@ type DefaultRetention struct {
// The number of days that you want to specify for the default retention period.
Days *int64 `type:"integer"`
- // The default object lock retention mode you want to apply to new objects placed
+ // The default Object Lock retention mode you want to apply to new objects placed
// in the specified bucket.
Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
@@ -9651,9 +12888,12 @@ func (s *DefaultRetention) SetYears(v int64) *DefaultRetention {
return s
}
+// Container for the objects to delete.
type Delete struct {
_ struct{} `type:"structure"`
+ // The objects to delete.
+ //
// Objects is a required field
Objects []*ObjectIdentifier `locationName:"Object" type:"list" flattened:"true" required:"true"`
@@ -9769,6 +13009,20 @@ func (s *DeleteBucketAnalyticsConfigurationInput) SetId(v string) *DeleteBucketA
return s
}
+func (s *DeleteBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketAnalyticsConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -9786,6 +13040,8 @@ func (s DeleteBucketAnalyticsConfigurationOutput) GoString() string {
type DeleteBucketCorsInput struct {
_ struct{} `locationName:"DeleteBucketCorsRequest" type:"structure"`
+ // Specifies the bucket whose cors configuration is being deleted.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -9829,6 +13085,20 @@ func (s *DeleteBucketCorsInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *DeleteBucketCorsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketCorsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketCorsOutput struct {
_ struct{} `type:"structure"`
}
@@ -9892,6 +13162,20 @@ func (s *DeleteBucketEncryptionInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *DeleteBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketEncryptionInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketEncryptionOutput struct {
_ struct{} `type:"structure"`
}
@@ -9909,6 +13193,8 @@ func (s DeleteBucketEncryptionOutput) GoString() string {
type DeleteBucketInput struct {
_ struct{} `locationName:"DeleteBucketRequest" type:"structure"`
+ // Specifies the bucket being deleted.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -9952,11 +13238,25 @@ func (s *DeleteBucketInput) getBucket() (v string) {
return *s.Bucket
}
-type DeleteBucketInventoryConfigurationInput struct {
- _ struct{} `locationName:"DeleteBucketInventoryConfigurationRequest" type:"structure"`
+func (s *DeleteBucketInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
- // The name of the bucket containing the inventory configuration to delete.
- //
+func (s *DeleteBucketInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
+type DeleteBucketInventoryConfigurationInput struct {
+ _ struct{} `locationName:"DeleteBucketInventoryConfigurationRequest" type:"structure"`
+
+ // The name of the bucket containing the inventory configuration to delete.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -10014,6 +13314,20 @@ func (s *DeleteBucketInventoryConfigurationInput) SetId(v string) *DeleteBucketI
return s
}
+func (s *DeleteBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketInventoryConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketInventoryConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -10031,6 +13345,8 @@ func (s DeleteBucketInventoryConfigurationOutput) GoString() string {
type DeleteBucketLifecycleInput struct {
_ struct{} `locationName:"DeleteBucketLifecycleRequest" type:"structure"`
+ // The bucket name of the lifecycle to delete.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -10074,6 +13390,20 @@ func (s *DeleteBucketLifecycleInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *DeleteBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketLifecycleInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketLifecycleOutput struct {
_ struct{} `type:"structure"`
}
@@ -10150,6 +13480,20 @@ func (s *DeleteBucketMetricsConfigurationInput) SetId(v string) *DeleteBucketMet
return s
}
+func (s *DeleteBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketMetricsConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketMetricsConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -10181,6 +13525,8 @@ func (s DeleteBucketOutput) GoString() string {
type DeleteBucketPolicyInput struct {
_ struct{} `locationName:"DeleteBucketPolicyRequest" type:"structure"`
+ // The bucket name.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -10224,6 +13570,20 @@ func (s *DeleteBucketPolicyInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *DeleteBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketPolicyInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketPolicyOutput struct {
_ struct{} `type:"structure"`
}
@@ -10243,9 +13603,6 @@ type DeleteBucketReplicationInput struct {
// The bucket name.
//
- // It can take a while to propagate the deletion of a replication configuration
- // to all Amazon S3 systems.
- //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -10289,6 +13646,20 @@ func (s *DeleteBucketReplicationInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *DeleteBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketReplicationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketReplicationOutput struct {
_ struct{} `type:"structure"`
}
@@ -10306,6 +13677,8 @@ func (s DeleteBucketReplicationOutput) GoString() string {
type DeleteBucketTaggingInput struct {
_ struct{} `locationName:"DeleteBucketTaggingRequest" type:"structure"`
+ // The bucket that has the tag set to be removed.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -10349,6 +13722,20 @@ func (s *DeleteBucketTaggingInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *DeleteBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketTaggingInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketTaggingOutput struct {
_ struct{} `type:"structure"`
}
@@ -10366,6 +13753,8 @@ func (s DeleteBucketTaggingOutput) GoString() string {
type DeleteBucketWebsiteInput struct {
_ struct{} `locationName:"DeleteBucketWebsiteRequest" type:"structure"`
+ // The bucket name for which you want to remove the website configuration.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -10409,6 +13798,20 @@ func (s *DeleteBucketWebsiteInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *DeleteBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteBucketWebsiteInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteBucketWebsiteOutput struct {
_ struct{} `type:"structure"`
}
@@ -10423,6 +13826,7 @@ func (s DeleteBucketWebsiteOutput) GoString() string {
return s.String()
}
+// Information about the delete marker.
type DeleteMarkerEntry struct {
_ struct{} `type:"structure"`
@@ -10436,6 +13840,7 @@ type DeleteMarkerEntry struct {
// Date and time the object was last modified.
LastModified *time.Time `type:"timestamp"`
+ // The account that created the delete marker.>
Owner *Owner `type:"structure"`
// Version ID of an object.
@@ -10482,11 +13887,21 @@ func (s *DeleteMarkerEntry) SetVersionId(v string) *DeleteMarkerEntry {
return s
}
-// Specifies whether Amazon S3 should replicate delete makers.
+// Specifies whether Amazon S3 replicates the delete markers. If you specify
+// a Filter, you must specify this element. However, in the latest version of
+// replication configuration (when Filter is specified), Amazon S3 doesn't replicate
+// delete markers. Therefore, the DeleteMarkerReplication element can contain
+// only Disabled. For an example configuration, see Basic Rule
+// Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
+//
+// If you don't specify the Filter element, Amazon S3 assumes that the replication
+// configuration is the earlier version, V1. In the earlier version, Amazon
+// S3 handled replication of delete markers differently. For more information,
+// see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
type DeleteMarkerReplication struct {
_ struct{} `type:"structure"`
- // The status of the delete marker replication.
+ // Indicates whether to replicate delete markers.
//
// In the current implementation, Amazon S3 doesn't replicate the delete markers.
// The status must be Disabled.
@@ -10512,24 +13927,38 @@ func (s *DeleteMarkerReplication) SetStatus(v string) *DeleteMarkerReplication {
type DeleteObjectInput struct {
_ struct{} `locationName:"DeleteObjectRequest" type:"structure"`
+ // The bucket name of the bucket containing the object.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
- // Indicates whether Amazon S3 object lock should bypass governance-mode restrictions
+ // Indicates whether S3 Object Lock should bypass Governance-mode restrictions
// to process this operation.
BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
+ // Key name of the object to delete.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
// The concatenation of the authentication device's serial number, a space,
- // and the value that is displayed on your authentication device.
+ // and the value that is displayed on your authentication device. Required to
+ // permanently delete a versioned object if versioning is configured with MFA
+ // delete enabled.
MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// VersionId used to reference a specific version of the object.
@@ -10611,6 +14040,20 @@ func (s *DeleteObjectInput) SetVersionId(v string) *DeleteObjectInput {
return s
}
+func (s *DeleteObjectInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteObjectInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteObjectOutput struct {
_ struct{} `type:"structure"`
@@ -10658,9 +14101,20 @@ func (s *DeleteObjectOutput) SetVersionId(v string) *DeleteObjectOutput {
type DeleteObjectTaggingInput struct {
_ struct{} `locationName:"DeleteObjectTaggingRequest" type:"structure"`
+ // The bucket name containing the objects from which to remove the tags.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Name of the tag.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@@ -10725,6 +14179,20 @@ func (s *DeleteObjectTaggingInput) SetVersionId(v string) *DeleteObjectTaggingIn
return s
}
+func (s *DeleteObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteObjectTaggingInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteObjectTaggingOutput struct {
_ struct{} `type:"structure"`
@@ -10751,25 +14219,39 @@ func (s *DeleteObjectTaggingOutput) SetVersionId(v string) *DeleteObjectTaggingO
type DeleteObjectsInput struct {
_ struct{} `locationName:"DeleteObjectsRequest" type:"structure" payload:"Delete"`
+ // The bucket name containing the objects to delete.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
// Specifies whether you want to delete this object even if it has a Governance-type
- // object lock in place. You must have sufficient permissions to perform this
+ // Object Lock in place. You must have sufficient permissions to perform this
// operation.
BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
+ // Container for the request.
+ //
// Delete is a required field
Delete *Delete `locationName:"Delete" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
// The concatenation of the authentication device's serial number, a space,
- // and the value that is displayed on your authentication device.
+ // and the value that is displayed on your authentication device. Required to
+ // permanently delete a versioned object if versioning is configured with MFA
+ // delete enabled.
MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
}
@@ -10844,11 +14326,29 @@ func (s *DeleteObjectsInput) SetRequestPayer(v string) *DeleteObjectsInput {
return s
}
+func (s *DeleteObjectsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeleteObjectsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeleteObjectsOutput struct {
_ struct{} `type:"structure"`
+ // Container element for a successful delete. It identifies the object that
+ // was successfully deleted.
Deleted []*DeletedObject `type:"list" flattened:"true"`
+ // Container for a failed delete operation that describes the object that Amazon
+ // S3 attempted to delete and the error it encountered.
Errors []*Error `locationName:"Error" type:"list" flattened:"true"`
// If present, indicates that the requester was successfully charged for the
@@ -10932,6 +14432,20 @@ func (s *DeletePublicAccessBlockInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *DeletePublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *DeletePublicAccessBlockInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type DeletePublicAccessBlockOutput struct {
_ struct{} `type:"structure"`
}
@@ -10946,15 +14460,24 @@ func (s DeletePublicAccessBlockOutput) GoString() string {
return s.String()
}
+// Information about the deleted object.
type DeletedObject struct {
_ struct{} `type:"structure"`
+ // Specifies whether the versioned object that was permanently deleted was (true)
+ // or was not (false) a delete marker. In a simple DELETE, this header indicates
+ // whether (true) or not (false) a delete marker was created.
DeleteMarker *bool `type:"boolean"`
+ // The version ID of the delete marker created as a result of the DELETE operation.
+ // If you delete a specific object version, the value returned by this header
+ // is the version ID of the object version deleted.
DeleteMarkerVersionId *string `type:"string"`
+ // The name of the deleted object.
Key *string `min:"1" type:"string"`
+ // The version ID of the deleted object.
VersionId *string `type:"string"`
}
@@ -10993,7 +14516,7 @@ func (s *DeletedObject) SetVersionId(v string) *DeletedObject {
}
// Specifies information about where to publish analysis or configuration results
-// for an Amazon S3 bucket.
+// for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).
type Destination struct {
_ struct{} `type:"structure"`
@@ -11008,17 +14531,12 @@ type Destination struct {
// direct Amazon S3 to change replica ownership to the AWS account that owns
// the destination bucket by specifying the AccessControlTranslation property,
// this is the account ID of the destination bucket owner. For more information,
- // see Cross-Region Replication Additional Configuration: Change Replica Owner
- // (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-change-owner.html) in
- // the Amazon Simple Storage Service Developer Guide.
+ // see Replication Additional Configuration: Changing the Replica Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html)
+ // in the Amazon Simple Storage Service Developer Guide.
Account *string `type:"string"`
// The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to
- // store replicas of the object identified by the rule.
- //
- // A replication configuration can replicate objects to only one destination
- // bucket. If there are multiple rules in your replication configuration, all
- // rules must specify the same destination bucket.
+ // store the results.
//
// Bucket is a required field
Bucket *string `type:"string" required:"true"`
@@ -11027,9 +14545,19 @@ type Destination struct {
// is specified, you must specify this element.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
- // The storage class to use when replicating objects, such as standard or reduced
- // redundancy. By default, Amazon S3 uses the storage class of the source object
- // to create the object replica.
+ // A container specifying replication metrics-related settings enabling metrics
+ // and Amazon S3 events for S3 Replication Time Control (S3 RTC). Must be specified
+ // together with a ReplicationTime block.
+ Metrics *Metrics `type:"structure"`
+
+ // A container specifying S3 Replication Time Control (S3 RTC), including whether
+ // S3 RTC is enabled and the time when all objects and operations on objects
+ // must be replicated. Must be specified together with a Metrics block.
+ ReplicationTime *ReplicationTime `type:"structure"`
+
+ // The storage class to use when replicating objects, such as S3 Standard or
+ // reduced redundancy. By default, Amazon S3 uses the storage class of the source
+ // object to create the object replica.
//
// For valid values, see the StorageClass element of the PUT Bucket replication
// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
@@ -11058,6 +14586,16 @@ func (s *Destination) Validate() error {
invalidParams.AddNested("AccessControlTranslation", err.(request.ErrInvalidParams))
}
}
+ if s.Metrics != nil {
+ if err := s.Metrics.Validate(); err != nil {
+ invalidParams.AddNested("Metrics", err.(request.ErrInvalidParams))
+ }
+ }
+ if s.ReplicationTime != nil {
+ if err := s.ReplicationTime.Validate(); err != nil {
+ invalidParams.AddNested("ReplicationTime", err.(request.ErrInvalidParams))
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -11096,19 +14634,30 @@ func (s *Destination) SetEncryptionConfiguration(v *EncryptionConfiguration) *De
return s
}
+// SetMetrics sets the Metrics field's value.
+func (s *Destination) SetMetrics(v *Metrics) *Destination {
+ s.Metrics = v
+ return s
+}
+
+// SetReplicationTime sets the ReplicationTime field's value.
+func (s *Destination) SetReplicationTime(v *ReplicationTime) *Destination {
+ s.ReplicationTime = v
+ return s
+}
+
// SetStorageClass sets the StorageClass field's value.
func (s *Destination) SetStorageClass(v string) *Destination {
s.StorageClass = &v
return s
}
-// Describes the server-side encryption that will be applied to the restore
-// results.
+// Contains the type of server-side encryption used.
type Encryption struct {
_ struct{} `type:"structure"`
// The server-side encryption algorithm used when storing job results in Amazon
- // S3 (e.g., AES256, aws:kms).
+ // S3 (for example, AES256, aws:kms).
//
// EncryptionType is a required field
EncryptionType *string `type:"string" required:"true" enum:"ServerSideEncryption"`
@@ -11117,8 +14666,11 @@ type Encryption struct {
// the encryption context for the restore results.
KMSContext *string `type:"string"`
- // If the encryption type is aws:kms, this optional value specifies the AWS
- // KMS key ID to use for encryption of job results.
+ // If the encryption type is aws:kms, this optional value specifies the ID of
+ // the symmetric customer managed AWS KMS CMK to use for encryption of job results.
+ // Amazon S3 only supports symmetric CMKs. For more information, see Using Symmetric
+ // and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+ // in the AWS Key Management Service Developer Guide.
KMSKeyId *string `type:"string" sensitive:"true"`
}
@@ -11168,8 +14720,12 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption {
type EncryptionConfiguration struct {
_ struct{} `type:"structure"`
- // Specifies the AWS KMS Key ID (Key ARN or Alias ARN) for the destination bucket.
- // Amazon S3 uses this key to encrypt replica objects.
+ // Specifies the ID (Key ARN or Alias ARN) of the customer managed customer
+ // master key (CMK) stored in AWS Key Management Service (KMS) for the destination
+ // bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only
+ // supports symmetric customer managed CMKs. For more information, see Using
+ // Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+ // in the AWS Key Management Service Developer Guide.
ReplicaKmsKeyID *string `type:"string"`
}
@@ -11189,6 +14745,9 @@ func (s *EncryptionConfiguration) SetReplicaKmsKeyID(v string) *EncryptionConfig
return s
}
+// A message that indicates the request is complete and no more messages will
+// be sent. You should not assume that the request is complete until the client
+// receives an EndEvent.
type EndEvent struct {
_ struct{} `locationName:"EndEvent" type:"structure"`
}
@@ -11215,15 +14774,380 @@ func (s *EndEvent) UnmarshalEvent(
return nil
}
+func (s *EndEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+ msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+ return msg, err
+}
+
+// Container for all error elements.
type Error struct {
_ struct{} `type:"structure"`
+ // The error code is a string that uniquely identifies an error condition. It
+ // is meant to be read and understood by programs that detect and handle errors
+ // by type.
+ //
+ // Amazon S3 error codes
+ //
+ // * Code: AccessDenied Description: Access Denied HTTP Status Code: 403
+ // Forbidden SOAP Fault Code Prefix: Client
+ //
+ // * Code: AccountProblem Description: There is a problem with your AWS account
+ // that prevents the operation from completing successfully. Contact AWS
+ // Support for further assistance. HTTP Status Code: 403 Forbidden SOAP Fault
+ // Code Prefix: Client
+ //
+ // * Code: AllAccessDisabled Description: All access to this Amazon S3 resource
+ // has been disabled. Contact AWS Support for further assistance. HTTP Status
+ // Code: 403 Forbidden SOAP Fault Code Prefix: Client
+ //
+ // * Code: AmbiguousGrantByEmailAddress Description: The email address you
+ // provided is associated with more than one account. HTTP Status Code: 400
+ // Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: AuthorizationHeaderMalformed Description: The authorization header
+ // you provided is invalid. HTTP Status Code: 400 Bad Request HTTP Status
+ // Code: N/A
+ //
+ // * Code: BadDigest Description: The Content-MD5 you specified did not match
+ // what we received. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: BucketAlreadyExists Description: The requested bucket name is
+ // not available. The bucket namespace is shared by all users of the system.
+ // Please select a different name and try again. HTTP Status Code: 409 Conflict
+ // SOAP Fault Code Prefix: Client
+ //
+ // * Code: BucketAlreadyOwnedByYou Description: The bucket you tried to create
+ // already exists, and you own it. Amazon S3 returns this error in all AWS
+ // Regions except in the North Virginia Region. For legacy compatibility,
+ // if you re-create an existing bucket that you already own in the North
+ // Virginia Region, Amazon S3 returns 200 OK and resets the bucket access
+ // control lists (ACLs). Code: 409 Conflict (in all Regions except the North
+ // Virginia Region) SOAP Fault Code Prefix: Client
+ //
+ // * Code: BucketNotEmpty Description: The bucket you tried to delete is
+ // not empty. HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client
+ //
+ // * Code: CredentialsNotSupported Description: This request does not support
+ // credentials. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: CrossLocationLoggingProhibited Description: Cross-location logging
+ // not allowed. Buckets in one geographic location cannot log information
+ // to a bucket in another location. HTTP Status Code: 403 Forbidden SOAP
+ // Fault Code Prefix: Client
+ //
+ // * Code: EntityTooSmall Description: Your proposed upload is smaller than
+ // the minimum allowed object size. HTTP Status Code: 400 Bad Request SOAP
+ // Fault Code Prefix: Client
+ //
+ // * Code: EntityTooLarge Description: Your proposed upload exceeds the maximum
+ // allowed object size. HTTP Status Code: 400 Bad Request SOAP Fault Code
+ // Prefix: Client
+ //
+ // * Code: ExpiredToken Description: The provided token has expired. HTTP
+ // Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: IllegalVersioningConfigurationException Description: Indicates
+ // that the versioning configuration specified in the request is invalid.
+ // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: IncompleteBody Description: You did not provide the number of
+ // bytes specified by the Content-Length HTTP header HTTP Status Code: 400
+ // Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: IncorrectNumberOfFilesInPostRequest Description: POST requires
+ // exactly one file upload per request. HTTP Status Code: 400 Bad Request
+ // SOAP Fault Code Prefix: Client
+ //
+ // * Code: InlineDataTooLarge Description: Inline data exceeds the maximum
+ // allowed size. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: InternalError Description: We encountered an internal error. Please
+ // try again. HTTP Status Code: 500 Internal Server Error SOAP Fault Code
+ // Prefix: Server
+ //
+ // * Code: InvalidAccessKeyId Description: The AWS access key ID you provided
+ // does not exist in our records. HTTP Status Code: 403 Forbidden SOAP Fault
+ // Code Prefix: Client
+ //
+ // * Code: InvalidAddressingHeader Description: You must specify the Anonymous
+ // role. HTTP Status Code: N/A SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidArgument Description: Invalid Argument HTTP Status Code:
+ // 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidBucketName Description: The specified bucket is not valid.
+ // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidBucketState Description: The request is not valid with
+ // the current state of the bucket. HTTP Status Code: 409 Conflict SOAP Fault
+ // Code Prefix: Client
+ //
+ // * Code: InvalidDigest Description: The Content-MD5 you specified is not
+ // valid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidEncryptionAlgorithmError Description: The encryption request
+ // you specified is not valid. The valid value is AES256. HTTP Status Code:
+ // 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidLocationConstraint Description: The specified location
+ // constraint is not valid. For more information about Regions, see How to
+ // Select a Region for Your Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro).
+ // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidObjectState Description: The operation is not valid for
+ // the current state of the object. HTTP Status Code: 403 Forbidden SOAP
+ // Fault Code Prefix: Client
+ //
+ // * Code: InvalidPart Description: One or more of the specified parts could
+ // not be found. The part might not have been uploaded, or the specified
+ // entity tag might not have matched the part's entity tag. HTTP Status Code:
+ // 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidPartOrder Description: The list of parts was not in ascending
+ // order. Parts list must be specified in order by part number. HTTP Status
+ // Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidPayer Description: All access to this object has been disabled.
+ // Please contact AWS Support for further assistance. HTTP Status Code: 403
+ // Forbidden SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidPolicyDocument Description: The content of the form does
+ // not meet the conditions specified in the policy document. HTTP Status
+ // Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidRange Description: The requested range cannot be satisfied.
+ // HTTP Status Code: 416 Requested Range Not Satisfiable SOAP Fault Code
+ // Prefix: Client
+ //
+ // * Code: InvalidRequest Description: Please use AWS4-HMAC-SHA256. HTTP
+ // Status Code: 400 Bad Request Code: N/A
+ //
+ // * Code: InvalidRequest Description: SOAP requests must be made over an
+ // HTTPS connection. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
+ // not supported for buckets with non-DNS compliant names. HTTP Status Code:
+ // 400 Bad Request Code: N/A
+ //
+ // * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
+ // not supported for buckets with periods (.) in their names. HTTP Status
+ // Code: 400 Bad Request Code: N/A
+ //
+ // * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate endpoint
+ // only supports virtual style requests. HTTP Status Code: 400 Bad Request
+ // Code: N/A
+ //
+ // * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate is not
+ // configured on this bucket. HTTP Status Code: 400 Bad Request Code: N/A
+ //
+ // * Code: InvalidRequest Description: Amazon S3 Transfer Accelerate is disabled
+ // on this bucket. HTTP Status Code: 400 Bad Request Code: N/A
+ //
+ // * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is
+ // not supported on this bucket. Contact AWS Support for more information.
+ // HTTP Status Code: 400 Bad Request Code: N/A
+ //
+ // * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration cannot
+ // be enabled on this bucket. Contact AWS Support for more information. HTTP
+ // Status Code: 400 Bad Request Code: N/A
+ //
+ // * Code: InvalidSecurity Description: The provided security credentials
+ // are not valid. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: InvalidSOAPRequest Description: The SOAP request body is invalid.
+ // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidStorageClass Description: The storage class you specified
+ // is not valid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: InvalidTargetBucketForLogging Description: The target bucket for
+ // logging does not exist, is not owned by you, or does not have the appropriate
+ // grants for the log-delivery group. HTTP Status Code: 400 Bad Request SOAP
+ // Fault Code Prefix: Client
+ //
+ // * Code: InvalidToken Description: The provided token is malformed or otherwise
+ // invalid. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: InvalidURI Description: Couldn't parse the specified URI. HTTP
+ // Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: KeyTooLongError Description: Your key is too long. HTTP Status
+ // Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: MalformedACLError Description: The XML you provided was not well-formed
+ // or did not validate against our published schema. HTTP Status Code: 400
+ // Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: MalformedPOSTRequest Description: The body of your POST request
+ // is not well-formed multipart/form-data. HTTP Status Code: 400 Bad Request
+ // SOAP Fault Code Prefix: Client
+ //
+ // * Code: MalformedXML Description: This happens when the user sends malformed
+ // XML (XML that doesn't conform to the published XSD) for the configuration.
+ // The error message is, "The XML you provided was not well-formed or did
+ // not validate against our published schema." HTTP Status Code: 400 Bad
+ // Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: MaxMessageLengthExceeded Description: Your request was too big.
+ // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: MaxPostPreDataLengthExceededError Description: Your POST request
+ // fields preceding the upload file were too large. HTTP Status Code: 400
+ // Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: MetadataTooLarge Description: Your metadata headers exceed the
+ // maximum allowed metadata size. HTTP Status Code: 400 Bad Request SOAP
+ // Fault Code Prefix: Client
+ //
+ // * Code: MethodNotAllowed Description: The specified method is not allowed
+ // against this resource. HTTP Status Code: 405 Method Not Allowed SOAP Fault
+ // Code Prefix: Client
+ //
+ // * Code: MissingAttachment Description: A SOAP attachment was expected,
+ // but none were found. HTTP Status Code: N/A SOAP Fault Code Prefix: Client
+ //
+ // * Code: MissingContentLength Description: You must provide the Content-Length
+ // HTTP header. HTTP Status Code: 411 Length Required SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: MissingRequestBodyError Description: This happens when the user
+ // sends an empty XML document as a request. The error message is, "Request
+ // body is empty." HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: MissingSecurityElement Description: The SOAP 1.1 request is missing
+ // a security element. HTTP Status Code: 400 Bad Request SOAP Fault Code
+ // Prefix: Client
+ //
+ // * Code: MissingSecurityHeader Description: Your request is missing a required
+ // header. HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: NoLoggingStatusForKey Description: There is no such thing as a
+ // logging status subresource for a key. HTTP Status Code: 400 Bad Request
+ // SOAP Fault Code Prefix: Client
+ //
+ // * Code: NoSuchBucket Description: The specified bucket does not exist.
+ // HTTP Status Code: 404 Not Found SOAP Fault Code Prefix: Client
+ //
+ // * Code: NoSuchBucketPolicy Description: The specified bucket does not
+ // have a bucket policy. HTTP Status Code: 404 Not Found SOAP Fault Code
+ // Prefix: Client
+ //
+ // * Code: NoSuchKey Description: The specified key does not exist. HTTP
+ // Status Code: 404 Not Found SOAP Fault Code Prefix: Client
+ //
+ // * Code: NoSuchLifecycleConfiguration Description: The lifecycle configuration
+ // does not exist. HTTP Status Code: 404 Not Found SOAP Fault Code Prefix:
+ // Client
+ //
+ // * Code: NoSuchUpload Description: The specified multipart upload does
+ // not exist. The upload ID might be invalid, or the multipart upload might
+ // have been aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault
+ // Code Prefix: Client
+ //
+ // * Code: NoSuchVersion Description: Indicates that the version ID specified
+ // in the request does not match an existing version. HTTP Status Code: 404
+ // Not Found SOAP Fault Code Prefix: Client
+ //
+ // * Code: NotImplemented Description: A header you provided implies functionality
+ // that is not implemented. HTTP Status Code: 501 Not Implemented SOAP Fault
+ // Code Prefix: Server
+ //
+ // * Code: NotSignedUp Description: Your account is not signed up for the
+ // Amazon S3 service. You must sign up before you can use Amazon S3. You
+ // can sign up at the following URL: https://aws.amazon.com/s3 HTTP Status
+ // Code: 403 Forbidden SOAP Fault Code Prefix: Client
+ //
+ // * Code: OperationAborted Description: A conflicting conditional operation
+ // is currently in progress against this resource. Try again. HTTP Status
+ // Code: 409 Conflict SOAP Fault Code Prefix: Client
+ //
+ // * Code: PermanentRedirect Description: The bucket you are attempting to
+ // access must be addressed using the specified endpoint. Send all future
+ // requests to this endpoint. HTTP Status Code: 301 Moved Permanently SOAP
+ // Fault Code Prefix: Client
+ //
+ // * Code: PreconditionFailed Description: At least one of the preconditions
+ // you specified did not hold. HTTP Status Code: 412 Precondition Failed
+ // SOAP Fault Code Prefix: Client
+ //
+ // * Code: Redirect Description: Temporary redirect. HTTP Status Code: 307
+ // Moved Temporarily SOAP Fault Code Prefix: Client
+ //
+ // * Code: RestoreAlreadyInProgress Description: Object restore is already
+ // in progress. HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client
+ //
+ // * Code: RequestIsNotMultiPartContent Description: Bucket POST must be
+ // of the enclosure-type multipart/form-data. HTTP Status Code: 400 Bad Request
+ // SOAP Fault Code Prefix: Client
+ //
+ // * Code: RequestTimeout Description: Your socket connection to the server
+ // was not read from or written to within the timeout period. HTTP Status
+ // Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: RequestTimeTooSkewed Description: The difference between the request
+ // time and the server's time is too large. HTTP Status Code: 403 Forbidden
+ // SOAP Fault Code Prefix: Client
+ //
+ // * Code: RequestTorrentOfBucketError Description: Requesting the torrent
+ // file of a bucket is not permitted. HTTP Status Code: 400 Bad Request SOAP
+ // Fault Code Prefix: Client
+ //
+ // * Code: SignatureDoesNotMatch Description: The request signature we calculated
+ // does not match the signature you provided. Check your AWS secret access
+ // key and signing method. For more information, see REST Authentication
+ // (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html)
+ // and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html)
+ // for details. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client
+ //
+ // * Code: ServiceUnavailable Description: Reduce your request rate. HTTP
+ // Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server
+ //
+ // * Code: SlowDown Description: Reduce your request rate. HTTP Status Code:
+ // 503 Slow Down SOAP Fault Code Prefix: Server
+ //
+ // * Code: TemporaryRedirect Description: You are being redirected to the
+ // bucket while DNS updates. HTTP Status Code: 307 Moved Temporarily SOAP
+ // Fault Code Prefix: Client
+ //
+ // * Code: TokenRefreshRequired Description: The provided token must be refreshed.
+ // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: TooManyBuckets Description: You have attempted to create more
+ // buckets than allowed. HTTP Status Code: 400 Bad Request SOAP Fault Code
+ // Prefix: Client
+ //
+ // * Code: UnexpectedContent Description: This request does not support content.
+ // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: UnresolvableGrantByEmailAddress Description: The email address
+ // you provided does not match any account on record. HTTP Status Code: 400
+ // Bad Request SOAP Fault Code Prefix: Client
+ //
+ // * Code: UserKeyMustBeSpecified Description: The bucket POST must contain
+ // the specified field name. If it is specified, check the order of the fields.
+ // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client
Code *string `type:"string"`
+ // The error key.
Key *string `min:"1" type:"string"`
+ // The error message contains a generic description of the error condition in
+ // English. It is intended for a human audience. Simple programs display the
+ // message directly to the end user if they encounter an error condition they
+ // don't know how or don't care to handle. Sophisticated programs with more
+ // exhaustive error handling and proper internationalization are more likely
+ // to ignore the error message.
Message *string `type:"string"`
+ // The version ID of the error.
VersionId *string `type:"string"`
}
@@ -11261,33 +15185,73 @@ func (s *Error) SetVersionId(v string) *Error {
return s
}
-type ErrorDocument struct {
+// The error information.
+type ErrorDocument struct {
+ _ struct{} `type:"structure"`
+
+ // The object key name to use when a 4XX class error occurs.
+ //
+ // Key is a required field
+ Key *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s ErrorDocument) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ErrorDocument) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ErrorDocument) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ErrorDocument"}
+ if s.Key == nil {
+ invalidParams.Add(request.NewErrParamRequired("Key"))
+ }
+ if s.Key != nil && len(*s.Key) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *ErrorDocument) SetKey(v string) *ErrorDocument {
+ s.Key = &v
+ return s
+}
+
+// Optional configuration to replicate existing source bucket objects. For more
+// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
+// in the Amazon S3 Developer Guide.
+type ExistingObjectReplication struct {
_ struct{} `type:"structure"`
- // The object key name to use when a 4XX class error occurs.
- //
- // Key is a required field
- Key *string `min:"1" type:"string" required:"true"`
+ // Status is a required field
+ Status *string `type:"string" required:"true" enum:"ExistingObjectReplicationStatus"`
}
// String returns the string representation
-func (s ErrorDocument) String() string {
+func (s ExistingObjectReplication) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
-func (s ErrorDocument) GoString() string {
+func (s ExistingObjectReplication) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *ErrorDocument) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "ErrorDocument"}
- if s.Key == nil {
- invalidParams.Add(request.NewErrParamRequired("Key"))
- }
- if s.Key != nil && len(*s.Key) < 1 {
- invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+func (s *ExistingObjectReplication) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ExistingObjectReplication"}
+ if s.Status == nil {
+ invalidParams.Add(request.NewErrParamRequired("Status"))
}
if invalidParams.Len() > 0 {
@@ -11296,9 +15260,9 @@ func (s *ErrorDocument) Validate() error {
return nil
}
-// SetKey sets the Key field's value.
-func (s *ErrorDocument) SetKey(v string) *ErrorDocument {
- s.Key = &v
+// SetStatus sets the Status field's value.
+func (s *ExistingObjectReplication) SetStatus(v string) *ExistingObjectReplication {
+ s.Status = &v
return s
}
@@ -11388,6 +15352,20 @@ func (s *GetBucketAccelerateConfigurationInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketAccelerateConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketAccelerateConfigurationOutput struct {
_ struct{} `type:"structure"`
@@ -11414,6 +15392,8 @@ func (s *GetBucketAccelerateConfigurationOutput) SetStatus(v string) *GetBucketA
type GetBucketAclInput struct {
_ struct{} `locationName:"GetBucketAclRequest" type:"structure"`
+ // Specifies the S3 bucket whose ACL is being requested.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -11457,12 +15437,27 @@ func (s *GetBucketAclInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketAclInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketAclInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketAclOutput struct {
_ struct{} `type:"structure"`
// A list of grants.
Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
+ // Container for the bucket owner's display name and ID.
Owner *Owner `type:"structure"`
}
@@ -11550,6 +15545,20 @@ func (s *GetBucketAnalyticsConfigurationInput) SetId(v string) *GetBucketAnalyti
return s
}
+func (s *GetBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketAnalyticsConfigurationOutput struct {
_ struct{} `type:"structure" payload:"AnalyticsConfiguration"`
@@ -11576,6 +15585,8 @@ func (s *GetBucketAnalyticsConfigurationOutput) SetAnalyticsConfiguration(v *Ana
type GetBucketCorsInput struct {
_ struct{} `locationName:"GetBucketCorsRequest" type:"structure"`
+ // The bucket name for which to get the cors configuration.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -11619,9 +15630,25 @@ func (s *GetBucketCorsInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketCorsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketCorsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketCorsOutput struct {
_ struct{} `type:"structure"`
+ // A set of origins and methods (cross-origin access that you want to allow).
+ // You can add up to 100 rules to the configuration.
CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true"`
}
@@ -11690,6 +15717,20 @@ func (s *GetBucketEncryptionInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketEncryptionInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketEncryptionOutput struct {
_ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"`
@@ -11775,6 +15816,20 @@ func (s *GetBucketInventoryConfigurationInput) SetId(v string) *GetBucketInvento
return s
}
+func (s *GetBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketInventoryConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketInventoryConfigurationOutput struct {
_ struct{} `type:"structure" payload:"InventoryConfiguration"`
@@ -11801,6 +15856,8 @@ func (s *GetBucketInventoryConfigurationOutput) SetInventoryConfiguration(v *Inv
type GetBucketLifecycleConfigurationInput struct {
_ struct{} `locationName:"GetBucketLifecycleConfigurationRequest" type:"structure"`
+ // The name of the bucket for which to get the lifecycle information.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -11844,9 +15901,24 @@ func (s *GetBucketLifecycleConfigurationInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketLifecycleConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketLifecycleConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketLifecycleConfigurationOutput struct {
_ struct{} `type:"structure"`
+ // Container for a lifecycle rule.
Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true"`
}
@@ -11869,6 +15941,8 @@ func (s *GetBucketLifecycleConfigurationOutput) SetRules(v []*LifecycleRule) *Ge
type GetBucketLifecycleInput struct {
_ struct{} `locationName:"GetBucketLifecycleRequest" type:"structure"`
+ // The name of the bucket for which to get the lifecycle information.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -11912,9 +15986,24 @@ func (s *GetBucketLifecycleInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketLifecycleInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketLifecycleOutput struct {
_ struct{} `type:"structure"`
+ // Container for a lifecycle rule.
Rules []*Rule `locationName:"Rule" type:"list" flattened:"true"`
}
@@ -11937,6 +16026,8 @@ func (s *GetBucketLifecycleOutput) SetRules(v []*Rule) *GetBucketLifecycleOutput
type GetBucketLocationInput struct {
_ struct{} `locationName:"GetBucketLocationRequest" type:"structure"`
+ // The name of the bucket for which to get the location.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -11980,9 +16071,26 @@ func (s *GetBucketLocationInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketLocationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketLocationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketLocationOutput struct {
_ struct{} `type:"structure"`
+ // Specifies the Region where the bucket resides. For a list of all the Amazon
+ // S3 supported location constraints by Region, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
+ // Buckets in Region us-east-1 have a LocationConstraint of null.
LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"`
}
@@ -12005,6 +16113,8 @@ func (s *GetBucketLocationOutput) SetLocationConstraint(v string) *GetBucketLoca
type GetBucketLoggingInput struct {
_ struct{} `locationName:"GetBucketLoggingRequest" type:"structure"`
+ // The bucket name for which to get the logging information.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -12048,6 +16158,20 @@ func (s *GetBucketLoggingInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketLoggingInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketLoggingInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketLoggingOutput struct {
_ struct{} `type:"structure"`
@@ -12136,6 +16260,20 @@ func (s *GetBucketMetricsConfigurationInput) SetId(v string) *GetBucketMetricsCo
return s
}
+func (s *GetBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketMetricsConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketMetricsConfigurationOutput struct {
_ struct{} `type:"structure" payload:"MetricsConfiguration"`
@@ -12162,7 +16300,7 @@ func (s *GetBucketMetricsConfigurationOutput) SetMetricsConfiguration(v *Metrics
type GetBucketNotificationConfigurationRequest struct {
_ struct{} `locationName:"GetBucketNotificationConfigurationRequest" type:"structure"`
- // Name of the bucket to get the notification configuration for.
+ // Name of the bucket for which to get the notification configuration.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -12207,9 +16345,25 @@ func (s *GetBucketNotificationConfigurationRequest) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketNotificationConfigurationRequest) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketNotificationConfigurationRequest) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketPolicyInput struct {
_ struct{} `locationName:"GetBucketPolicyRequest" type:"structure"`
+ // The bucket name for which to get the bucket policy.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -12253,6 +16407,20 @@ func (s *GetBucketPolicyInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketPolicyInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketPolicyOutput struct {
_ struct{} `type:"structure" payload:"Policy"`
@@ -12324,6 +16492,20 @@ func (s *GetBucketPolicyStatusInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketPolicyStatusInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketPolicyStatusInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketPolicyStatusOutput struct {
_ struct{} `type:"structure" payload:"PolicyStatus"`
@@ -12350,6 +16532,8 @@ func (s *GetBucketPolicyStatusOutput) SetPolicyStatus(v *PolicyStatus) *GetBucke
type GetBucketReplicationInput struct {
_ struct{} `locationName:"GetBucketReplicationRequest" type:"structure"`
+ // The bucket name for which to get the replication information.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -12393,6 +16577,20 @@ func (s *GetBucketReplicationInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketReplicationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketReplicationOutput struct {
_ struct{} `type:"structure" payload:"ReplicationConfiguration"`
@@ -12420,6 +16618,8 @@ func (s *GetBucketReplicationOutput) SetReplicationConfiguration(v *ReplicationC
type GetBucketRequestPaymentInput struct {
_ struct{} `locationName:"GetBucketRequestPaymentRequest" type:"structure"`
+ // The name of the bucket for which to get the payment request configuration
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -12463,6 +16663,20 @@ func (s *GetBucketRequestPaymentInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketRequestPaymentInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketRequestPaymentInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketRequestPaymentOutput struct {
_ struct{} `type:"structure"`
@@ -12489,6 +16703,8 @@ func (s *GetBucketRequestPaymentOutput) SetPayer(v string) *GetBucketRequestPaym
type GetBucketTaggingInput struct {
_ struct{} `locationName:"GetBucketTaggingRequest" type:"structure"`
+ // The name of the bucket for which to get the tagging information.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -12532,9 +16748,25 @@ func (s *GetBucketTaggingInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketTaggingInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketTaggingOutput struct {
_ struct{} `type:"structure"`
+ // Contains the tag set.
+ //
// TagSet is a required field
TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
}
@@ -12558,6 +16790,8 @@ func (s *GetBucketTaggingOutput) SetTagSet(v []*Tag) *GetBucketTaggingOutput {
type GetBucketVersioningInput struct {
_ struct{} `locationName:"GetBucketVersioningRequest" type:"structure"`
+ // The name of the bucket for which to get the versioning information.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -12601,6 +16835,20 @@ func (s *GetBucketVersioningInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketVersioningInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketVersioningInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketVersioningOutput struct {
_ struct{} `type:"structure"`
@@ -12638,6 +16886,8 @@ func (s *GetBucketVersioningOutput) SetStatus(v string) *GetBucketVersioningOutp
type GetBucketWebsiteInput struct {
_ struct{} `locationName:"GetBucketWebsiteRequest" type:"structure"`
+ // The bucket name for which to get the website configuration.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -12681,17 +16931,34 @@ func (s *GetBucketWebsiteInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetBucketWebsiteInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetBucketWebsiteOutput struct {
_ struct{} `type:"structure"`
+ // The object key name of the website error document to use for 4XX class errors.
ErrorDocument *ErrorDocument `type:"structure"`
+ // The name of the index document for the website (for example index.html).
IndexDocument *IndexDocument `type:"structure"`
// Specifies the redirect behavior of all requests to a website endpoint of
// an Amazon S3 bucket.
RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"`
+ // Rules that define when a redirect is applied and the redirect behavior.
RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"`
}
@@ -12732,16 +16999,28 @@ func (s *GetBucketWebsiteOutput) SetRoutingRules(v []*RoutingRule) *GetBucketWeb
type GetObjectAclInput struct {
_ struct{} `locationName:"GetObjectAclRequest" type:"structure"`
+ // The bucket name that contains the object for which to get the ACL information.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // The key of the object for which to get the ACL information.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// VersionId used to reference a specific version of the object.
@@ -12811,12 +17090,27 @@ func (s *GetObjectAclInput) SetVersionId(v string) *GetObjectAclInput {
return s
}
+func (s *GetObjectAclInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectAclInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetObjectAclOutput struct {
_ struct{} `type:"structure"`
// A list of grants.
Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
+ // Container for the bucket owner's display name and ID.
Owner *Owner `type:"structure"`
// If present, indicates that the requester was successfully charged for the
@@ -12855,6 +17149,15 @@ func (s *GetObjectAclOutput) SetRequestCharged(v string) *GetObjectAclOutput {
type GetObjectInput struct {
_ struct{} `locationName:"GetObjectRequest" type:"structure"`
+ // The bucket name containing the object.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -12874,6 +17177,8 @@ type GetObjectInput struct {
// otherwise return a 412 (precondition failed).
IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"`
+ // Key of the object to get.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@@ -12883,13 +17188,17 @@ type GetObjectInput struct {
PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"`
// Downloads the specified range bytes of an object. For more information about
- // the HTTP Range header, go to http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.
+ // the HTTP Range header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
+ // (https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35).
+ //
+ // Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
Range *string `location:"header" locationName:"Range" type:"string"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// Sets the Cache-Control header of the response.
@@ -12910,19 +17219,20 @@ type GetObjectInput struct {
// Sets the Expires header of the response.
ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp"`
- // Specifies the algorithm to use to when encrypting the object (e.g., AES256).
+ // Specifies the algorithm to use to when encrypting the object (for example,
+ // AES256).
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
// data. This value is used to store the object and then it is discarded; Amazon
- // does not store the encryption key. The key must be appropriate for use with
- // the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+ // S3 does not store the encryption key. The key must be appropriate for use
+ // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
// header.
SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// VersionId used to reference a specific version of the object.
@@ -13089,10 +17399,32 @@ func (s *GetObjectInput) SetVersionId(v string) *GetObjectInput {
return s
}
+func (s *GetObjectInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetObjectLegalHoldInput struct {
_ struct{} `locationName:"GetObjectLegalHoldRequest" type:"structure"`
- // The bucket containing the object whose Legal Hold status you want to retrieve.
+ // The bucket name containing the object whose Legal Hold status you want to
+ // retrieve.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -13102,10 +17434,11 @@ type GetObjectLegalHoldInput struct {
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// The version ID of the object whose Legal Hold status you want to retrieve.
@@ -13175,6 +17508,20 @@ func (s *GetObjectLegalHoldInput) SetVersionId(v string) *GetObjectLegalHoldInpu
return s
}
+func (s *GetObjectLegalHoldInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectLegalHoldInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetObjectLegalHoldOutput struct {
_ struct{} `type:"structure" payload:"LegalHold"`
@@ -13201,7 +17548,7 @@ func (s *GetObjectLegalHoldOutput) SetLegalHold(v *ObjectLockLegalHold) *GetObje
type GetObjectLockConfigurationInput struct {
_ struct{} `locationName:"GetObjectLockConfigurationRequest" type:"structure"`
- // The bucket whose object lock configuration you want to retrieve.
+ // The bucket whose Object Lock configuration you want to retrieve.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -13246,10 +17593,24 @@ func (s *GetObjectLockConfigurationInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetObjectLockConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectLockConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetObjectLockConfigurationOutput struct {
_ struct{} `type:"structure" payload:"ObjectLockConfiguration"`
- // The specified bucket's object lock configuration.
+ // The specified bucket's Object Lock configuration.
ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"`
}
@@ -13272,6 +17633,7 @@ func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectL
type GetObjectOutput struct {
_ struct{} `type:"structure" payload:"Body"`
+ // Indicates that a range of bytes was specified.
AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"`
// Object data.
@@ -13305,11 +17667,11 @@ type GetObjectOutput struct {
DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
// An ETag is an opaque identifier assigned by a web server to a specific version
- // of a resource found at a URL
+ // of a resource found at a URL.
ETag *string `location:"header" locationName:"ETag" type:"string"`
// If the object expiration is configured (see PUT Bucket lifecycle), the response
- // includes this header. It includes the expiry-date and rule-id key value pairs
+ // includes this header. It includes the expiry-date and rule-id key-value pairs
// providing object expiration information. The value of the rule-id is URL
// encoded.
Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
@@ -13321,6 +17683,10 @@ type GetObjectOutput struct {
LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
// A map of metadata to store with the object in S3.
+ //
+ // By default unmarshaled keys are written as a map keys in following canonicalized format:
+ // the first letter and any letter following a hyphen will be capitalized, and the rest as lowercase.
+ // Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase.
Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
// This is set to the number of metadata entries not returned in x-amz-meta
@@ -13333,15 +17699,17 @@ type GetObjectOutput struct {
// returned if you have permission to view an object's legal hold status.
ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
- // The object lock mode currently in place for this object.
+ // The Object Lock mode currently in place for this object.
ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
- // The date and time when this object's object lock will expire.
+ // The date and time when this object's Object Lock will expire.
ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
// The count of parts this object has.
PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"`
+ // Amazon S3 can return this if your request involves a bucket that is either
+ // a source or destination in a replication rule.
ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
// If present, indicates that the requester was successfully charged for the
@@ -13358,18 +17726,21 @@ type GetObjectOutput struct {
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// If server-side encryption with a customer-provided encryption key was requested,
- // the response will include this header to provide round trip message integrity
+ // the response will include this header to provide round-trip message integrity
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
- // If present, specifies the ID of the AWS Key Management Service (KMS) master
- // encryption key that was used for the object.
+ // If present, specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetric customer managed customer master key (CMK) that was used for the
+ // object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // The server-side encryption algorithm used when storing this object in Amazon
+ // S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+ // Provides storage class information of the object. Amazon S3 returns this
+ // header for all objects except for S3 Standard storage class objects.
StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
// The number of tags, if any, on the object.
@@ -13583,7 +17954,15 @@ func (s *GetObjectOutput) SetWebsiteRedirectLocation(v string) *GetObjectOutput
type GetObjectRetentionInput struct {
_ struct{} `locationName:"GetObjectRetentionRequest" type:"structure"`
- // The bucket containing the object whose retention settings you want to retrieve.
+ // The bucket name containing the object whose retention settings you want to
+ // retrieve.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -13593,10 +17972,11 @@ type GetObjectRetentionInput struct {
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// The version ID for the object whose retention settings you want to retrieve.
@@ -13660,10 +18040,24 @@ func (s *GetObjectRetentionInput) SetRequestPayer(v string) *GetObjectRetentionI
return s
}
-// SetVersionId sets the VersionId field's value.
-func (s *GetObjectRetentionInput) SetVersionId(v string) *GetObjectRetentionInput {
- s.VersionId = &v
- return s
+// SetVersionId sets the VersionId field's value.
+func (s *GetObjectRetentionInput) SetVersionId(v string) *GetObjectRetentionInput {
+ s.VersionId = &v
+ return s
+}
+
+func (s *GetObjectRetentionInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectRetentionInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
}
type GetObjectRetentionOutput struct {
@@ -13692,12 +18086,24 @@ func (s *GetObjectRetentionOutput) SetRetention(v *ObjectLockRetention) *GetObje
type GetObjectTaggingInput struct {
_ struct{} `locationName:"GetObjectTaggingRequest" type:"structure"`
+ // The bucket name containing the object for which to get the tagging information.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Object key for which to get the tagging information.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+ // The versionId of the object for which to get the tagging information.
VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
}
@@ -13758,12 +18164,29 @@ func (s *GetObjectTaggingInput) SetVersionId(v string) *GetObjectTaggingInput {
return s
}
+func (s *GetObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectTaggingInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetObjectTaggingOutput struct {
_ struct{} `type:"structure"`
+ // Contains the tag set.
+ //
// TagSet is a required field
TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
+ // The versionId of the object for which you got the tagging information.
VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
}
@@ -13792,16 +18215,22 @@ func (s *GetObjectTaggingOutput) SetVersionId(v string) *GetObjectTaggingOutput
type GetObjectTorrentInput struct {
_ struct{} `locationName:"GetObjectTorrentRequest" type:"structure"`
+ // The name of the bucket containing the object for which to get the torrent
+ // files.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // The object key for which to get the information.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
}
@@ -13862,9 +18291,24 @@ func (s *GetObjectTorrentInput) SetRequestPayer(v string) *GetObjectTorrentInput
return s
}
+func (s *GetObjectTorrentInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetObjectTorrentInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetObjectTorrentOutput struct {
_ struct{} `type:"structure" payload:"Body"`
+ // A Bencoded dictionary as defined by the BitTorrent specification
Body io.ReadCloser `type:"blob"`
// If present, indicates that the requester was successfully charged for the
@@ -13943,6 +18387,20 @@ func (s *GetPublicAccessBlockInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *GetPublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *GetPublicAccessBlockInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type GetPublicAccessBlockOutput struct {
_ struct{} `type:"structure" payload:"PublicAccessBlockConfiguration"`
@@ -13967,10 +18425,11 @@ func (s *GetPublicAccessBlockOutput) SetPublicAccessBlockConfiguration(v *Public
return s
}
+// Container for S3 Glacier job parameters.
type GlacierJobParameters struct {
_ struct{} `type:"structure"`
- // Glacier retrieval tier at which the restore will be processed.
+ // S3 Glacier retrieval tier at which the restore will be processed.
//
// Tier is a required field
Tier *string `type:"string" required:"true" enum:"Tier"`
@@ -14005,9 +18464,11 @@ func (s *GlacierJobParameters) SetTier(v string) *GlacierJobParameters {
return s
}
+// Container for grant information.
type Grant struct {
_ struct{} `type:"structure"`
+ // The person being granted permissions.
Grantee *Grantee `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
// Specifies the permission given to the grantee.
@@ -14051,6 +18512,7 @@ func (s *Grant) SetPermission(v string) *Grant {
return s
}
+// Container for the person being granted permissions.
type Grantee struct {
_ struct{} `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
@@ -14058,6 +18520,29 @@ type Grantee struct {
DisplayName *string `type:"string"`
// Email address of the grantee.
+ //
+ // Using email addresses to specify a grantee is only supported in the following
+ // AWS Regions:
+ //
+ // * US East (N. Virginia)
+ //
+ // * US West (N. California)
+ //
+ // * US West (Oregon)
+ //
+ // * Asia Pacific (Singapore)
+ //
+ // * Asia Pacific (Sydney)
+ //
+ // * Asia Pacific (Tokyo)
+ //
+ // * Europe (Ireland)
+ //
+ // * South America (São Paulo)
+ //
+ // For a list of all the Amazon S3 supported Regions and endpoints, see Regions
+ // and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+ // in the AWS General Reference.
EmailAddress *string `type:"string"`
// The canonical user ID of the grantee.
@@ -14128,6 +18613,8 @@ func (s *Grantee) SetURI(v string) *Grantee {
type HeadBucketInput struct {
_ struct{} `locationName:"HeadBucketRequest" type:"structure"`
+ // The bucket name.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
}
@@ -14171,6 +18658,20 @@ func (s *HeadBucketInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *HeadBucketInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *HeadBucketInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type HeadBucketOutput struct {
_ struct{} `type:"structure"`
}
@@ -14188,6 +18689,8 @@ func (s HeadBucketOutput) GoString() string {
type HeadObjectInput struct {
_ struct{} `locationName:"HeadObjectRequest" type:"structure"`
+ // The name of the bucket containing the object.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -14207,6 +18710,8 @@ type HeadObjectInput struct {
// otherwise return a 412 (precondition failed).
IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"`
+ // The object key.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@@ -14217,28 +18722,32 @@ type HeadObjectInput struct {
PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"`
// Downloads the specified range bytes of an object. For more information about
- // the HTTP Range header, go to http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.
+ // the HTTP Range header, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.
+ //
+ // Amazon S3 doesn't support retrieving multiple ranges of data per GET request.
Range *string `location:"header" locationName:"Range" type:"string"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
- // Specifies the algorithm to use to when encrypting the object (e.g., AES256).
+ // Specifies the algorithm to use to when encrypting the object (for example,
+ // AES256).
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
// data. This value is used to store the object and then it is discarded; Amazon
- // does not store the encryption key. The key must be appropriate for use with
- // the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+ // S3 does not store the encryption key. The key must be appropriate for use
+ // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
// header.
SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// VersionId used to reference a specific version of the object.
@@ -14369,9 +18878,24 @@ func (s *HeadObjectInput) SetVersionId(v string) *HeadObjectInput {
return s
}
+func (s *HeadObjectInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *HeadObjectInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type HeadObjectOutput struct {
_ struct{} `type:"structure"`
+ // Indicates that a range of bytes was specified.
AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"`
// Specifies caching behavior along the request/reply chain.
@@ -14399,11 +18923,11 @@ type HeadObjectOutput struct {
DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"`
// An ETag is an opaque identifier assigned by a web server to a specific version
- // of a resource found at a URL
+ // of a resource found at a URL.
ETag *string `location:"header" locationName:"ETag" type:"string"`
// If the object expiration is configured (see PUT Bucket lifecycle), the response
- // includes this header. It includes the expiry-date and rule-id key value pairs
+ // includes this header. It includes the expiry-date and rule-id key-value pairs
// providing object expiration information. The value of the rule-id is URL
// encoded.
Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
@@ -14415,6 +18939,10 @@ type HeadObjectOutput struct {
LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"`
// A map of metadata to store with the object in S3.
+ //
+ // By default unmarshaled keys are written as a map keys in following canonicalized format:
+ // the first letter and any letter following a hyphen will be capitalized, and the rest as lowercase.
+ // Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase.
Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
// This is set to the number of metadata entries not returned in x-amz-meta
@@ -14423,26 +18951,69 @@ type HeadObjectOutput struct {
// you can create metadata whose values are not legal HTTP headers.
MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"`
- // The Legal Hold status for the specified object.
+ // Specifies whether a legal hold is in effect for this object. This header
+ // is only returned if the requester has the s3:GetObjectLegalHold permission.
+ // This header is not returned if the specified version of this object has never
+ // had a legal hold applied. For more information about S3 Object Lock, see
+ // Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
- // The object lock mode currently in place for this object.
+ // The Object Lock mode, if any, that's in effect for this object. This header
+ // is only returned if the requester has the s3:GetObjectRetention permission.
+ // For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
- // The date and time when this object's object lock expires.
+ // The date and time when the Object Lock retention period expires. This header
+ // is only returned if the requester has the s3:GetObjectRetention permission.
ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
// The count of parts this object has.
PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"`
+ // Amazon S3 can return this header if your request involves a bucket that is
+ // either a source or destination in a replication rule.
+ //
+ // In replication, you have a source bucket on which you configure replication
+ // and destination bucket where Amazon S3 stores object replicas. When you request
+ // an object (GetObject) or object metadata (HeadObject) from these buckets,
+ // Amazon S3 will return the x-amz-replication-status header in the response
+ // as follows:
+ //
+ // * If requesting an object from the source bucket — Amazon S3 will return
+ // the x-amz-replication-status header if the object in your request is eligible
+ // for replication. For example, suppose that in your replication configuration,
+ // you specify object prefix TaxDocs requesting Amazon S3 to replicate objects
+ // with key prefix TaxDocs. Any objects you upload with this key name prefix,
+ // for example TaxDocs/document1.pdf, are eligible for replication. For any
+ // object request with this key name prefix, Amazon S3 will return the x-amz-replication-status
+ // header with value PENDING, COMPLETED or FAILED indicating object replication
+ // status.
+ //
+ // * If requesting an object from the destination bucket — Amazon S3 will
+ // return the x-amz-replication-status header with value REPLICA if the object
+ // in your request is a replica that Amazon S3 created.
+ //
+ // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).
ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
// If present, indicates that the requester was successfully charged for the
// request.
RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
- // Provides information about object restoration operation and expiration time
- // of the restored object copy.
+ // If the object is an archived object (an object whose storage class is GLACIER),
+ // the response includes this header if either the archive restoration is in
+ // progress (see RestoreObject or an archive copy is already restored.
+ //
+ // If an archive copy is already restored, the header value indicates when Amazon
+ // S3 is scheduled to delete the object copy. For example:
+ //
+ // x-amz-restore: ongoing-request="false", expiry-date="Fri, 23 Dec 2012 00:00:00
+ // GMT"
+ //
+ // If the object restoration is in progress, the header returns the value ongoing-request="true".
+ //
+ // For more information about archiving objects, see Transitioning Objects:
+ // General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations).
Restore *string `location:"header" locationName:"x-amz-restore" type:"string"`
// If server-side encryption with a customer-provided encryption key was requested,
@@ -14451,18 +19022,25 @@ type HeadObjectOutput struct {
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// If server-side encryption with a customer-provided encryption key was requested,
- // the response will include this header to provide round trip message integrity
+ // the response will include this header to provide round-trip message integrity
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
- // If present, specifies the ID of the AWS Key Management Service (KMS) master
- // encryption key that was used for the object.
+ // If present, specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetric customer managed customer master key (CMK) that was used for the
+ // object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // If the object is stored using server-side encryption either with an AWS KMS
+ // customer master key (CMK) or an Amazon S3-managed encryption key, the response
+ // includes this header with the value of the server-side encryption algorithm
+ // used when storing this object in Amazon S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+ // Provides storage class information of the object. Amazon S3 returns this
+ // header for all objects except for S3 Standard storage class objects.
+ //
+ // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
// Version of the object.
@@ -14652,13 +19230,15 @@ func (s *HeadObjectOutput) SetWebsiteRedirectLocation(v string) *HeadObjectOutpu
return s
}
+// Container for the Suffix element.
type IndexDocument struct {
_ struct{} `type:"structure"`
// A suffix that is appended to a request that is for a directory on the website
- // endpoint (e.g. if the suffix is index.html and you make a request to samplebucket/images/
- // the data that is returned will be for the object with the key name images/index.html)
- // The suffix must not be empty and must not include a slash character.
+ // endpoint (for example,if the suffix is index.html and you make a request
+ // to samplebucket/images/ the data that is returned will be for the object
+ // with the key name images/index.html) The suffix must not be empty and must
+ // not include a slash character.
//
// Suffix is a required field
Suffix *string `type:"string" required:"true"`
@@ -14693,6 +19273,7 @@ func (s *IndexDocument) SetSuffix(v string) *IndexDocument {
return s
}
+// Container element that identifies who initiated the multipart upload.
type Initiator struct {
_ struct{} `type:"structure"`
@@ -14913,6 +19494,7 @@ func (s *InventoryConfiguration) SetSchedule(v *InventorySchedule) *InventoryCon
return s
}
+// Specifies the inventory configuration for an Amazon S3 bucket.
type InventoryDestination struct {
_ struct{} `type:"structure"`
@@ -14962,10 +19544,10 @@ func (s *InventoryDestination) SetS3BucketDestination(v *InventoryS3BucketDestin
type InventoryEncryption struct {
_ struct{} `type:"structure"`
- // Specifies the use of SSE-KMS to encrypt delivered Inventory reports.
+ // Specifies the use of SSE-KMS to encrypt delivered inventory reports.
SSEKMS *SSEKMS `locationName:"SSE-KMS" type:"structure"`
- // Specifies the use of SSE-S3 to encrypt delivered Inventory reports.
+ // Specifies the use of SSE-S3 to encrypt delivered inventory reports.
SSES3 *SSES3 `locationName:"SSE-S3" type:"structure"`
}
@@ -15006,6 +19588,8 @@ func (s *InventoryEncryption) SetSSES3(v *SSES3) *InventoryEncryption {
return s
}
+// Specifies an inventory filter. The inventory only includes objects that meet
+// the filter's criteria.
type InventoryFilter struct {
_ struct{} `type:"structure"`
@@ -15044,13 +19628,19 @@ func (s *InventoryFilter) SetPrefix(v string) *InventoryFilter {
return s
}
+// Contains the bucket name, file format, bucket owner (optional), and prefix
+// (optional) where inventory results are published.
type InventoryS3BucketDestination struct {
_ struct{} `type:"structure"`
- // The ID of the account that owns the destination bucket.
+ // The account ID that owns the destination S3 bucket. If no account ID is provided,
+ // the owner is not validated before exporting data.
+ //
+ // Although this value is optional, we strongly recommend that you set it to
+ // help prevent problems if the destination bucket ownership changes.
AccountId *string `type:"string"`
- // The Amazon resource name (ARN) of the bucket where inventory results will
+ // The Amazon Resource Name (ARN) of the bucket where inventory results will
// be published.
//
// Bucket is a required field
@@ -15137,6 +19727,7 @@ func (s *InventoryS3BucketDestination) SetPrefix(v string) *InventoryS3BucketDes
return s
}
+// Specifies the schedule for generating inventory results.
type InventorySchedule struct {
_ struct{} `type:"structure"`
@@ -15175,6 +19766,7 @@ func (s *InventorySchedule) SetFrequency(v string) *InventorySchedule {
return s
}
+// Specifies JSON as object's input serialization format.
type JSONInput struct {
_ struct{} `type:"structure"`
@@ -15198,10 +19790,12 @@ func (s *JSONInput) SetType(v string) *JSONInput {
return s
}
+// Specifies JSON as request's output serialization format.
type JSONOutput struct {
_ struct{} `type:"structure"`
- // The value used to separate individual records in the output.
+ // The value used to separate individual records in the output. If no value
+ // is specified, Amazon S3 uses a newline character ('\n').
RecordDelimiter *string `type:"string"`
}
@@ -15225,7 +19819,7 @@ func (s *JSONOutput) SetRecordDelimiter(v string) *JSONOutput {
type KeyFilter struct {
_ struct{} `type:"structure"`
- // A list of containers for the key value pair that defines the criteria for
+ // A list of containers for the key-value pair that defines the criteria for
// the filter rule.
FilterRules []*FilterRule `locationName:"FilterRule" type:"list" flattened:"true"`
}
@@ -15323,9 +19917,12 @@ func (s *LambdaFunctionConfiguration) SetLambdaFunctionArn(v string) *LambdaFunc
return s
}
+// Container for lifecycle rules. You can add as many as 1000 rules.
type LifecycleConfiguration struct {
_ struct{} `type:"structure"`
+ // Specifies lifecycle configuration rules for an Amazon S3 bucket.
+ //
// Rules is a required field
Rules []*Rule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
}
@@ -15369,6 +19966,7 @@ func (s *LifecycleConfiguration) SetRules(v []*Rule) *LifecycleConfiguration {
return s
}
+// Container for the expiration for the lifecycle of the object.
type LifecycleExpiration struct {
_ struct{} `type:"structure"`
@@ -15415,6 +20013,7 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp
return s
}
+// A lifecycle rule for individual objects in an Amazon S3 bucket.
type LifecycleRule struct {
_ struct{} `type:"structure"`
@@ -15425,6 +20024,8 @@ type LifecycleRule struct {
// in the Amazon Simple Storage Service Developer Guide.
AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"`
+ // Specifies the expiration for the lifecycle of the object in the form of date,
+ // days and, whether the object has a delete marker.
Expiration *LifecycleExpiration `type:"structure"`
// The Filter is used to identify objects that a Lifecycle Rule applies to.
@@ -15441,6 +20042,11 @@ type LifecycleRule struct {
// period in the object's lifetime.
NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"`
+ // Specifies the transition rule for the lifecycle rule that describes when
+ // noncurrent objects transition to a specific storage class. If your bucket
+ // is versioning-enabled (or versioning is suspended), you can set this action
+ // to request that Amazon S3 transition noncurrent object versions to a specific
+ // storage class at a set period in the object's lifetime.
NoncurrentVersionTransitions []*NoncurrentVersionTransition `locationName:"NoncurrentVersionTransition" type:"list" flattened:"true"`
// Prefix identifying one or more objects to which the rule applies. This is
@@ -15455,6 +20061,7 @@ type LifecycleRule struct {
// Status is a required field
Status *string `type:"string" required:"true" enum:"ExpirationStatus"`
+ // Specifies when an Amazon S3 object transitions to a specified storage class.
Transitions []*Transition `locationName:"Transition" type:"list" flattened:"true"`
}
@@ -15546,6 +20153,7 @@ func (s *LifecycleRule) SetTransitions(v []*Transition) *LifecycleRule {
type LifecycleRuleAndOperator struct {
_ struct{} `type:"structure"`
+ // Prefix identifying one or more objects to which the rule applies.
Prefix *string `type:"string"`
// All of these tags must exist in the object's tag set in order for the rule
@@ -15718,13 +20326,28 @@ func (s *ListBucketAnalyticsConfigurationsInput) SetContinuationToken(v string)
return s
}
+func (s *ListBucketAnalyticsConfigurationsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListBucketAnalyticsConfigurationsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type ListBucketAnalyticsConfigurationsOutput struct {
_ struct{} `type:"structure"`
// The list of analytics configurations for a bucket.
AnalyticsConfigurationList []*AnalyticsConfiguration `locationName:"AnalyticsConfiguration" type:"list" flattened:"true"`
- // The ContinuationToken that represents where this request began.
+ // The marker that is used as a starting point for this analytics configuration
+ // list response. This value is present if it was sent in the request.
ContinuationToken *string `type:"string"`
// Indicates whether the returned list of analytics configurations is complete.
@@ -15832,6 +20455,20 @@ func (s *ListBucketInventoryConfigurationsInput) SetContinuationToken(v string)
return s
}
+func (s *ListBucketInventoryConfigurationsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListBucketInventoryConfigurationsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type ListBucketInventoryConfigurationsOutput struct {
_ struct{} `type:"structure"`
@@ -15842,8 +20479,9 @@ type ListBucketInventoryConfigurationsOutput struct {
// The list of inventory configurations for a bucket.
InventoryConfigurationList []*InventoryConfiguration `locationName:"InventoryConfiguration" type:"list" flattened:"true"`
- // Indicates whether the returned list of inventory configurations is truncated
- // in this response. A value of true indicates that the list is truncated.
+ // Tells whether the returned list of inventory configurations is complete.
+ // A value of true indicates that the list is not complete and the NextContinuationToken
+ // is provided for a subsequent request.
IsTruncated *bool `type:"boolean"`
// The marker used to continue this inventory configuration listing. Use the
@@ -15946,6 +20584,20 @@ func (s *ListBucketMetricsConfigurationsInput) SetContinuationToken(v string) *L
return s
}
+func (s *ListBucketMetricsConfigurationsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListBucketMetricsConfigurationsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type ListBucketMetricsConfigurationsOutput struct {
_ struct{} `type:"structure"`
@@ -16019,8 +20671,10 @@ func (s ListBucketsInput) GoString() string {
type ListBucketsOutput struct {
_ struct{} `type:"structure"`
+ // The list of buckets owned by the requestor.
Buckets []*Bucket `locationNameList:"Bucket" type:"list"`
+ // The owner of the buckets listed.
Owner *Owner `type:"structure"`
}
@@ -16049,10 +20703,26 @@ func (s *ListBucketsOutput) SetOwner(v *Owner) *ListBucketsOutput {
type ListMultipartUploadsInput struct {
_ struct{} `locationName:"ListMultipartUploadsRequest" type:"structure"`
+ // Name of the bucket to which the multipart upload was initiated.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
// Character you use to group keys.
+ //
+ // All keys that contain the same string between the prefix, if specified, and
+ // the first occurrence of the delimiter after the prefix are grouped under
+ // a single result element, CommonPrefixes. If you don't specify the prefix
+ // parameter, then the substring starts at the beginning of the key. The keys
+ // that are grouped under CommonPrefixes result element are not returned elsewhere
+ // in the response.
Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
// Requests Amazon S3 to encode the object keys in the response and specifies
@@ -16065,6 +20735,13 @@ type ListMultipartUploadsInput struct {
// Together with upload-id-marker, this parameter specifies the multipart upload
// after which listing should begin.
+ //
+ // If upload-id-marker is not specified, only the keys lexicographically greater
+ // than the specified key-marker will be included in the list.
+ //
+ // If upload-id-marker is specified, any multipart uploads for a key equal to
+ // the key-marker might also be included, provided those multipart uploads have
+ // upload IDs lexicographically greater than the specified upload-id-marker.
KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"`
// Sets the maximum number of multipart uploads, from 1 to 1,000, to return
@@ -16073,12 +20750,16 @@ type ListMultipartUploadsInput struct {
MaxUploads *int64 `location:"querystring" locationName:"max-uploads" type:"integer"`
// Lists in-progress uploads only for those keys that begin with the specified
- // prefix.
+ // prefix. You can use prefixes to separate a bucket into different grouping
+ // of keys. (You can think of using prefix to make groups in the same way you'd
+ // use a folder in a file system.)
Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
// Together with key-marker, specifies the multipart upload after which listing
// should begin. If key-marker is not specified, the upload-id-marker parameter
- // is ignored.
+ // is ignored. Otherwise, any multipart uploads for a key equal to the key-marker
+ // might be included in the list only if they have an upload ID lexicographically
+ // greater than the specified upload-id-marker.
UploadIdMarker *string `location:"querystring" locationName:"upload-id-marker" type:"string"`
}
@@ -16157,17 +20838,42 @@ func (s *ListMultipartUploadsInput) SetUploadIdMarker(v string) *ListMultipartUp
return s
}
+func (s *ListMultipartUploadsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListMultipartUploadsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type ListMultipartUploadsOutput struct {
_ struct{} `type:"structure"`
// Name of the bucket to which the multipart upload was initiated.
Bucket *string `type:"string"`
+ // If you specify a delimiter in the request, then the result returns each distinct
+ // key prefix containing the delimiter in a CommonPrefixes element. The distinct
+ // key prefixes are returned in the Prefix child element.
CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
+ // Contains the delimiter you specified in the request. If you don't specify
+ // a delimiter in your request, this element is absent from the response.
Delimiter *string `type:"string"`
// Encoding type used by Amazon S3 to encode object keys in the response.
+ //
+ // If you specify encoding-type request parameter, Amazon S3 includes this element
+ // in the response, and returns encoded key name values in the following response
+ // elements:
+ //
+ // Delimiter, KeyMarker, Prefix, NextKeyMarker, Key.
EncodingType *string `type:"string" enum:"EncodingType"`
// Indicates whether the returned list of multipart uploads is truncated. A
@@ -16198,6 +20904,8 @@ type ListMultipartUploadsOutput struct {
// Upload ID after which listing began.
UploadIdMarker *string `type:"string"`
+ // Container for elements related to a particular multipart upload. A response
+ // can contain zero or more Upload elements.
Uploads []*MultipartUpload `locationName:"Upload" type:"list" flattened:"true"`
}
@@ -16293,10 +21001,23 @@ func (s *ListMultipartUploadsOutput) SetUploads(v []*MultipartUpload) *ListMulti
type ListObjectVersionsInput struct {
_ struct{} `locationName:"ListObjectVersionsRequest" type:"structure"`
+ // The bucket name that contains the objects.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
- // A delimiter is a character you use to group keys.
+ // A delimiter is a character that you specify to group keys. All keys that
+ // contain the same string between the prefix and the first occurrence of the
+ // delimiter are grouped under a single result element in CommonPrefixes. These
+ // groups are counted as one result against the max-keys limitation. These keys
+ // are not returned elsewhere in the response.
Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"`
// Requests Amazon S3 to encode the object keys in the response and specifies
@@ -16310,11 +21031,19 @@ type ListObjectVersionsInput struct {
// Specifies the key to start with when listing objects in a bucket.
KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"`
- // Sets the maximum number of keys returned in the response. The response might
- // contain fewer keys but will never contain more.
+ // Sets the maximum number of keys returned in the response. By default the
+ // API returns up to 1,000 key names. The response might contain fewer keys
+ // but will never contain more. If additional keys satisfy the search criteria,
+ // but were not returned because max-keys was exceeded, the response contains
+ // true. To return the additional keys, see key-marker
+ // and version-id-marker.
MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
- // Limits the response to keys that begin with the specified prefix.
+ // Use this parameter to select only those keys that begin with the specified
+ // prefix. You can use prefixes to separate a bucket into different groupings
+ // of keys. (You can think of using prefix to make groups in the same way you'd
+ // use a folder in a file system.) You can use prefix with delimiter to roll
+ // up numerous objects into a single result under CommonPrefixes.
Prefix *string `location:"querystring" locationName:"prefix" type:"string"`
// Specifies the object version you want to start listing from.
@@ -16396,42 +21125,81 @@ func (s *ListObjectVersionsInput) SetVersionIdMarker(v string) *ListObjectVersio
return s
}
+func (s *ListObjectVersionsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListObjectVersionsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type ListObjectVersionsOutput struct {
_ struct{} `type:"structure"`
+ // All of the keys rolled up into a common prefix count as a single return when
+ // calculating the number of returns.
CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
+ // Container for an object that is a delete marker.
DeleteMarkers []*DeleteMarkerEntry `locationName:"DeleteMarker" type:"list" flattened:"true"`
+ // The delimiter grouping the included keys. A delimiter is a character that
+ // you specify to group keys. All keys that contain the same string between
+ // the prefix and the first occurrence of the delimiter are grouped under a
+ // single result element in CommonPrefixes. These groups are counted as one
+ // result against the max-keys limitation. These keys are not returned elsewhere
+ // in the response.
Delimiter *string `type:"string"`
- // Encoding type used by Amazon S3 to encode object keys in the response.
+ // Encoding type used by Amazon S3 to encode object key names in the XML response.
+ //
+ // If you specify encoding-type request parameter, Amazon S3 includes this element
+ // in the response, and returns encoded key name values in the following response
+ // elements:
+ //
+ // KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter.
EncodingType *string `type:"string" enum:"EncodingType"`
- // A flag that indicates whether or not Amazon S3 returned all of the results
- // that satisfied the search criteria. If your results were truncated, you can
- // make a follow-up paginated request using the NextKeyMarker and NextVersionIdMarker
+ // A flag that indicates whether Amazon S3 returned all of the results that
+ // satisfied the search criteria. If your results were truncated, you can make
+ // a follow-up paginated request using the NextKeyMarker and NextVersionIdMarker
// response parameters as a starting place in another request to return the
// rest of the results.
IsTruncated *bool `type:"boolean"`
- // Marks the last Key returned in a truncated response.
+ // Marks the last key returned in a truncated response.
KeyMarker *string `type:"string"`
+ // Specifies the maximum number of objects to return.
MaxKeys *int64 `type:"integer"`
+ // Bucket name.
Name *string `type:"string"`
- // Use this value for the key marker request parameter in a subsequent request.
+ // When the number of responses exceeds the value of MaxKeys, NextKeyMarker
+ // specifies the first key not returned that satisfies the search criteria.
+ // Use this value for the key-marker request parameter in a subsequent request.
NextKeyMarker *string `type:"string"`
- // Use this value for the next version id marker parameter in a subsequent request.
+ // When the number of responses exceeds the value of MaxKeys, NextVersionIdMarker
+ // specifies the first object version not returned that satisfies the search
+ // criteria. Use this value for the version-id-marker request parameter in a
+ // subsequent request.
NextVersionIdMarker *string `type:"string"`
+ // Selects objects that start with the value supplied by this parameter.
Prefix *string `type:"string"`
+ // Marks the last version of the key returned in a truncated response.
VersionIdMarker *string `type:"string"`
+ // Container for version information.
Versions []*ObjectVersion `locationName:"Version" type:"list" flattened:"true"`
}
@@ -16526,6 +21294,8 @@ func (s *ListObjectVersionsOutput) SetVersions(v []*ObjectVersion) *ListObjectVe
type ListObjectsInput struct {
_ struct{} `locationName:"ListObjectsRequest" type:"structure"`
+ // The name of the bucket containing the objects.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -16543,8 +21313,9 @@ type ListObjectsInput struct {
// Specifies the key to start with when listing objects in a bucket.
Marker *string `location:"querystring" locationName:"marker" type:"string"`
- // Sets the maximum number of keys returned in the response. The response might
- // contain fewer keys but will never contain more.
+ // Sets the maximum number of keys returned in the response. By default the
+ // API returns up to 1,000 key names. The response might contain fewer keys
+ // but will never contain more.
MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
// Limits the response to keys that begin with the specified prefix.
@@ -16631,26 +21402,65 @@ func (s *ListObjectsInput) SetRequestPayer(v string) *ListObjectsInput {
return s
}
+func (s *ListObjectsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListObjectsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type ListObjectsOutput struct {
_ struct{} `type:"structure"`
+ // All of the keys rolled up in a common prefix count as a single return when
+ // calculating the number of returns.
+ //
+ // A response can contain CommonPrefixes only if you specify a delimiter.
+ //
+ // CommonPrefixes contains all (if there are any) keys between Prefix and the
+ // next occurrence of the string specified by the delimiter.
+ //
+ // CommonPrefixes lists keys that act like subdirectories in the directory specified
+ // by Prefix.
+ //
+ // For example, if the prefix is notes/ and the delimiter is a slash (/) as
+ // in notes/summer/july, the common prefix is notes/summer/. All of the keys
+ // that roll up into a common prefix count as a single return when calculating
+ // the number of returns.
CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
+ // Metadata about each object returned.
Contents []*Object `type:"list" flattened:"true"`
+ // Causes keys that contain the same string between the prefix and the first
+ // occurrence of the delimiter to be rolled up into a single result element
+ // in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere
+ // in the response. Each rolled-up result counts as only one return against
+ // the MaxKeys value.
Delimiter *string `type:"string"`
// Encoding type used by Amazon S3 to encode object keys in the response.
EncodingType *string `type:"string" enum:"EncodingType"`
- // A flag that indicates whether or not Amazon S3 returned all of the results
- // that satisfied the search criteria.
+ // A flag that indicates whether Amazon S3 returned all of the results that
+ // satisfied the search criteria.
IsTruncated *bool `type:"boolean"`
+ // Indicates where in the bucket listing begins. Marker is included in the response
+ // if it was sent with the request.
Marker *string `type:"string"`
+ // The maximum number of keys returned in the response body.
MaxKeys *int64 `type:"integer"`
+ // Bucket name.
Name *string `type:"string"`
// When response is truncated (the IsTruncated element value in the response
@@ -16662,6 +21472,7 @@ type ListObjectsOutput struct {
// subsequent request to get the next set of object keys.
NextMarker *string `type:"string"`
+ // Keys that begin with the indicated prefix.
Prefix *string `type:"string"`
}
@@ -16738,14 +21549,21 @@ func (s *ListObjectsOutput) SetPrefix(v string) *ListObjectsOutput {
type ListObjectsV2Input struct {
_ struct{} `locationName:"ListObjectsV2Request" type:"structure"`
- // Name of the bucket to list.
+ // Bucket name to list.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
// ContinuationToken indicates Amazon S3 that the list is being continued on
// this bucket with a token. ContinuationToken is obfuscated and is not a real
- // key
+ // key.
ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"`
// A delimiter is a character you use to group keys.
@@ -16756,11 +21574,12 @@ type ListObjectsV2Input struct {
// The owner field is not present in listV2 by default, if you want to return
// owner field with each key in the result then set the fetch owner field to
- // true
+ // true.
FetchOwner *bool `location:"querystring" locationName:"fetch-owner" type:"boolean"`
- // Sets the maximum number of keys returned in the response. The response might
- // contain fewer keys but will never contain more.
+ // Sets the maximum number of keys returned in the response. By default the
+ // API returns up to 1,000 key names. The response might contain fewer keys
+ // but will never contain more.
MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"`
// Limits the response to keys that begin with the specified prefix.
@@ -16772,7 +21591,7 @@ type ListObjectsV2Input struct {
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts
- // listing after this specified key. StartAfter can be any key in the bucket
+ // listing after this specified key. StartAfter can be any key in the bucket.
StartAfter *string `location:"querystring" locationName:"start-after" type:"string"`
}
@@ -16863,29 +21682,65 @@ func (s *ListObjectsV2Input) SetStartAfter(v string) *ListObjectsV2Input {
return s
}
+func (s *ListObjectsV2Input) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListObjectsV2Input) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type ListObjectsV2Output struct {
_ struct{} `type:"structure"`
+ // All of the keys rolled up into a common prefix count as a single return when
+ // calculating the number of returns.
+ //
+ // A response can contain CommonPrefixes only if you specify a delimiter.
+ //
// CommonPrefixes contains all (if there are any) keys between Prefix and the
- // next occurrence of the string specified by delimiter
+ // next occurrence of the string specified by a delimiter.
+ //
+ // CommonPrefixes lists keys that act like subdirectories in the directory specified
+ // by Prefix.
+ //
+ // For example, if the prefix is notes/ and the delimiter is a slash (/) as
+ // in notes/summer/july, the common prefix is notes/summer/. All of the keys
+ // that roll up into a common prefix count as a single return when calculating
+ // the number of returns.
CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"`
// Metadata about each object returned.
Contents []*Object `type:"list" flattened:"true"`
- // ContinuationToken indicates Amazon S3 that the list is being continued on
- // this bucket with a token. ContinuationToken is obfuscated and is not a real
- // key
+ // If ContinuationToken was sent with the request, it is included in the response.
ContinuationToken *string `type:"string"`
- // A delimiter is a character you use to group keys.
+ // Causes keys that contain the same string between the prefix and the first
+ // occurrence of the delimiter to be rolled up into a single result element
+ // in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere
+ // in the response. Each rolled-up result counts as only one return against
+ // the MaxKeys value.
Delimiter *string `type:"string"`
- // Encoding type used by Amazon S3 to encode object keys in the response.
+ // Encoding type used by Amazon S3 to encode object key names in the XML response.
+ //
+ // If you specify the encoding-type request parameter, Amazon S3 includes this
+ // element in the response, and returns encoded key name values in the following
+ // response elements:
+ //
+ // Delimiter, Prefix, Key, and StartAfter.
EncodingType *string `type:"string" enum:"EncodingType"`
- // A flag that indicates whether or not Amazon S3 returned all of the results
- // that satisfied the search criteria.
+ // Set to false if all of the results were returned. Set to true if more keys
+ // are available to return. If the number of results exceeds that specified
+ // by MaxKeys, all of the results might not be returned.
IsTruncated *bool `type:"boolean"`
// KeyCount is the number of keys returned with this request. KeyCount will
@@ -16893,24 +21748,31 @@ type ListObjectsV2Output struct {
// result will include less than equals 50 keys
KeyCount *int64 `type:"integer"`
- // Sets the maximum number of keys returned in the response. The response might
- // contain fewer keys but will never contain more.
+ // Sets the maximum number of keys returned in the response. By default the
+ // API returns up to 1,000 key names. The response might contain fewer keys
+ // but will never contain more.
MaxKeys *int64 `type:"integer"`
- // Name of the bucket to list.
+ // Bucket name.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
Name *string `type:"string"`
- // NextContinuationToken is sent when isTruncated is true which means there
+ // NextContinuationToken is sent when isTruncated is true, which means there
// are more keys in the bucket that can be listed. The next list requests to
// Amazon S3 can be continued with this NextContinuationToken. NextContinuationToken
// is obfuscated and is not a real key
NextContinuationToken *string `type:"string"`
- // Limits the response to keys that begin with the specified prefix.
+ // Keys that begin with the indicated prefix.
Prefix *string `type:"string"`
- // StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts
- // listing after this specified key. StartAfter can be any key in the bucket
+ // If StartAfter was sent with the request, it is included in the response.
StartAfter *string `type:"string"`
}
@@ -16999,9 +21861,20 @@ func (s *ListObjectsV2Output) SetStartAfter(v string) *ListObjectsV2Output {
type ListPartsInput struct {
_ struct{} `locationName:"ListPartsRequest" type:"structure"`
+ // Name of the bucket to which the parts are being uploaded.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Object key for which the multipart upload was initiated.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@@ -17012,10 +21885,11 @@ type ListPartsInput struct {
// part numbers will be listed.
PartNumberMarker *int64 `location:"querystring" locationName:"part-number-marker" type:"integer"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// Upload ID identifying the multipart upload whose parts are being listed.
@@ -17102,23 +21976,51 @@ func (s *ListPartsInput) SetUploadId(v string) *ListPartsInput {
return s
}
+func (s *ListPartsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *ListPartsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type ListPartsOutput struct {
_ struct{} `type:"structure"`
- // Date when multipart upload will become eligible for abort operation by lifecycle.
+ // If the bucket has a lifecycle rule configured with an action to abort incomplete
+ // multipart uploads and the prefix in the lifecycle rule matches the object
+ // name in the request, then the response includes this header indicating when
+ // the initiated multipart upload will become eligible for abort operation.
+ // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
+ // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config).
+ //
+ // The response will also include the x-amz-abort-rule-id header that will provide
+ // the ID of the lifecycle configuration rule that defines this action.
AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"`
- // Id of the lifecycle rule that makes a multipart upload eligible for abort
- // operation.
+ // This header is returned along with the x-amz-abort-date header. It identifies
+ // applicable lifecycle configuration rule that defines the action to abort
+ // incomplete multipart uploads.
AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"`
// Name of the bucket to which the multipart upload was initiated.
Bucket *string `type:"string"`
- // Identifies who initiated the multipart upload.
+ // Container element that identifies who initiated the multipart upload. If
+ // the initiator is an AWS account, this element provides the same information
+ // as the Owner element. If the initiator is an IAM User, this element provides
+ // the user ARN and display name.
Initiator *Initiator `type:"structure"`
- // Indicates whether the returned list of parts is truncated.
+ // Indicates whether the returned list of parts is truncated. A true value indicates
+ // that the list was truncated. A list can be truncated if the number of parts
+ // exceeds the limit returned in the MaxParts element.
IsTruncated *bool `type:"boolean"`
// Object key for which the multipart upload was initiated.
@@ -17132,18 +22034,26 @@ type ListPartsOutput struct {
// in a subsequent request.
NextPartNumberMarker *int64 `type:"integer"`
+ // Container element that identifies the object owner, after the object is created.
+ // If multipart upload is initiated by an IAM user, this element provides the
+ // parent account ID and display name.
Owner *Owner `type:"structure"`
- // Part number after which listing begins.
+ // When a list is truncated, this element specifies the last part in the list,
+ // as well as the value to use for the part-number-marker request parameter
+ // in a subsequent request.
PartNumberMarker *int64 `type:"integer"`
+ // Container for elements related to a particular part. A response can contain
+ // zero or more Part elements.
Parts []*Part `locationName:"Part" type:"list" flattened:"true"`
// If present, indicates that the requester was successfully charged for the
// request.
RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"`
- // The class of storage used to store the object.
+ // Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded
+ // object.
StorageClass *string `type:"string" enum:"StorageClass"`
// Upload ID identifying the multipart upload whose parts are being listed.
@@ -17251,7 +22161,8 @@ func (s *ListPartsOutput) SetUploadId(v string) *ListPartsOutput {
return s
}
-// Describes an S3 location that will receive the results of the restore request.
+// Describes an Amazon S3 location that will receive the results of the restore
+// request.
type Location struct {
_ struct{} `type:"structure"`
@@ -17266,8 +22177,7 @@ type Location struct {
// The canned ACL to apply to the restore results.
CannedACL *string `type:"string" enum:"ObjectCannedACL"`
- // Describes the server-side encryption that will be applied to the restore
- // results.
+ // Contains the type of server-side encryption used.
Encryption *Encryption `type:"structure"`
// The prefix that is prepended to the restore results for this request.
@@ -17389,13 +22299,14 @@ type LoggingEnabled struct {
// Specifies the bucket where you want Amazon S3 to store server access logs.
// You can have your logs delivered to any bucket that you own, including the
// same bucket that is being logged. You can also configure multiple buckets
- // to deliver their logs to the same target bucket. In this case you should
+ // to deliver their logs to the same target bucket. In this case, you should
// choose a different TargetPrefix for each source bucket so that the delivered
// log files can be distinguished by key.
//
// TargetBucket is a required field
TargetBucket *string `type:"string" required:"true"`
+ // Container for granting information.
TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"`
// A prefix for all log object keys. If you store log files from multiple Amazon
@@ -17464,8 +22375,10 @@ func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled {
type MetadataEntry struct {
_ struct{} `type:"structure"`
+ // Name of the Object.
Name *string `type:"string"`
+ // Value of the Object.
Value *string `type:"string"`
}
@@ -17491,6 +22404,65 @@ func (s *MetadataEntry) SetValue(v string) *MetadataEntry {
return s
}
+// A container specifying replication metrics-related settings enabling metrics
+// and Amazon S3 events for S3 Replication Time Control (S3 RTC). Must be specified
+// together with a ReplicationTime block.
+type Metrics struct {
+ _ struct{} `type:"structure"`
+
+ // A container specifying the time threshold for emitting the s3:Replication:OperationMissedThreshold
+ // event.
+ //
+ // EventThreshold is a required field
+ EventThreshold *ReplicationTimeValue `type:"structure" required:"true"`
+
+ // Specifies whether the replication metrics are enabled.
+ //
+ // Status is a required field
+ Status *string `type:"string" required:"true" enum:"MetricsStatus"`
+}
+
+// String returns the string representation
+func (s Metrics) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s Metrics) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Metrics) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "Metrics"}
+ if s.EventThreshold == nil {
+ invalidParams.Add(request.NewErrParamRequired("EventThreshold"))
+ }
+ if s.Status == nil {
+ invalidParams.Add(request.NewErrParamRequired("Status"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetEventThreshold sets the EventThreshold field's value.
+func (s *Metrics) SetEventThreshold(v *ReplicationTimeValue) *Metrics {
+ s.EventThreshold = v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *Metrics) SetStatus(v string) *Metrics {
+ s.Status = &v
+ return s
+}
+
+// A conjunction (logical AND) of predicates, which is used in evaluating a
+// metrics filter. The operator must have at least two predicates, and an object
+// must match all of the predicates in order for the filter to apply.
type MetricsAndOperator struct {
_ struct{} `type:"structure"`
@@ -17604,6 +22576,9 @@ func (s *MetricsConfiguration) SetId(v string) *MetricsConfiguration {
return s
}
+// Specifies a metrics configuration filter. The metrics configuration only
+// includes objects that meet the filter's criteria. A filter must be a prefix,
+// a tag, or a conjunction (MetricsAndOperator).
type MetricsFilter struct {
_ struct{} `type:"structure"`
@@ -17667,6 +22642,7 @@ func (s *MetricsFilter) SetTag(v *Tag) *MetricsFilter {
return s
}
+// Container for the MultipartUpload for the Amazon S3 object.
type MultipartUpload struct {
_ struct{} `type:"structure"`
@@ -17679,6 +22655,7 @@ type MultipartUpload struct {
// Key of the object for which the multipart upload was initiated.
Key *string `min:"1" type:"string"`
+ // Specifies the owner of the object that is part of the multipart upload.
Owner *Owner `type:"structure"`
// The class of storage used to store the object.
@@ -17778,8 +22755,8 @@ type NoncurrentVersionTransition struct {
// Specifies the number of days an object is noncurrent before Amazon S3 can
// perform the associated action. For information about the noncurrent days
- // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent
- // (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html)
+ // calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent
+ // (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
// in the Amazon Simple Storage Service Developer Guide.
NoncurrentDays *int64 `type:"integer"`
@@ -17898,10 +22875,17 @@ func (s *NotificationConfiguration) SetTopicConfigurations(v []*TopicConfigurati
type NotificationConfigurationDeprecated struct {
_ struct{} `type:"structure"`
+ // Container for specifying the AWS Lambda notification configuration.
CloudFunctionConfiguration *CloudFunctionConfiguration `type:"structure"`
+ // This data type is deprecated. This data type specifies the configuration
+ // for publishing messages to an Amazon Simple Queue Service (Amazon SQS) queue
+ // when Amazon S3 detects specified events.
QueueConfiguration *QueueConfigurationDeprecated `type:"structure"`
+ // This data type is deprecated. A container for specifying the configuration
+ // for publication of messages to an Amazon Simple Notification Service (Amazon
+ // SNS) topic when Amazon S3 detects specified events.
TopicConfiguration *TopicConfigurationDeprecated `type:"structure"`
}
@@ -17959,17 +22943,25 @@ func (s *NotificationConfigurationFilter) SetKey(v *KeyFilter) *NotificationConf
return s
}
+// An object consists of data and its descriptive metadata.
type Object struct {
_ struct{} `type:"structure"`
+ // The entity tag is an MD5 hash of the object. ETag reflects only changes to
+ // the contents of an object, not its metadata.
ETag *string `type:"string"`
+ // The name that you assign to an object. You use the object key to retrieve
+ // the object.
Key *string `min:"1" type:"string"`
+ // The date the Object was Last Modified
LastModified *time.Time `type:"timestamp"`
+ // The owner of the object
Owner *Owner `type:"structure"`
+ // Size in bytes of the object
Size *int64 `type:"integer"`
// The class of storage used to store the object.
@@ -18022,6 +23014,7 @@ func (s *Object) SetStorageClass(v string) *Object {
return s
}
+// Object Identifier is unique value to identify objects.
type ObjectIdentifier struct {
_ struct{} `type:"structure"`
@@ -18072,14 +23065,14 @@ func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier {
return s
}
-// The container element for object lock configuration parameters.
+// The container element for Object Lock configuration parameters.
type ObjectLockConfiguration struct {
_ struct{} `type:"structure"`
- // Indicates whether this bucket has an object lock configuration enabled.
+ // Indicates whether this bucket has an Object Lock configuration enabled.
ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"`
- // The object lock rule in place for the specified object.
+ // The Object Lock rule in place for the specified object.
Rule *ObjectLockRule `type:"structure"`
}
@@ -18136,7 +23129,7 @@ type ObjectLockRetention struct {
// Indicates the Retention mode for the specified object.
Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
- // The date on which this object lock retention expires.
+ // The date on which this Object Lock Retention will expire.
RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`
}
@@ -18162,7 +23155,7 @@ func (s *ObjectLockRetention) SetRetainUntilDate(v time.Time) *ObjectLockRetenti
return s
}
-// The container element for an object lock rule.
+// The container element for an Object Lock rule.
type ObjectLockRule struct {
_ struct{} `type:"structure"`
@@ -18187,9 +23180,11 @@ func (s *ObjectLockRule) SetDefaultRetention(v *DefaultRetention) *ObjectLockRul
return s
}
+// The version of an object.
type ObjectVersion struct {
_ struct{} `type:"structure"`
+ // The entity tag is an MD5 hash of that version of the object.
ETag *string `type:"string"`
// Specifies whether the object is (true) or is not (false) the latest version
@@ -18202,6 +23197,7 @@ type ObjectVersion struct {
// Date and time the object was last modified.
LastModified *time.Time `type:"timestamp"`
+ // Specifies the owner of the object.
Owner *Owner `type:"structure"`
// Size in bytes of the object.
@@ -18344,11 +23340,14 @@ func (s *OutputSerialization) SetJSON(v *JSONOutput) *OutputSerialization {
return s
}
+// Container for the owner's display name and ID.
type Owner struct {
_ struct{} `type:"structure"`
+ // Container for the display name of the owner.
DisplayName *string `type:"string"`
+ // Container for the ID of the owner.
ID *string `type:"string"`
}
@@ -18374,6 +23373,7 @@ func (s *Owner) SetID(v string) *Owner {
return s
}
+// Container for Parquet.
type ParquetInput struct {
_ struct{} `type:"structure"`
}
@@ -18388,6 +23388,7 @@ func (s ParquetInput) GoString() string {
return s.String()
}
+// Container for elements related to a part.
type Part struct {
_ struct{} `type:"structure"`
@@ -18464,6 +23465,7 @@ func (s *PolicyStatus) SetIsPublic(v bool) *PolicyStatus {
return s
}
+// This data type contains information about progress of an operation.
type Progress struct {
_ struct{} `type:"structure"`
@@ -18505,6 +23507,7 @@ func (s *Progress) SetBytesScanned(v int64) *Progress {
return s
}
+// This data type contains information about the progress event of an operation.
type ProgressEvent struct {
_ struct{} `locationName:"ProgressEvent" type:"structure" payload:"Details"`
@@ -18545,7 +23548,21 @@ func (s *ProgressEvent) UnmarshalEvent(
return nil
}
-// Specifies the Block Public Access configuration for an Amazon S3 bucket.
+func (s *ProgressEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+ msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+ var buf bytes.Buffer
+ if err = pm.MarshalPayload(&buf, s); err != nil {
+ return eventstream.Message{}, err
+ }
+ msg.Payload = buf.Bytes()
+ return msg, err
+}
+
+// The PublicAccessBlock configuration that you want to apply to this Amazon
+// S3 bucket. You can enable the configuration options in any combination. For
+// more information about when Amazon S3 considers a bucket or object public,
+// see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status)
+// in the Amazon Simple Storage Service Developer Guide.
type PublicAccessBlockConfiguration struct {
_ struct{} `type:"structure"`
@@ -18558,6 +23575,8 @@ type PublicAccessBlockConfiguration struct {
//
// * PUT Object calls fail if the request includes a public ACL.
//
+ // * PUT Bucket calls fail if the request includes a public ACL.
+ //
// Enabling this setting doesn't affect existing policies or ACLs.
BlockPublicAcls *bool `locationName:"BlockPublicAcls" type:"boolean"`
@@ -18624,7 +23643,7 @@ func (s *PublicAccessBlockConfiguration) SetRestrictPublicBuckets(v bool) *Publi
type PutBucketAccelerateConfigurationInput struct {
_ struct{} `locationName:"PutBucketAccelerateConfigurationRequest" type:"structure" payload:"AccelerateConfiguration"`
- // Specifies the Accelerate Configuration you want to set for the bucket.
+ // Container for setting the transfer acceleration state.
//
// AccelerateConfiguration is a required field
AccelerateConfiguration *AccelerateConfiguration `locationName:"AccelerateConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
@@ -18683,6 +23702,20 @@ func (s *PutBucketAccelerateConfigurationInput) getBucket() (v string) {
return *s.Bucket
}
+func (s *PutBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketAccelerateConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketAccelerateConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -18706,6 +23739,8 @@ type PutBucketAclInput struct {
// Contains the elements that set the ACL permissions for an object per grantee.
AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+ // The bucket to which to apply the ACL.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -18812,6 +23847,20 @@ func (s *PutBucketAclInput) SetGrantWriteACP(v string) *PutBucketAclInput {
return s
}
+func (s *PutBucketAclInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketAclInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketAclOutput struct {
_ struct{} `type:"structure"`
}
@@ -18907,6 +23956,20 @@ func (s *PutBucketAnalyticsConfigurationInput) SetId(v string) *PutBucketAnalyti
return s
}
+func (s *PutBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketAnalyticsConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketAnalyticsConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -18924,6 +23987,8 @@ func (s PutBucketAnalyticsConfigurationOutput) GoString() string {
type PutBucketCorsInput struct {
_ struct{} `locationName:"PutBucketCorsRequest" type:"structure" payload:"CORSConfiguration"`
+ // Specifies the bucket impacted by the corsconfiguration.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -18989,6 +24054,20 @@ func (s *PutBucketCorsInput) SetCORSConfiguration(v *CORSConfiguration) *PutBuck
return s
}
+func (s *PutBucketCorsInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketCorsInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketCorsOutput struct {
_ struct{} `type:"structure"`
}
@@ -19007,9 +24086,9 @@ type PutBucketEncryptionInput struct {
_ struct{} `locationName:"PutBucketEncryptionRequest" type:"structure" payload:"ServerSideEncryptionConfiguration"`
// Specifies default encryption for a bucket using server-side encryption with
- // Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). For information
- // about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket
- // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
+ // Amazon S3-managed keys (SSE-S3) or customer master keys stored in AWS KMS
+ // (SSE-KMS). For information about the Amazon S3 default encryption feature,
+ // see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
// in the Amazon Simple Storage Service Developer Guide.
//
// Bucket is a required field
@@ -19074,6 +24153,20 @@ func (s *PutBucketEncryptionInput) SetServerSideEncryptionConfiguration(v *Serve
return s
}
+func (s *PutBucketEncryptionInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketEncryptionInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketEncryptionOutput struct {
_ struct{} `type:"structure"`
}
@@ -19169,6 +24262,20 @@ func (s *PutBucketInventoryConfigurationInput) SetInventoryConfiguration(v *Inve
return s
}
+func (s *PutBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketInventoryConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketInventoryConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -19186,12 +24293,12 @@ func (s PutBucketInventoryConfigurationOutput) GoString() string {
type PutBucketLifecycleConfigurationInput struct {
_ struct{} `locationName:"PutBucketLifecycleConfigurationRequest" type:"structure" payload:"LifecycleConfiguration"`
+ // The name of the bucket for which to set the configuration.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
- // Specifies the lifecycle configuration for objects in an Amazon S3 bucket.
- // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
- // in the Amazon Simple Storage Service Developer Guide.
+ // Container for lifecycle rules. You can add as many as 1,000 rules.
LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
}
@@ -19245,6 +24352,20 @@ func (s *PutBucketLifecycleConfigurationInput) SetLifecycleConfiguration(v *Buck
return s
}
+func (s *PutBucketLifecycleConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketLifecycleConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketLifecycleConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -19265,6 +24386,7 @@ type PutBucketLifecycleInput struct {
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Container for lifecycle rules. You can add as many as 1000 rules.
LifecycleConfiguration *LifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
}
@@ -19318,6 +24440,20 @@ func (s *PutBucketLifecycleInput) SetLifecycleConfiguration(v *LifecycleConfigur
return s
}
+func (s *PutBucketLifecycleInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketLifecycleInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketLifecycleOutput struct {
_ struct{} `type:"structure"`
}
@@ -19335,9 +24471,13 @@ func (s PutBucketLifecycleOutput) GoString() string {
type PutBucketLoggingInput struct {
_ struct{} `locationName:"PutBucketLoggingRequest" type:"structure" payload:"BucketLoggingStatus"`
+ // The name of the bucket for which to set the logging parameters.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Container for logging status information.
+ //
// BucketLoggingStatus is a required field
BucketLoggingStatus *BucketLoggingStatus `locationName:"BucketLoggingStatus" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
}
@@ -19395,6 +24535,20 @@ func (s *PutBucketLoggingInput) SetBucketLoggingStatus(v *BucketLoggingStatus) *
return s
}
+func (s *PutBucketLoggingInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketLoggingInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketLoggingOutput struct {
_ struct{} `type:"structure"`
}
@@ -19490,6 +24644,20 @@ func (s *PutBucketMetricsConfigurationInput) SetMetricsConfiguration(v *MetricsC
return s
}
+func (s *PutBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketMetricsConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketMetricsConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -19507,6 +24675,8 @@ func (s PutBucketMetricsConfigurationOutput) GoString() string {
type PutBucketNotificationConfigurationInput struct {
_ struct{} `locationName:"PutBucketNotificationConfigurationRequest" type:"structure" payload:"NotificationConfiguration"`
+ // The name of the bucket.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -19570,6 +24740,20 @@ func (s *PutBucketNotificationConfigurationInput) SetNotificationConfiguration(v
return s
}
+func (s *PutBucketNotificationConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketNotificationConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketNotificationConfigurationOutput struct {
_ struct{} `type:"structure"`
}
@@ -19587,9 +24771,13 @@ func (s PutBucketNotificationConfigurationOutput) GoString() string {
type PutBucketNotificationInput struct {
_ struct{} `locationName:"PutBucketNotificationRequest" type:"structure" payload:"NotificationConfiguration"`
+ // The name of the bucket.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // The container for the configuration.
+ //
// NotificationConfiguration is a required field
NotificationConfiguration *NotificationConfigurationDeprecated `locationName:"NotificationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
}
@@ -19642,6 +24830,20 @@ func (s *PutBucketNotificationInput) SetNotificationConfiguration(v *Notificatio
return s
}
+func (s *PutBucketNotificationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketNotificationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketNotificationOutput struct {
_ struct{} `type:"structure"`
}
@@ -19659,6 +24861,8 @@ func (s PutBucketNotificationOutput) GoString() string {
type PutBucketPolicyInput struct {
_ struct{} `locationName:"PutBucketPolicyRequest" type:"structure" payload:"Policy"`
+ // The name of the bucket.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -19726,6 +24930,20 @@ func (s *PutBucketPolicyInput) SetPolicy(v string) *PutBucketPolicyInput {
return s
}
+func (s *PutBucketPolicyInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketPolicyInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketPolicyOutput struct {
_ struct{} `type:"structure"`
}
@@ -19743,6 +24961,8 @@ func (s PutBucketPolicyOutput) GoString() string {
type PutBucketReplicationInput struct {
_ struct{} `locationName:"PutBucketReplicationRequest" type:"structure" payload:"ReplicationConfiguration"`
+ // The name of the bucket
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -19752,7 +24972,6 @@ type PutBucketReplicationInput struct {
// ReplicationConfiguration is a required field
ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
- // A token that allows Amazon S3 object lock to be enabled for an existing bucket.
Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
}
@@ -19815,6 +25034,20 @@ func (s *PutBucketReplicationInput) SetToken(v string) *PutBucketReplicationInpu
return s
}
+func (s *PutBucketReplicationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketReplicationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketReplicationOutput struct {
_ struct{} `type:"structure"`
}
@@ -19832,9 +25065,13 @@ func (s PutBucketReplicationOutput) GoString() string {
type PutBucketRequestPaymentInput struct {
_ struct{} `locationName:"PutBucketRequestPaymentRequest" type:"structure" payload:"RequestPaymentConfiguration"`
+ // The bucket name.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Container for Payer.
+ //
// RequestPaymentConfiguration is a required field
RequestPaymentConfiguration *RequestPaymentConfiguration `locationName:"RequestPaymentConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
}
@@ -19892,6 +25129,20 @@ func (s *PutBucketRequestPaymentInput) SetRequestPaymentConfiguration(v *Request
return s
}
+func (s *PutBucketRequestPaymentInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketRequestPaymentInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketRequestPaymentOutput struct {
_ struct{} `type:"structure"`
}
@@ -19909,9 +25160,13 @@ func (s PutBucketRequestPaymentOutput) GoString() string {
type PutBucketTaggingInput struct {
_ struct{} `locationName:"PutBucketTaggingRequest" type:"structure" payload:"Tagging"`
+ // The bucket name.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Container for the TagSet and Tag elements.
+ //
// Tagging is a required field
Tagging *Tagging `locationName:"Tagging" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
}
@@ -19969,6 +25224,20 @@ func (s *PutBucketTaggingInput) SetTagging(v *Tagging) *PutBucketTaggingInput {
return s
}
+func (s *PutBucketTaggingInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketTaggingInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketTaggingOutput struct {
_ struct{} `type:"structure"`
}
@@ -19986,6 +25255,8 @@ func (s PutBucketTaggingOutput) GoString() string {
type PutBucketVersioningInput struct {
_ struct{} `locationName:"PutBucketVersioningRequest" type:"structure" payload:"VersioningConfiguration"`
+ // The bucket name.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -19993,9 +25264,7 @@ type PutBucketVersioningInput struct {
// and the value that is displayed on your authentication device.
MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
- // Describes the versioning state of an Amazon S3 bucket. For more information,
- // see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
- // in the Amazon Simple Storage Service API Reference.
+ // Container for setting the versioning state.
//
// VersioningConfiguration is a required field
VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
@@ -20055,6 +25324,20 @@ func (s *PutBucketVersioningInput) SetVersioningConfiguration(v *VersioningConfi
return s
}
+func (s *PutBucketVersioningInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketVersioningInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketVersioningOutput struct {
_ struct{} `type:"structure"`
}
@@ -20072,10 +25355,12 @@ func (s PutBucketVersioningOutput) GoString() string {
type PutBucketWebsiteInput struct {
_ struct{} `locationName:"PutBucketWebsiteRequest" type:"structure" payload:"WebsiteConfiguration"`
+ // The bucket name.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
- // Specifies website configuration parameters for an Amazon S3 bucket.
+ // Container for the request.
//
// WebsiteConfiguration is a required field
WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
@@ -20134,6 +25419,20 @@ func (s *PutBucketWebsiteInput) SetWebsiteConfiguration(v *WebsiteConfiguration)
return s
}
+func (s *PutBucketWebsiteInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutBucketWebsiteInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutBucketWebsiteOutput struct {
_ struct{} `type:"structure"`
}
@@ -20151,12 +25450,23 @@ func (s PutBucketWebsiteOutput) GoString() string {
type PutObjectAclInput struct {
_ struct{} `locationName:"PutObjectAclRequest" type:"structure" payload:"AccessControlPolicy"`
- // The canned ACL to apply to the object.
+ // The canned ACL to apply to the object. For more information, see Canned ACL
+ // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
// Contains the elements that set the ACL permissions for an object per grantee.
AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+ // The bucket name that contains the object to which you want to attach the
+ // ACL.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -20176,13 +25486,16 @@ type PutObjectAclInput struct {
// Allows grantee to write the ACL for the applicable bucket.
GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
+ // Key for which the PUT operation was initiated.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// VersionId used to reference a specific version of the object.
@@ -20299,6 +25612,20 @@ func (s *PutObjectAclInput) SetVersionId(v string) *PutObjectAclInput {
return s
}
+func (s *PutObjectAclInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectAclInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutObjectAclOutput struct {
_ struct{} `type:"structure"`
@@ -20326,44 +25653,62 @@ func (s *PutObjectAclOutput) SetRequestCharged(v string) *PutObjectAclOutput {
type PutObjectInput struct {
_ struct{} `locationName:"PutObjectRequest" type:"structure" payload:"Body"`
- // The canned ACL to apply to the object.
+ // The canned ACL to apply to the object. For more information, see Canned ACL
+ // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
// Object data.
Body io.ReadSeeker `type:"blob"`
- // Name of the bucket to which the PUT operation was initiated.
+ // Bucket name to which the PUT operation was initiated.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
- // Specifies caching behavior along the request/reply chain.
+ // Can be used to specify caching behavior along the request/reply chain. For
+ // more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
+ // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9).
CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"`
- // Specifies presentational information for the object.
+ // Specifies presentational information for the object. For more information,
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1).
ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"`
// Specifies what content encodings have been applied to the object and thus
// what decoding mechanisms must be applied to obtain the media-type referenced
- // by the Content-Type header field.
+ // by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
+ // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11).
ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"`
// The language the content is in.
ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"`
// Size of the body in bytes. This parameter is useful when the size of the
- // body cannot be determined automatically.
+ // body cannot be determined automatically. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
+ // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13).
ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
- // The base64-encoded 128-bit MD5 digest of the part data. This parameter is
- // auto-populated when using the command from the CLI. This parameted is required
- // if object lock parameters are specified.
+ // The base64-encoded 128-bit MD5 digest of the message (without the headers)
+ // according to RFC 1864. This header can be used as a message integrity check
+ // to verify that the data is the same data that was originally sent. Although
+ // it is optional, we recommend using the Content-MD5 mechanism as an end-to-end
+ // integrity check. For more information about REST request authentication,
+ // see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html).
ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
- // A standard MIME type describing the format of the object data.
+ // A standard MIME type describing the format of the contents. For more information,
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17).
ContentType *string `location:"header" locationName:"Content-Type" type:"string"`
- // The date and time at which the object is no longer cacheable.
+ // The date and time at which the object is no longer cacheable. For more information,
+ // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21).
Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"`
// Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object.
@@ -20386,34 +25731,37 @@ type PutObjectInput struct {
// A map of metadata to store with the object in S3.
Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
- // The Legal Hold status that you want to apply to the specified object.
+ // Specifies whether a legal hold will be applied to this object. For more information
+ // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
- // The object lock mode that you want to apply to this object.
+ // The Object Lock mode that you want to apply to this object.
ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
- // The date and time when you want this object's object lock to expire.
+ // The date and time when you want this object's Object Lock to expire.
ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
- // Specifies the algorithm to use to when encrypting the object (e.g., AES256).
+ // Specifies the algorithm to use to when encrypting the object (for example,
+ // AES256).
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
// data. This value is used to store the object and then it is discarded; Amazon
- // does not store the encryption key. The key must be appropriate for use with
- // the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+ // S3 does not store the encryption key. The key must be appropriate for use
+ // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
// header.
SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// Specifies the AWS KMS Encryption Context to use for object encryption. The
@@ -20421,17 +25769,24 @@ type PutObjectInput struct {
// encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
- // requests for an object protected by AWS KMS will fail if not made via SSL
- // or using SigV4. Documentation on configuring any of the officially supported
- // AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
+ // If x-amz-server-side-encryption is present and has the value of aws:kms,
+ // this header specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetrical customer managed customer master key (CMK) that was used for
+ // the object.
+ //
+ // If the value of x-amz-server-side-encryption is aws:kms, this header specifies
+ // the ID of the symmetric customer managed AWS KMS CMK that will be used for
+ // the object. If you specify x-amz-server-side-encryption:aws:kms, but do not
+ // providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the AWS
+ // managed CMK in AWS to protect the data.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // The server-side encryption algorithm used when storing this object in Amazon
+ // S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
- // The type of storage to use for the object. Defaults to 'STANDARD'.
+ // If you don't specify, S3 Standard is the default storage class. Amazon S3
+ // supports other storage classes.
StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"`
// The tag-set for the object. The tag-set must be encoded as URL Query parameters.
@@ -20440,7 +25795,22 @@ type PutObjectInput struct {
// If the bucket is configured as a website, redirects requests for this object
// to another object in the same bucket or to an external URL. Amazon S3 stores
- // the value of this header in the object metadata.
+ // the value of this header in the object metadata. For information about object
+ // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html).
+ //
+ // In the following example, the request header sets the redirect to an object
+ // (anotherPage.html) in the same bucket:
+ //
+ // x-amz-website-redirect-location: /anotherPage.html
+ //
+ // In the following example, the request header sets the object redirect to
+ // another website:
+ //
+ // x-amz-website-redirect-location: http://www.example.com/
+ //
+ // For more information about website hosting in Amazon S3, see Hosting Websites
+ // on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)
+ // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).
WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"`
}
@@ -20670,10 +26040,32 @@ func (s *PutObjectInput) SetWebsiteRedirectLocation(v string) *PutObjectInput {
return s
}
+func (s *PutObjectInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutObjectLegalHoldInput struct {
_ struct{} `locationName:"PutObjectLegalHoldRequest" type:"structure" payload:"LegalHold"`
- // The bucket containing the object that you want to place a Legal Hold on.
+ // The bucket name containing the object that you want to place a Legal Hold
+ // on.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -20687,10 +26079,11 @@ type PutObjectLegalHoldInput struct {
// specified object.
LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// The version ID of the object that you want to place a Legal Hold on.
@@ -20766,6 +26159,20 @@ func (s *PutObjectLegalHoldInput) SetVersionId(v string) *PutObjectLegalHoldInpu
return s
}
+func (s *PutObjectLegalHoldInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectLegalHoldInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutObjectLegalHoldOutput struct {
_ struct{} `type:"structure"`
@@ -20793,21 +26200,22 @@ func (s *PutObjectLegalHoldOutput) SetRequestCharged(v string) *PutObjectLegalHo
type PutObjectLockConfigurationInput struct {
_ struct{} `locationName:"PutObjectLockConfigurationRequest" type:"structure" payload:"ObjectLockConfiguration"`
- // The bucket whose object lock configuration you want to create or replace.
+ // The bucket whose Object Lock configuration you want to create or replace.
//
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
- // The object lock configuration that you want to apply to the specified bucket.
+ // The Object Lock configuration that you want to apply to the specified bucket.
ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
- // A token to allow Amazon S3 object lock to be enabled for an existing bucket.
+ // A token to allow Object Lock to be enabled for an existing bucket.
Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
}
@@ -20868,6 +26276,20 @@ func (s *PutObjectLockConfigurationInput) SetToken(v string) *PutObjectLockConfi
return s
}
+func (s *PutObjectLockConfigurationInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectLockConfigurationInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutObjectLockConfigurationOutput struct {
_ struct{} `type:"structure"`
@@ -20898,8 +26320,10 @@ type PutObjectOutput struct {
// Entity tag for the uploaded object.
ETag *string `location:"header" locationName:"ETag" type:"string"`
- // If the object expiration is configured, this will contain the expiration
- // date (expiry-date) and rule ID (rule-id). The value of rule-id is URL encoded.
+ // If the expiration is configured for the object (see PutBucketLifecycleConfiguration),
+ // the response includes this header. It includes the expiry-date and rule-id
+ // key-value pairs that provide information about object expiration. The value
+ // of the rule-id is URL encoded.
Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"`
// If present, indicates that the requester was successfully charged for the
@@ -20912,7 +26336,7 @@ type PutObjectOutput struct {
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// If server-side encryption with a customer-provided encryption key was requested,
- // the response will include this header to provide round trip message integrity
+ // the response will include this header to provide round-trip message integrity
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
@@ -20921,12 +26345,16 @@ type PutObjectOutput struct {
// the encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
- // If present, specifies the ID of the AWS Key Management Service (KMS) master
- // encryption key that was used for the object.
+ // If x-amz-server-side-encryption is present and has the value of aws:kms,
+ // this header specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetric customer managed customer master key (CMK) that was used for the
+ // object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // If you specified server-side encryption either with an AWS KMS customer master
+ // key (CMK) or Amazon S3-managed encryption key in your PUT request, the response
+ // includes this header. It confirms the encryption algorithm that Amazon S3
+ // used to encrypt the object.
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
// Version of the object.
@@ -21000,13 +26428,20 @@ func (s *PutObjectOutput) SetVersionId(v string) *PutObjectOutput {
type PutObjectRetentionInput struct {
_ struct{} `locationName:"PutObjectRetentionRequest" type:"structure" payload:"Retention"`
- // The bucket that contains the object you want to apply this Object Retention
+ // The bucket name that contains the object you want to apply this Object Retention
// configuration to.
//
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
- // Indicates whether this operation should bypass Governance-mode restrictions.j
+ // Indicates whether this operation should bypass Governance-mode restrictions.
BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
// The key name for the object that you want to apply this Object Retention
@@ -21015,10 +26450,11 @@ type PutObjectRetentionInput struct {
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// The container element for the Object Retention configuration.
@@ -21104,6 +26540,20 @@ func (s *PutObjectRetentionInput) SetVersionId(v string) *PutObjectRetentionInpu
return s
}
+func (s *PutObjectRetentionInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectRetentionInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutObjectRetentionOutput struct {
_ struct{} `type:"structure"`
@@ -21131,15 +26581,29 @@ func (s *PutObjectRetentionOutput) SetRequestCharged(v string) *PutObjectRetenti
type PutObjectTaggingInput struct {
_ struct{} `locationName:"PutObjectTaggingRequest" type:"structure" payload:"Tagging"`
+ // The bucket name containing the object.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Name of the tag.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
+ // Container for the TagSet and Tag elements
+ //
// Tagging is a required field
Tagging *Tagging `locationName:"Tagging" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+ // The versionId of the object that the tag-set will be added to.
VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
}
@@ -21214,9 +26678,24 @@ func (s *PutObjectTaggingInput) SetVersionId(v string) *PutObjectTaggingInput {
return s
}
+func (s *PutObjectTaggingInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutObjectTaggingInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutObjectTaggingOutput struct {
_ struct{} `type:"structure"`
+ // The versionId of the object the tag-set was added to.
VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"`
}
@@ -21303,6 +26782,20 @@ func (s *PutPublicAccessBlockInput) SetPublicAccessBlockConfiguration(v *PublicA
return s
}
+func (s *PutPublicAccessBlockInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *PutPublicAccessBlockInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type PutPublicAccessBlockOutput struct {
_ struct{} `type:"structure"`
}
@@ -21322,6 +26815,8 @@ func (s PutPublicAccessBlockOutput) GoString() string {
type QueueConfiguration struct {
_ struct{} `type:"structure"`
+ // A collection of bucket events for which to send notifications
+ //
// Events is a required field
Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"`
@@ -21391,6 +26886,10 @@ func (s *QueueConfiguration) SetQueueArn(v string) *QueueConfiguration {
return s
}
+// This data type is deprecated. Use QueueConfiguration for the same purposes.
+// This data type specifies the configuration for publishing messages to an
+// Amazon Simple Queue Service (Amazon SQS) queue when Amazon S3 detects specified
+// events.
type QueueConfigurationDeprecated struct {
_ struct{} `type:"structure"`
@@ -21399,12 +26898,15 @@ type QueueConfigurationDeprecated struct {
// Deprecated: Event has been deprecated
Event *string `deprecated:"true" type:"string" enum:"Event"`
+ // A collection of bucket events for which to send notifications
Events []*string `locationName:"Event" type:"list" flattened:"true"`
// An optional unique identifier for configurations in a notification configuration.
// If you don't provide one, Amazon S3 will assign an ID.
Id *string `type:"string"`
+ // The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3
+ // publishes a message when it detects events of the specified type.
Queue *string `type:"string"`
}
@@ -21442,6 +26944,7 @@ func (s *QueueConfigurationDeprecated) SetQueue(v string) *QueueConfigurationDep
return s
}
+// The container for the records event.
type RecordsEvent struct {
_ struct{} `locationName:"RecordsEvent" type:"structure" payload:"Payload"`
@@ -21481,6 +26984,13 @@ func (s *RecordsEvent) UnmarshalEvent(
return nil
}
+func (s *RecordsEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+ msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+ msg.Headers.Set(":content-type", eventstream.StringValue("application/octet-stream"))
+ msg.Payload = s.Payload
+ return msg, err
+}
+
// Specifies how requests are redirected. In the event of an error, you can
// specify a different error code to return.
type Redirect struct {
@@ -21608,7 +27118,7 @@ type ReplicationConfiguration struct {
// The Amazon Resource Name (ARN) of the AWS Identity and Access Management
// (IAM) role that Amazon S3 assumes when replicating objects. For more information,
- // see How to Set Up Cross-Region Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-how-setup.html)
+ // see How to Set Up Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html)
// in the Amazon Simple Storage Service Developer Guide.
//
// Role is a required field
@@ -21673,14 +27183,30 @@ func (s *ReplicationConfiguration) SetRules(v []*ReplicationRule) *ReplicationCo
type ReplicationRule struct {
_ struct{} `type:"structure"`
- // Specifies whether Amazon S3 should replicate delete makers.
+ // Specifies whether Amazon S3 replicates the delete markers. If you specify
+ // a Filter, you must specify this element. However, in the latest version of
+ // replication configuration (when Filter is specified), Amazon S3 doesn't replicate
+ // delete markers. Therefore, the DeleteMarkerReplication element can contain
+ // only Disabled. For an example configuration, see Basic Rule
+ // Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config).
+ //
+ // If you don't specify the Filter element, Amazon S3 assumes that the replication
+ // configuration is the earlier version, V1. In the earlier version, Amazon
+ // S3 handled replication of delete markers differently. For more information,
+ // see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations).
DeleteMarkerReplication *DeleteMarkerReplication `type:"structure"`
- // A container for information about the replication destination.
+ // A container for information about the replication destination and its configurations
+ // including enabling the S3 Replication Time Control (S3 RTC).
//
// Destination is a required field
Destination *Destination `type:"structure" required:"true"`
+ // Optional configuration to replicate existing source bucket objects. For more
+ // information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication)
+ // in the Amazon S3 Developer Guide.
+ ExistingObjectReplication *ExistingObjectReplication `type:"structure"`
+
// A filter that identifies the subset of objects to which the replication rule
// applies. A Filter must specify exactly one Prefix, Tag, or an And child element.
Filter *ReplicationRuleFilter `type:"structure"`
@@ -21688,9 +27214,9 @@ type ReplicationRule struct {
// A unique identifier for the rule. The maximum value is 255 characters.
ID *string `type:"string"`
- // An object keyname prefix that identifies the object or objects to which the
- // rule applies. The maximum prefix length is 1,024 characters. To include all
- // objects in a bucket, specify an empty string.
+ // An object key name prefix that identifies the object or objects to which
+ // the rule applies. The maximum prefix length is 1,024 characters. To include
+ // all objects in a bucket, specify an empty string.
//
// Deprecated: Prefix has been deprecated
Prefix *string `deprecated:"true" type:"string"`
@@ -21700,21 +27226,21 @@ type ReplicationRule struct {
// when filtering. If two or more rules identify the same object based on a
// specified filter, the rule with higher priority takes precedence. For example:
//
- // * Same object quality prefix based filter criteria If prefixes you specified
+ // * Same object quality prefix-based filter criteria if prefixes you specified
// in multiple rules overlap
//
- // * Same object qualify tag based filter criteria specified in multiple
+ // * Same object qualify tag-based filter criteria specified in multiple
// rules
//
- // For more information, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
- // in the Amazon S3 Developer Guide.
+ // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+ // in the Amazon Simple Storage Service Developer Guide.
Priority *int64 `type:"integer"`
// A container that describes additional filters for identifying the source
// objects that you want to replicate. You can choose to enable or disable the
// replication of these objects. Currently, Amazon S3 supports only the filter
// that you can specify for objects created with server-side encryption using
- // an AWS KMS-Managed Key (SSE-KMS).
+ // a customer master key (CMK) stored in AWS Key Management Service (SSE-KMS).
SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"`
// Specifies whether the rule is enabled.
@@ -21747,6 +27273,11 @@ func (s *ReplicationRule) Validate() error {
invalidParams.AddNested("Destination", err.(request.ErrInvalidParams))
}
}
+ if s.ExistingObjectReplication != nil {
+ if err := s.ExistingObjectReplication.Validate(); err != nil {
+ invalidParams.AddNested("ExistingObjectReplication", err.(request.ErrInvalidParams))
+ }
+ }
if s.Filter != nil {
if err := s.Filter.Validate(); err != nil {
invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
@@ -21776,6 +27307,12 @@ func (s *ReplicationRule) SetDestination(v *Destination) *ReplicationRule {
return s
}
+// SetExistingObjectReplication sets the ExistingObjectReplication field's value.
+func (s *ReplicationRule) SetExistingObjectReplication(v *ExistingObjectReplication) *ReplicationRule {
+ s.ExistingObjectReplication = v
+ return s
+}
+
// SetFilter sets the Filter field's value.
func (s *ReplicationRule) SetFilter(v *ReplicationRuleFilter) *ReplicationRule {
s.Filter = v
@@ -21812,11 +27349,25 @@ func (s *ReplicationRule) SetStatus(v string) *ReplicationRule {
return s
}
+// A container for specifying rule filters. The filters determine the subset
+// of objects to which the rule applies. This element is required only if you
+// specify more than one filter.
+//
+// For example:
+//
+// * If you specify both a Prefix and a Tag filter, wrap these filters in
+// an And tag.
+//
+// * If you specify a filter based on multiple tags, wrap the Tag elements
+// in an And tag
type ReplicationRuleAndOperator struct {
_ struct{} `type:"structure"`
+ // An object key name prefix that identifies the subset of objects to which
+ // the rule applies.
Prefix *string `type:"string"`
+ // An array of tags containing key and value pairs.
Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"`
}
@@ -21878,8 +27429,8 @@ type ReplicationRuleFilter struct {
// in an And tag.
And *ReplicationRuleAndOperator `type:"structure"`
- // An object keyname prefix that identifies the subset of objects to which the
- // rule applies.
+ // An object key name prefix that identifies the subset of objects to which
+ // the rule applies.
Prefix *string `type:"string"`
// A container for specifying a tag key and value.
@@ -21936,6 +27487,91 @@ func (s *ReplicationRuleFilter) SetTag(v *Tag) *ReplicationRuleFilter {
return s
}
+// A container specifying S3 Replication Time Control (S3 RTC) related information,
+// including whether S3 RTC is enabled and the time when all objects and operations
+// on objects must be replicated. Must be specified together with a Metrics
+// block.
+type ReplicationTime struct {
+ _ struct{} `type:"structure"`
+
+ // Specifies whether the replication time is enabled.
+ //
+ // Status is a required field
+ Status *string `type:"string" required:"true" enum:"ReplicationTimeStatus"`
+
+ // A container specifying the time by which replication should be complete for
+ // all objects and operations on objects.
+ //
+ // Time is a required field
+ Time *ReplicationTimeValue `type:"structure" required:"true"`
+}
+
+// String returns the string representation
+func (s ReplicationTime) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ReplicationTime) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ReplicationTime) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ReplicationTime"}
+ if s.Status == nil {
+ invalidParams.Add(request.NewErrParamRequired("Status"))
+ }
+ if s.Time == nil {
+ invalidParams.Add(request.NewErrParamRequired("Time"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetStatus sets the Status field's value.
+func (s *ReplicationTime) SetStatus(v string) *ReplicationTime {
+ s.Status = &v
+ return s
+}
+
+// SetTime sets the Time field's value.
+func (s *ReplicationTime) SetTime(v *ReplicationTimeValue) *ReplicationTime {
+ s.Time = v
+ return s
+}
+
+// A container specifying the time value for S3 Replication Time Control (S3
+// RTC) and replication metrics EventThreshold.
+type ReplicationTimeValue struct {
+ _ struct{} `type:"structure"`
+
+ // Contains an integer specifying time in minutes.
+ //
+ // Valid values: 15 minutes.
+ Minutes *int64 `type:"integer"`
+}
+
+// String returns the string representation
+func (s ReplicationTimeValue) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s ReplicationTimeValue) GoString() string {
+ return s.String()
+}
+
+// SetMinutes sets the Minutes field's value.
+func (s *ReplicationTimeValue) SetMinutes(v int64) *ReplicationTimeValue {
+ s.Minutes = &v
+ return s
+}
+
+// Container for Payer.
type RequestPaymentConfiguration struct {
_ struct{} `type:"structure"`
@@ -21974,6 +27610,7 @@ func (s *RequestPaymentConfiguration) SetPayer(v string) *RequestPaymentConfigur
return s
}
+// Container for specifying if periodic QueryProgress messages should be sent.
type RequestProgress struct {
_ struct{} `type:"structure"`
@@ -22001,21 +27638,34 @@ func (s *RequestProgress) SetEnabled(v bool) *RequestProgress {
type RestoreObjectInput struct {
_ struct{} `locationName:"RestoreObjectRequest" type:"structure" payload:"RestoreRequest"`
+ // The bucket name or containing the object to restore.
+ //
+ // When using this API with an access point, you must direct requests to the
+ // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
+ // When using this operation using an access point through the AWS SDKs, you
+ // provide the access point ARN in place of the bucket name. For more information
+ // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html)
+ // in the Amazon Simple Storage Service Developer Guide.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
+ // Object key for which the operation was initiated.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
// Container for restore job parameters.
RestoreRequest *RestoreRequest `locationName:"RestoreRequest" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
+ // VersionId used to reference a specific version of the object.
VersionId *string `location:"querystring" locationName:"versionId" type:"string"`
}
@@ -22093,6 +27743,20 @@ func (s *RestoreObjectInput) SetVersionId(v string) *RestoreObjectInput {
return s
}
+func (s *RestoreObjectInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *RestoreObjectInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type RestoreObjectOutput struct {
_ struct{} `type:"structure"`
@@ -22138,7 +27802,7 @@ type RestoreRequest struct {
// The optional description for the job.
Description *string `type:"string"`
- // Glacier related parameters pertaining to this job. Do not use with restores
+ // S3 Glacier related parameters pertaining to this job. Do not use with restores
// that specify OutputLocation.
GlacierJobParameters *GlacierJobParameters `type:"structure"`
@@ -22148,7 +27812,7 @@ type RestoreRequest struct {
// Describes the parameters for Select job types.
SelectParameters *SelectParameters `type:"structure"`
- // Glacier retrieval tier at which the restore will be processed.
+ // S3 Glacier retrieval tier at which the restore will be processed.
Tier *string `type:"string" enum:"Tier"`
// Type of restore request.
@@ -22286,8 +27950,9 @@ func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule {
}
// Specifies lifecycle rules for an Amazon S3 bucket. For more information,
-// see PUT Bucket lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html)
-// in the Amazon Simple Storage Service API Reference.
+// see Put Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html)
+// in the Amazon Simple Storage Service API Reference. For examples, see Put
+// Bucket Lifecycle Configuration Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html#API_PutBucketLifecycleConfiguration_Examples)
type Rule struct {
_ struct{} `type:"structure"`
@@ -22298,6 +27963,7 @@ type Rule struct {
// in the Amazon Simple Storage Service Developer Guide.
AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"`
+ // Specifies the expiration for the lifecycle of the object.
Expiration *LifecycleExpiration `type:"structure"`
// Unique identifier for the rule. The value can't be longer than 255 characters.
@@ -22331,7 +27997,10 @@ type Rule struct {
// Status is a required field
Status *string `type:"string" required:"true" enum:"ExpirationStatus"`
- // Specifies when an object transitions to a specified storage class.
+ // Specifies when an object transitions to a specified storage class. For more
+ // information about Amazon S3 lifecycle configuration rules, see Transitioning
+ // Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
+ // in the Amazon Simple Storage Service Developer Guide.
Transition *Transition `type:"structure"`
}
@@ -22409,12 +28078,12 @@ func (s *Rule) SetTransition(v *Transition) *Rule {
return s
}
-// Specifies the use of SSE-KMS to encrypt delivered Inventory reports.
+// Specifies the use of SSE-KMS to encrypt delivered inventory reports.
type SSEKMS struct {
_ struct{} `locationName:"SSE-KMS" type:"structure"`
- // Specifies the ID of the AWS Key Management Service (KMS) master encryption
- // key to use for encrypting Inventory reports.
+ // Specifies the ID of the AWS Key Management Service (AWS KMS) symmetric customer
+ // managed customer master key (CMK) to use for encrypting inventory reports.
//
// KeyId is a required field
KeyId *string `type:"string" required:"true" sensitive:"true"`
@@ -22449,7 +28118,7 @@ func (s *SSEKMS) SetKeyId(v string) *SSEKMS {
return s
}
-// Specifies the use of SSE-S3 to encrypt delivered Inventory reports.
+// Specifies the use of SSE-S3 to encrypt delivered inventory reports.
type SSES3 struct {
_ struct{} `locationName:"SSE-S3" type:"structure"`
}
@@ -22464,75 +28133,51 @@ func (s SSES3) GoString() string {
return s.String()
}
-// SelectObjectContentEventStream provides handling of EventStreams for
-// the SelectObjectContent API.
-//
-// Use this type to receive SelectObjectContentEventStream events. The events
-// can be read from the Events channel member.
-//
-// The events that can be received are:
-//
-// * ContinuationEvent
-// * EndEvent
-// * ProgressEvent
-// * RecordsEvent
-// * StatsEvent
-type SelectObjectContentEventStream struct {
- // Reader is the EventStream reader for the SelectObjectContentEventStream
- // events. This value is automatically set by the SDK when the API call is made
- // Use this member when unit testing your code with the SDK to mock out the
- // EventStream Reader.
- //
- // Must not be nil.
- Reader SelectObjectContentEventStreamReader
+// Specifies the byte range of the object to get the records from. A record
+// is processed when its first byte is contained by the range. This parameter
+// is optional, but when specified, it must not be empty. See RFC 2616, Section
+// 14.35.1 about how to specify the start and end of the range.
+type ScanRange struct {
+ _ struct{} `type:"structure"`
- // StreamCloser is the io.Closer for the EventStream connection. For HTTP
- // EventStream this is the response Body. The stream will be closed when
- // the Close method of the EventStream is called.
- StreamCloser io.Closer
+ // Specifies the end of the byte range. This parameter is optional. Valid values:
+ // non-negative integers. The default value is one less than the size of the
+ // object being queried. If only the End parameter is supplied, it is interpreted
+ // to mean scan the last N bytes of the file. For example, 50
+ // means scan the last 50 bytes.
+ End *int64 `type:"long"`
+
+ // Specifies the start of the byte range. This parameter is optional. Valid
+ // values: non-negative integers. The default value is 0. If only start is supplied,
+ // it means scan from that point to the end of the file.For example; 50
+ // means scan from byte 50 until the end of the file.
+ Start *int64 `type:"long"`
}
-// Close closes the EventStream. This will also cause the Events channel to be
-// closed. You can use the closing of the Events channel to terminate your
-// application's read from the API's EventStream.
-//
-// Will close the underlying EventStream reader. For EventStream over HTTP
-// connection this will also close the HTTP connection.
-//
-// Close must be called when done using the EventStream API. Not calling Close
-// may result in resource leaks.
-func (es *SelectObjectContentEventStream) Close() (err error) {
- es.Reader.Close()
- return es.Err()
+// String returns the string representation
+func (s ScanRange) String() string {
+ return awsutil.Prettify(s)
}
-// Err returns any error that occurred while reading EventStream Events from
-// the service API's response. Returns nil if there were no errors.
-func (es *SelectObjectContentEventStream) Err() error {
- if err := es.Reader.Err(); err != nil {
- return err
- }
- es.StreamCloser.Close()
+// GoString returns the string representation
+func (s ScanRange) GoString() string {
+ return s.String()
+}
- return nil
+// SetEnd sets the End field's value.
+func (s *ScanRange) SetEnd(v int64) *ScanRange {
+ s.End = &v
+ return s
}
-// Events returns a channel to read EventStream Events from the
-// SelectObjectContent API.
-//
-// These events are:
-//
-// * ContinuationEvent
-// * EndEvent
-// * ProgressEvent
-// * RecordsEvent
-// * StatsEvent
-func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent {
- return es.Reader.Events()
+// SetStart sets the Start field's value.
+func (s *ScanRange) SetStart(v int64) *ScanRange {
+ s.Start = &v
+ return s
}
// SelectObjectContentEventStreamEvent groups together all EventStream
-// events read from the SelectObjectContent API.
+// events writes for SelectObjectContentEventStream.
//
// These events are:
//
@@ -22543,11 +28188,12 @@ func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEve
// * StatsEvent
type SelectObjectContentEventStreamEvent interface {
eventSelectObjectContentEventStream()
+ eventstreamapi.Marshaler
+ eventstreamapi.Unmarshaler
}
-// SelectObjectContentEventStreamReader provides the interface for reading EventStream
-// Events from the SelectObjectContent API. The
-// default implementation for this interface will be SelectObjectContentEventStream.
+// SelectObjectContentEventStreamReader provides the interface for reading to the stream. The
+// default implementation for this interface will be SelectObjectContentEventStreamData.
//
// The reader's Close method must allow multiple concurrent calls.
//
@@ -22562,8 +28208,7 @@ type SelectObjectContentEventStreamReader interface {
// Returns a channel of events as they are read from the event stream.
Events() <-chan SelectObjectContentEventStreamEvent
- // Close will close the underlying event stream reader. For event stream over
- // HTTP this will also close the HTTP connection.
+ // Close will stop the reader reading events from the stream.
Close() error
// Returns any error that has occurred while reading from the event stream.
@@ -22573,57 +28218,44 @@ type SelectObjectContentEventStreamReader interface {
type readSelectObjectContentEventStream struct {
eventReader *eventstreamapi.EventReader
stream chan SelectObjectContentEventStreamEvent
- errVal atomic.Value
+ err *eventstreamapi.OnceError
done chan struct{}
closeOnce sync.Once
}
-func newReadSelectObjectContentEventStream(
- reader io.ReadCloser,
- unmarshalers request.HandlerList,
- logger aws.Logger,
- logLevel aws.LogLevelType,
-) *readSelectObjectContentEventStream {
+func newReadSelectObjectContentEventStream(eventReader *eventstreamapi.EventReader) *readSelectObjectContentEventStream {
r := &readSelectObjectContentEventStream{
- stream: make(chan SelectObjectContentEventStreamEvent),
- done: make(chan struct{}),
+ eventReader: eventReader,
+ stream: make(chan SelectObjectContentEventStreamEvent),
+ done: make(chan struct{}),
+ err: eventstreamapi.NewOnceError(),
}
-
- r.eventReader = eventstreamapi.NewEventReader(
- reader,
- protocol.HandlerPayloadUnmarshal{
- Unmarshalers: unmarshalers,
- },
- r.unmarshalerForEventType,
- )
- r.eventReader.UseLogger(logger, logLevel)
+ go r.readEventStream()
return r
}
-// Close will close the underlying event stream reader. For EventStream over
-// HTTP this will also close the HTTP connection.
+// Close will close the underlying event stream reader.
func (r *readSelectObjectContentEventStream) Close() error {
r.closeOnce.Do(r.safeClose)
-
return r.Err()
}
+func (r *readSelectObjectContentEventStream) ErrorSet() <-chan struct{} {
+ return r.err.ErrorSet()
+}
+
+func (r *readSelectObjectContentEventStream) Closed() <-chan struct{} {
+ return r.done
+}
+
func (r *readSelectObjectContentEventStream) safeClose() {
close(r.done)
- err := r.eventReader.Close()
- if err != nil {
- r.errVal.Store(err)
- }
}
func (r *readSelectObjectContentEventStream) Err() error {
- if v := r.errVal.Load(); v != nil {
- return v.(error)
- }
-
- return nil
+ return r.err.Err()
}
func (r *readSelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent {
@@ -22631,6 +28263,7 @@ func (r *readSelectObjectContentEventStream) Events() <-chan SelectObjectContent
}
func (r *readSelectObjectContentEventStream) readEventStream() {
+ defer r.Close()
defer close(r.stream)
for {
@@ -22645,7 +28278,7 @@ func (r *readSelectObjectContentEventStream) readEventStream() {
return
default:
}
- r.errVal.Store(err)
+ r.err.SetError(err)
return
}
@@ -22657,22 +28290,20 @@ func (r *readSelectObjectContentEventStream) readEventStream() {
}
}
-func (r *readSelectObjectContentEventStream) unmarshalerForEventType(
- eventType string,
-) (eventstreamapi.Unmarshaler, error) {
+type unmarshalerForSelectObjectContentEventStreamEvent struct {
+ metadata protocol.ResponseMetadata
+}
+
+func (u unmarshalerForSelectObjectContentEventStreamEvent) UnmarshalerForEventName(eventType string) (eventstreamapi.Unmarshaler, error) {
switch eventType {
case "Cont":
return &ContinuationEvent{}, nil
-
case "End":
return &EndEvent{}, nil
-
case "Progress":
return &ProgressEvent{}, nil
-
case "Records":
return &RecordsEvent{}, nil
-
case "Stats":
return &StatsEvent{}, nil
default:
@@ -22704,7 +28335,7 @@ type SelectObjectContentInput struct {
// Expression is a required field
Expression *string `type:"string" required:"true"`
- // The type of the provided expression (for example., SQL).
+ // The type of the provided expression (for example, SQL).
//
// ExpressionType is a required field
ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"`
@@ -22738,6 +28369,24 @@ type SelectObjectContentInput struct {
// The SSE Customer Key MD5. For more information, see Server-Side Encryption
// (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+ // Specifies the byte range of the object to get the records from. A record
+ // is processed when its first byte is contained by the range. This parameter
+ // is optional, but when specified, it must not be empty. See RFC 2616, Section
+ // 14.35.1 about how to specify the start and end of the range.
+ //
+ // ScanRangemay be used in the following ways:
+ //
+ // * 50100 - process only
+ // the records starting between the bytes 50 and 100 (inclusive, counting
+ // from zero)
+ //
+ // * 50 - process only the records
+ // starting after the byte 50
+ //
+ // * 50 - process only the records within
+ // the last 50 bytes of the file.
+ ScanRange *ScanRange `type:"structure"`
}
// String returns the string representation
@@ -22858,11 +28507,30 @@ func (s *SelectObjectContentInput) SetSSECustomerKeyMD5(v string) *SelectObjectC
return s
}
+// SetScanRange sets the ScanRange field's value.
+func (s *SelectObjectContentInput) SetScanRange(v *ScanRange) *SelectObjectContentInput {
+ s.ScanRange = v
+ return s
+}
+
+func (s *SelectObjectContentInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *SelectObjectContentInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type SelectObjectContentOutput struct {
_ struct{} `type:"structure" payload:"Payload"`
- // Use EventStream to use the API's stream.
- EventStream *SelectObjectContentEventStream `type:"structure"`
+ EventStream *SelectObjectContentEventStream
}
// String returns the string representation
@@ -22875,29 +28543,17 @@ func (s SelectObjectContentOutput) GoString() string {
return s.String()
}
-// SetEventStream sets the EventStream field's value.
func (s *SelectObjectContentOutput) SetEventStream(v *SelectObjectContentEventStream) *SelectObjectContentOutput {
s.EventStream = v
return s
}
+func (s *SelectObjectContentOutput) GetEventStream() *SelectObjectContentEventStream {
+ return s.EventStream
+}
-func (s *SelectObjectContentOutput) runEventStreamLoop(r *request.Request) {
- if r.Error != nil {
- return
- }
- reader := newReadSelectObjectContentEventStream(
- r.HTTPResponse.Body,
- r.Handlers.UnmarshalStream,
- r.Config.Logger,
- r.Config.LogLevel.Value(),
- )
- go reader.readEventStream()
-
- eventStream := &SelectObjectContentEventStream{
- StreamCloser: r.HTTPResponse.Body,
- Reader: reader,
- }
- s.EventStream = eventStream
+// GetStream returns the type to interact with the event stream.
+func (s *SelectObjectContentOutput) GetStream() *SelectObjectContentEventStream {
+ return s.EventStream
}
// Describes the parameters for Select job types.
@@ -22909,7 +28565,7 @@ type SelectParameters struct {
// Expression is a required field
Expression *string `type:"string" required:"true"`
- // The type of the provided expression (e.g., SQL).
+ // The type of the provided expression (for example, SQL).
//
// ExpressionType is a required field
ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"`
@@ -22989,8 +28645,24 @@ func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *Selec
type ServerSideEncryptionByDefault struct {
_ struct{} `type:"structure"`
- // KMS master key ID to use for the default encryption. This parameter is allowed
- // if and only if SSEAlgorithm is set to aws:kms.
+ // AWS Key Management Service (KMS) customer master key ID to use for the default
+ // encryption. This parameter is allowed if and only if SSEAlgorithm is set
+ // to aws:kms.
+ //
+ // You can specify the key ID or the Amazon Resource Name (ARN) of the CMK.
+ // However, if you are using encryption with cross-account operations, you must
+ // use a fully qualified CMK ARN. For more information, see Using encryption
+ // for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
+ //
+ // For example:
+ //
+ // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
+ //
+ // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
+ //
+ // Amazon S3 only supports symmetric CMKs and not asymmetric CMKs. For more
+ // information, see Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
+ // in the AWS Key Management Service Developer Guide.
KMSMasterKeyID *string `type:"string" sensitive:"true"`
// Server-side encryption algorithm to use for the default encryption.
@@ -23129,7 +28801,7 @@ func (s *ServerSideEncryptionRule) SetApplyServerSideEncryptionByDefault(v *Serv
// objects that you want to replicate. You can choose to enable or disable the
// replication of these objects. Currently, Amazon S3 supports only the filter
// that you can specify for objects created with server-side encryption using
-// an AWS KMS-Managed Key (SSE-KMS).
+// a customer master key (CMK) stored in AWS Key Management Service (SSE-KMS).
type SourceSelectionCriteria struct {
_ struct{} `type:"structure"`
@@ -23176,7 +28848,7 @@ type SseKmsEncryptedObjects struct {
_ struct{} `type:"structure"`
// Specifies whether Amazon S3 replicates objects created with server-side encryption
- // using an AWS KMS-managed key.
+ // using a customer master key (CMK) stored in AWS Key Management Service.
//
// Status is a required field
Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"`
@@ -23211,6 +28883,7 @@ func (s *SseKmsEncryptedObjects) SetStatus(v string) *SseKmsEncryptedObjects {
return s
}
+// Container for the stats details.
type Stats struct {
_ struct{} `type:"structure"`
@@ -23252,6 +28925,7 @@ func (s *Stats) SetBytesScanned(v int64) *Stats {
return s
}
+// Container for the Stats Event.
type StatsEvent struct {
_ struct{} `locationName:"StatsEvent" type:"structure" payload:"Details"`
@@ -23292,6 +28966,16 @@ func (s *StatsEvent) UnmarshalEvent(
return nil
}
+func (s *StatsEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) {
+ msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType))
+ var buf bytes.Buffer
+ if err = pm.MarshalPayload(&buf, s); err != nil {
+ return eventstream.Message{}, err
+ }
+ msg.Payload = buf.Bytes()
+ return msg, err
+}
+
// Specifies data related to access patterns to be collected and made available
// to analyze the tradeoffs between different storage classes for an Amazon
// S3 bucket.
@@ -23334,6 +29018,8 @@ func (s *StorageClassAnalysis) SetDataExport(v *StorageClassAnalysisDataExport)
return s
}
+// Container for data related to the storage class analysis for an Amazon S3
+// bucket for export.
type StorageClassAnalysisDataExport struct {
_ struct{} `type:"structure"`
@@ -23391,6 +29077,7 @@ func (s *StorageClassAnalysisDataExport) SetOutputSchemaVersion(v string) *Stora
return s
}
+// A container of a key value name pair.
type Tag struct {
_ struct{} `type:"structure"`
@@ -23446,9 +29133,12 @@ func (s *Tag) SetValue(v string) *Tag {
return s
}
+// Container for TagSet elements.
type Tagging struct {
_ struct{} `type:"structure"`
+ // A collection for a set of tags
+ //
// TagSet is a required field
TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"`
}
@@ -23492,9 +29182,11 @@ func (s *Tagging) SetTagSet(v []*Tag) *Tagging {
return s
}
+// Container for granting information.
type TargetGrant struct {
_ struct{} `type:"structure"`
+ // Container for the person being granted permissions.
Grantee *Grantee `type:"structure" xmlPrefix:"xsi" xmlURI:"http://www.w3.org/2001/XMLSchema-instance"`
// Logging permissions assigned to the Grantee for the bucket.
@@ -23617,6 +29309,10 @@ func (s *TopicConfiguration) SetTopicArn(v string) *TopicConfiguration {
return s
}
+// A container for specifying the configuration for publication of messages
+// to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3
+// detects specified events. This data type is deprecated. Use TopicConfiguration
+// instead.
type TopicConfigurationDeprecated struct {
_ struct{} `type:"structure"`
@@ -23625,6 +29321,7 @@ type TopicConfigurationDeprecated struct {
// Deprecated: Event has been deprecated
Event *string `deprecated:"true" type:"string" enum:"Event"`
+ // A collection of events related to objects
Events []*string `locationName:"Event" type:"list" flattened:"true"`
// An optional unique identifier for configurations in a notification configuration.
@@ -23670,7 +29367,10 @@ func (s *TopicConfigurationDeprecated) SetTopic(v string) *TopicConfigurationDep
return s
}
-// Specifies when an object transitions to a specified storage class.
+// Specifies when an object transitions to a specified storage class. For more
+// information about Amazon S3 lifecycle configuration rules, see Transitioning
+// Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html)
+// in the Amazon Simple Storage Service Developer Guide.
type Transition struct {
_ struct{} `type:"structure"`
@@ -23717,6 +29417,8 @@ func (s *Transition) SetStorageClass(v string) *Transition {
type UploadPartCopyInput struct {
_ struct{} `locationName:"UploadPartCopyRequest" type:"structure"`
+ // The bucket name.
+ //
// Bucket is a required field
Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -23742,11 +29444,12 @@ type UploadPartCopyInput struct {
// The range of bytes to copy from the source object. The range value must use
// the form bytes=first-last, where the first and last are the zero-based byte
// offsets to copy. For example, bytes=0-9 indicates that you want to copy the
- // first ten bytes of the source. You can copy a range only if the source object
+ // first 10 bytes of the source. You can copy a range only if the source object
// is greater than 5 MB.
CopySourceRange *string `location:"header" locationName:"x-amz-copy-source-range" type:"string"`
- // Specifies the algorithm to use when decrypting the source object (e.g., AES256).
+ // Specifies the algorithm to use when decrypting the source object (for example,
+ // AES256).
CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
@@ -23755,10 +29458,12 @@ type UploadPartCopyInput struct {
CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"`
+ // Object key for which the multipart upload was initiated.
+ //
// Key is a required field
Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
@@ -23768,26 +29473,28 @@ type UploadPartCopyInput struct {
// PartNumber is a required field
PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
- // Specifies the algorithm to use to when encrypting the object (e.g., AES256).
+ // Specifies the algorithm to use to when encrypting the object (for example,
+ // AES256).
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
// data. This value is used to store the object and then it is discarded; Amazon
- // does not store the encryption key. The key must be appropriate for use with
- // the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+ // S3 does not store the encryption key. The key must be appropriate for use
+ // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
// header. This must be the same encryption key specified in the initiate multipart
// upload request.
SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// Upload ID identifying the multipart upload whose part is being copied.
@@ -23960,9 +29667,24 @@ func (s *UploadPartCopyInput) SetUploadId(v string) *UploadPartCopyInput {
return s
}
+func (s *UploadPartCopyInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *UploadPartCopyInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type UploadPartCopyOutput struct {
_ struct{} `type:"structure" payload:"CopyPartResult"`
+ // Container for all response elements.
CopyPartResult *CopyPartResult `type:"structure"`
// The version of the source object that was copied, if you have enabled versioning
@@ -23979,16 +29701,17 @@ type UploadPartCopyOutput struct {
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// If server-side encryption with a customer-provided encryption key was requested,
- // the response will include this header to provide round trip message integrity
+ // the response will include this header to provide round-trip message integrity
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
- // If present, specifies the ID of the AWS Key Management Service (KMS) master
- // encryption key that was used for the object.
+ // If present, specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetric customer managed customer master key (CMK) that was used for the
+ // object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // The server-side encryption algorithm used when storing this object in Amazon
+ // S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
}
@@ -24060,7 +29783,7 @@ type UploadPartInput struct {
ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
// The base64-encoded 128-bit MD5 digest of the part data. This parameter is
- // auto-populated when using the command from the CLI. This parameted is required
+ // auto-populated when using the command from the CLI. This parameter is required
// if object lock parameters are specified.
ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
@@ -24075,26 +29798,28 @@ type UploadPartInput struct {
// PartNumber is a required field
PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"`
- // Confirms that the requester knows that she or he will be charged for the
- // request. Bucket owners need not specify this parameter in their requests.
- // Documentation on downloading objects from requester pays buckets can be found
- // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+ // Confirms that the requester knows that they will be charged for the request.
+ // Bucket owners need not specify this parameter in their requests. For information
+ // about downloading objects from requester pays buckets, see Downloading Objects
+ // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+ // in the Amazon S3 Developer Guide.
RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
- // Specifies the algorithm to use to when encrypting the object (e.g., AES256).
+ // Specifies the algorithm to use to when encrypting the object (for example,
+ // AES256).
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// Specifies the customer-provided encryption key for Amazon S3 to use in encrypting
// data. This value is used to store the object and then it is discarded; Amazon
- // does not store the encryption key. The key must be appropriate for use with
- // the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
+ // S3 does not store the encryption key. The key must be appropriate for use
+ // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm
// header. This must be the same encryption key specified in the initiate multipart
// upload request.
SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
- // Amazon S3 uses this header for a message integrity check to ensure the encryption
- // key was transmitted without error.
+ // Amazon S3 uses this header for a message integrity check to ensure that the
+ // encryption key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// Upload ID identifying the multipart upload whose part is being uploaded.
@@ -24221,6 +29946,20 @@ func (s *UploadPartInput) SetUploadId(v string) *UploadPartInput {
return s
}
+func (s *UploadPartInput) getEndpointARN() (arn.Resource, error) {
+ if s.Bucket == nil {
+ return nil, fmt.Errorf("member Bucket is nil")
+ }
+ return parseEndpointARN(*s.Bucket)
+}
+
+func (s *UploadPartInput) hasEndpointARN() bool {
+ if s.Bucket == nil {
+ return false
+ }
+ return arn.IsARN(*s.Bucket)
+}
+
type UploadPartOutput struct {
_ struct{} `type:"structure"`
@@ -24237,16 +29976,16 @@ type UploadPartOutput struct {
SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
// If server-side encryption with a customer-provided encryption key was requested,
- // the response will include this header to provide round trip message integrity
+ // the response will include this header to provide round-trip message integrity
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
- // If present, specifies the ID of the AWS Key Management Service (KMS) master
- // encryption key that was used for the object.
+ // If present, specifies the ID of the AWS Key Management Service (AWS KMS)
+ // symmetric customer managed customer master key (CMK) was used for the object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
- // The Server-side encryption algorithm used when storing this object in S3
- // (e.g., AES256, aws:kms).
+ // The server-side encryption algorithm used when storing this object in Amazon
+ // S3 (for example, AES256, aws:kms).
ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
}
@@ -24561,11 +30300,37 @@ const (
// EventS3ObjectRemovedDeleteMarkerCreated is a Event enum value
EventS3ObjectRemovedDeleteMarkerCreated = "s3:ObjectRemoved:DeleteMarkerCreated"
+ // EventS3ObjectRestore is a Event enum value
+ EventS3ObjectRestore = "s3:ObjectRestore:*"
+
// EventS3ObjectRestorePost is a Event enum value
EventS3ObjectRestorePost = "s3:ObjectRestore:Post"
// EventS3ObjectRestoreCompleted is a Event enum value
EventS3ObjectRestoreCompleted = "s3:ObjectRestore:Completed"
+
+ // EventS3Replication is a Event enum value
+ EventS3Replication = "s3:Replication:*"
+
+ // EventS3ReplicationOperationFailedReplication is a Event enum value
+ EventS3ReplicationOperationFailedReplication = "s3:Replication:OperationFailedReplication"
+
+ // EventS3ReplicationOperationNotTracked is a Event enum value
+ EventS3ReplicationOperationNotTracked = "s3:Replication:OperationNotTracked"
+
+ // EventS3ReplicationOperationMissedThreshold is a Event enum value
+ EventS3ReplicationOperationMissedThreshold = "s3:Replication:OperationMissedThreshold"
+
+ // EventS3ReplicationOperationReplicatedAfterThreshold is a Event enum value
+ EventS3ReplicationOperationReplicatedAfterThreshold = "s3:Replication:OperationReplicatedAfterThreshold"
+)
+
+const (
+ // ExistingObjectReplicationStatusEnabled is a ExistingObjectReplicationStatus enum value
+ ExistingObjectReplicationStatusEnabled = "Enabled"
+
+ // ExistingObjectReplicationStatusDisabled is a ExistingObjectReplicationStatus enum value
+ ExistingObjectReplicationStatusDisabled = "Disabled"
)
const (
@@ -24657,6 +30422,9 @@ const (
// InventoryOptionalFieldObjectLockLegalHoldStatus is a InventoryOptionalField enum value
InventoryOptionalFieldObjectLockLegalHoldStatus = "ObjectLockLegalHoldStatus"
+
+ // InventoryOptionalFieldIntelligentTieringAccessTier is a InventoryOptionalField enum value
+ InventoryOptionalFieldIntelligentTieringAccessTier = "IntelligentTieringAccessTier"
)
const (
@@ -24691,6 +30459,14 @@ const (
MetadataDirectiveReplace = "REPLACE"
)
+const (
+ // MetricsStatusEnabled is a MetricsStatus enum value
+ MetricsStatusEnabled = "Enabled"
+
+ // MetricsStatusDisabled is a MetricsStatus enum value
+ MetricsStatusDisabled = "Disabled"
+)
+
const (
// ObjectCannedACLPrivate is a ObjectCannedACL enum value
ObjectCannedACLPrivate = "private"
@@ -24839,6 +30615,14 @@ const (
ReplicationStatusReplica = "REPLICA"
)
+const (
+ // ReplicationTimeStatusEnabled is a ReplicationTimeStatus enum value
+ ReplicationTimeStatusEnabled = "Enabled"
+
+ // ReplicationTimeStatusDisabled is a ReplicationTimeStatus enum value
+ ReplicationTimeStatusDisabled = "Disabled"
+)
+
// If present, indicates that the requester was successfully charged for the
// request.
const (
@@ -24846,10 +30630,11 @@ const (
RequestChargedRequester = "requester"
)
-// Confirms that the requester knows that she or he will be charged for the
-// request. Bucket owners need not specify this parameter in their requests.
-// Documentation on downloading objects from requester pays buckets can be found
-// at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
+// Confirms that the requester knows that they will be charged for the request.
+// Bucket owners need not specify this parameter in their requests. For information
+// about downloading objects from requester pays buckets, see Downloading Objects
+// in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+// in the Amazon S3 Developer Guide.
const (
// RequestPayerRequester is a RequestPayer enum value
RequestPayerRequester = "requester"
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go b/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
index 5c8ce5cc8..407f06b6e 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
@@ -13,7 +13,6 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/request"
- "github.com/aws/aws-sdk-go/internal/sdkio"
)
const (
@@ -25,30 +24,6 @@ const (
appendMD5TxEncoding = "append-md5"
)
-// contentMD5 computes and sets the HTTP Content-MD5 header for requests that
-// require it.
-func contentMD5(r *request.Request) {
- h := md5.New()
-
- if !aws.IsReaderSeekable(r.Body) {
- if r.Config.Logger != nil {
- r.Config.Logger.Log(fmt.Sprintf(
- "Unable to compute Content-MD5 for unseekable body, S3.%s",
- r.Operation.Name))
- }
- return
- }
-
- if _, err := copySeekableBody(h, r.Body); err != nil {
- r.Error = awserr.New("ContentMD5", "failed to compute body MD5", err)
- return
- }
-
- // encode the md5 checksum in base64 and set the request header.
- v := base64.StdEncoding.EncodeToString(h.Sum(nil))
- r.HTTPRequest.Header.Set(contentMD5Header, v)
-}
-
// computeBodyHashes will add Content MD5 and Content Sha256 hashes to the
// request. If the body is not seekable or S3DisableContentMD5Validation set
// this handler will be ignored.
@@ -90,7 +65,7 @@ func computeBodyHashes(r *request.Request) {
dst = io.MultiWriter(hashers...)
}
- if _, err := copySeekableBody(dst, r.Body); err != nil {
+ if _, err := aws.CopySeekableBody(dst, r.Body); err != nil {
r.Error = awserr.New("BodyHashError", "failed to compute body hashes", err)
return
}
@@ -119,28 +94,6 @@ const (
sha256HexEncLen = sha256.Size * 2 // hex.EncodedLen
)
-func copySeekableBody(dst io.Writer, src io.ReadSeeker) (int64, error) {
- curPos, err := src.Seek(0, sdkio.SeekCurrent)
- if err != nil {
- return 0, err
- }
-
- // hash the body. seek back to the first position after reading to reset
- // the body for transmission. copy errors may be assumed to be from the
- // body.
- n, err := io.Copy(dst, src)
- if err != nil {
- return n, err
- }
-
- _, err = src.Seek(curPos, sdkio.SeekStart)
- if err != nil {
- return n, err
- }
-
- return n, nil
-}
-
// Adds the x-amz-te: append_md5 header to the request. This requests the service
// responds with a trailing MD5 checksum.
//
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
index 23d386b16..a7698d5eb 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
@@ -4,6 +4,7 @@ import (
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/internal/s3err"
+ "github.com/aws/aws-sdk-go/service/s3/internal/arn"
)
func init() {
@@ -13,7 +14,7 @@ func init() {
func defaultInitClientFn(c *client.Client) {
// Support building custom endpoints based on config
- c.Handlers.Build.PushFront(updateEndpointForS3Config)
+ c.Handlers.Build.PushFront(endpointHandler)
// Require SSL when using SSE keys
c.Handlers.Validate.PushBack(validateSSERequiresSSL)
@@ -27,17 +28,11 @@ func defaultInitClientFn(c *client.Client) {
}
func defaultInitRequestFn(r *request.Request) {
- // Add reuest handlers for specific platforms.
+ // Add request handlers for specific platforms.
// e.g. 100-continue support for PUT requests using Go 1.6
platformRequestHandlers(r)
switch r.Operation.Name {
- case opPutBucketCors, opPutBucketLifecycle, opPutBucketPolicy,
- opPutBucketTagging, opDeleteObjects, opPutBucketLifecycleConfiguration,
- opPutObjectLegalHold, opPutObjectRetention, opPutObjectLockConfiguration,
- opPutBucketReplication:
- // These S3 operations require Content-MD5 to be set
- r.Handlers.Build.PushBack(contentMD5)
case opGetBucketLocation:
// GetBucketLocation has custom parsing logic
r.Handlers.Unmarshal.PushFront(buildGetBucketLocation)
@@ -73,3 +68,8 @@ type sseCustomerKeyGetter interface {
type copySourceSSECustomerKeyGetter interface {
getCopySourceSSECustomerKey() string
}
+
+type endpointARNGetter interface {
+ getEndpointARN() (arn.Resource, error)
+ hasEndpointARN() bool
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
new file mode 100644
index 000000000..c4048fbfb
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
@@ -0,0 +1,233 @@
+package s3
+
+import (
+ "net/url"
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws"
+ awsarn "github.com/aws/aws-sdk-go/aws/arn"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/endpoints"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/service/s3/internal/arn"
+)
+
+// Used by shapes with members decorated as endpoint ARN.
+func parseEndpointARN(v string) (arn.Resource, error) {
+ return arn.ParseResource(v, accessPointResourceParser)
+}
+
+func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
+ resParts := arn.SplitResource(a.Resource)
+ switch resParts[0] {
+ case "accesspoint":
+ return arn.ParseAccessPointResource(a, resParts[1:])
+ default:
+ return nil, arn.InvalidARNError{ARN: a, Reason: "unknown resource type"}
+ }
+}
+
+func endpointHandler(req *request.Request) {
+ endpoint, ok := req.Params.(endpointARNGetter)
+ if !ok || !endpoint.hasEndpointARN() {
+ updateBucketEndpointFromParams(req)
+ return
+ }
+
+ resource, err := endpoint.getEndpointARN()
+ if err != nil {
+ req.Error = newInvalidARNError(nil, err)
+ return
+ }
+
+ resReq := resourceRequest{
+ Resource: resource,
+ Request: req,
+ }
+
+ if resReq.IsCrossPartition() {
+ req.Error = newClientPartitionMismatchError(resource,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ return
+ }
+
+ if !resReq.AllowCrossRegion() && resReq.IsCrossRegion() {
+ req.Error = newClientRegionMismatchError(resource,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ return
+ }
+
+ if resReq.HasCustomEndpoint() {
+ req.Error = newInvalidARNWithCustomEndpointError(resource, nil)
+ return
+ }
+
+ switch tv := resource.(type) {
+ case arn.AccessPointARN:
+ err = updateRequestAccessPointEndpoint(req, tv)
+ if err != nil {
+ req.Error = err
+ }
+ default:
+ req.Error = newInvalidARNError(resource, nil)
+ }
+}
+
+type resourceRequest struct {
+ Resource arn.Resource
+ Request *request.Request
+}
+
+func (r resourceRequest) ARN() awsarn.ARN {
+ return r.Resource.GetARN()
+}
+
+func (r resourceRequest) AllowCrossRegion() bool {
+ return aws.BoolValue(r.Request.Config.S3UseARNRegion)
+}
+
+func (r resourceRequest) UseFIPS() bool {
+ return isFIPS(aws.StringValue(r.Request.Config.Region))
+}
+
+func (r resourceRequest) IsCrossPartition() bool {
+ return r.Request.ClientInfo.PartitionID != r.Resource.GetARN().Partition
+}
+
+func (r resourceRequest) IsCrossRegion() bool {
+ return isCrossRegion(r.Request, r.Resource.GetARN().Region)
+}
+
+func (r resourceRequest) HasCustomEndpoint() bool {
+ return len(aws.StringValue(r.Request.Config.Endpoint)) > 0
+}
+
+func isFIPS(clientRegion string) bool {
+ return strings.HasPrefix(clientRegion, "fips-") || strings.HasSuffix(clientRegion, "-fips")
+}
+func isCrossRegion(req *request.Request, otherRegion string) bool {
+ return req.ClientInfo.SigningRegion != otherRegion
+}
+
+func updateBucketEndpointFromParams(r *request.Request) {
+ bucket, ok := bucketNameFromReqParams(r.Params)
+ if !ok {
+ // Ignore operation requests if the bucket name was not provided
+ // if this is an input validation error the validation handler
+ // will report it.
+ return
+ }
+ updateEndpointForS3Config(r, bucket)
+}
+
+func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.AccessPointARN) error {
+ // Accelerate not supported
+ if aws.BoolValue(req.Config.S3UseAccelerate) {
+ return newClientConfiguredForAccelerateError(accessPoint,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ }
+
+ // Ignore the disable host prefix for access points since custom endpoints
+ // are not supported.
+ req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+ if err := accessPointEndpointBuilder(accessPoint).Build(req); err != nil {
+ return err
+ }
+
+ removeBucketFromPath(req.HTTPRequest.URL)
+
+ return nil
+}
+
+func removeBucketFromPath(u *url.URL) {
+ u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
+ if u.Path == "" {
+ u.Path = "/"
+ }
+}
+
+type accessPointEndpointBuilder arn.AccessPointARN
+
+const (
+ accessPointPrefixLabel = "accesspoint"
+ accountIDPrefixLabel = "accountID"
+ accesPointPrefixTemplate = "{" + accessPointPrefixLabel + "}-{" + accountIDPrefixLabel + "}."
+)
+
+func (a accessPointEndpointBuilder) Build(req *request.Request) error {
+ resolveRegion := arn.AccessPointARN(a).Region
+ cfgRegion := aws.StringValue(req.Config.Region)
+
+ if isFIPS(cfgRegion) {
+ if aws.BoolValue(req.Config.S3UseARNRegion) && isCrossRegion(req, resolveRegion) {
+ // FIPS with cross region is not supported, the SDK must fail
+ // because there is no well defined method for SDK to construct a
+ // correct FIPS endpoint.
+ return newClientConfiguredForCrossRegionFIPSError(arn.AccessPointARN(a),
+ req.ClientInfo.PartitionID, cfgRegion, nil)
+ }
+ resolveRegion = cfgRegion
+ }
+
+ endpoint, err := resolveRegionalEndpoint(req, resolveRegion)
+ if err != nil {
+ return newFailedToResolveEndpointError(arn.AccessPointARN(a),
+ req.ClientInfo.PartitionID, cfgRegion, err)
+ }
+
+ if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+ return err
+ }
+
+ const serviceEndpointLabel = "s3-accesspoint"
+
+ // dualstack provided by endpoint resolver
+ cfgHost := req.HTTPRequest.URL.Host
+ if strings.HasPrefix(cfgHost, "s3") {
+ req.HTTPRequest.URL.Host = serviceEndpointLabel + cfgHost[2:]
+ }
+
+ protocol.HostPrefixBuilder{
+ Prefix: accesPointPrefixTemplate,
+ LabelsFn: a.hostPrefixLabelValues,
+ }.Build(req)
+
+ req.ClientInfo.SigningName = endpoint.SigningName
+ req.ClientInfo.SigningRegion = endpoint.SigningRegion
+
+ err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
+ if err != nil {
+ return newInvalidARNError(arn.AccessPointARN(a), err)
+ }
+
+ return nil
+}
+
+func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
+ return map[string]string{
+ accessPointPrefixLabel: arn.AccessPointARN(a).AccessPointName,
+ accountIDPrefixLabel: arn.AccessPointARN(a).AccountID,
+ }
+}
+
+func resolveRegionalEndpoint(r *request.Request, region string) (endpoints.ResolvedEndpoint, error) {
+ return r.Config.EndpointResolver.EndpointFor(EndpointsID, region, func(opts *endpoints.Options) {
+ opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL)
+ opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack)
+ opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint
+ })
+}
+
+func updateRequestEndpoint(r *request.Request, endpoint string) (err error) {
+ endpoint = endpoints.AddScheme(endpoint, aws.BoolValue(r.Config.DisableSSL))
+
+ r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath)
+ if err != nil {
+ return awserr.New(request.ErrCodeSerialization,
+ "failed to parse endpoint URL", err)
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_errors.go
new file mode 100644
index 000000000..9df03e78d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_errors.go
@@ -0,0 +1,151 @@
+package s3
+
+import (
+ "fmt"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/service/s3/internal/arn"
+)
+
+const (
+ invalidARNErrorErrCode = "InvalidARNError"
+ configurationErrorErrCode = "ConfigurationError"
+)
+
+type invalidARNError struct {
+ message string
+ resource arn.Resource
+ origErr error
+}
+
+func (e invalidARNError) Error() string {
+ var extra string
+ if e.resource != nil {
+ extra = "ARN: " + e.resource.String()
+ }
+ return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
+}
+
+func (e invalidARNError) Code() string {
+ return invalidARNErrorErrCode
+}
+
+func (e invalidARNError) Message() string {
+ return e.message
+}
+
+func (e invalidARNError) OrigErr() error {
+ return e.origErr
+}
+
+func newInvalidARNError(resource arn.Resource, err error) invalidARNError {
+ return invalidARNError{
+ message: "invalid ARN",
+ origErr: err,
+ resource: resource,
+ }
+}
+
+func newInvalidARNWithCustomEndpointError(resource arn.Resource, err error) invalidARNError {
+ return invalidARNError{
+ message: "resource ARN not supported with custom client endpoints",
+ origErr: err,
+ resource: resource,
+ }
+}
+
+// ARN not supported for the target partition
+func newInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error) invalidARNError {
+ return invalidARNError{
+ message: "resource ARN not supported for the target ARN partition",
+ origErr: err,
+ resource: resource,
+ }
+}
+
+type configurationError struct {
+ message string
+ resource arn.Resource
+ clientPartitionID string
+ clientRegion string
+ origErr error
+}
+
+func (e configurationError) Error() string {
+ extra := fmt.Sprintf("ARN: %s, client partition: %s, client region: %s",
+ e.resource, e.clientPartitionID, e.clientRegion)
+
+ return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
+}
+
+func (e configurationError) Code() string {
+ return configurationErrorErrCode
+}
+
+func (e configurationError) Message() string {
+ return e.message
+}
+
+func (e configurationError) OrigErr() error {
+ return e.origErr
+}
+
+func newClientPartitionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
+ return configurationError{
+ message: "client partition does not match provided ARN partition",
+ origErr: err,
+ resource: resource,
+ clientPartitionID: clientPartitionID,
+ clientRegion: clientRegion,
+ }
+}
+
+func newClientRegionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
+ return configurationError{
+ message: "client region does not match provided ARN region",
+ origErr: err,
+ resource: resource,
+ clientPartitionID: clientPartitionID,
+ clientRegion: clientRegion,
+ }
+}
+
+func newFailedToResolveEndpointError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
+ return configurationError{
+ message: "endpoint resolver failed to find an endpoint for the provided ARN region",
+ origErr: err,
+ resource: resource,
+ clientPartitionID: clientPartitionID,
+ clientRegion: clientRegion,
+ }
+}
+
+func newClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
+ return configurationError{
+ message: "client configured for fips but cross-region resource ARN provided",
+ origErr: err,
+ resource: resource,
+ clientPartitionID: clientPartitionID,
+ clientRegion: clientRegion,
+ }
+}
+
+func newClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
+ return configurationError{
+ message: "client configured for S3 Accelerate but is supported with resource ARN",
+ origErr: err,
+ resource: resource,
+ clientPartitionID: clientPartitionID,
+ clientRegion: clientRegion,
+ }
+}
+
+func newClientConfiguredForCrossRegionFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
+ return configurationError{
+ message: "client configured for FIPS with cross-region enabled but is supported with cross-region resource ARN",
+ origErr: err,
+ resource: resource,
+ clientPartitionID: clientPartitionID,
+ clientRegion: clientRegion,
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
index 931cb17bb..49aeff16f 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
@@ -13,6 +13,12 @@ const (
// ErrCodeBucketAlreadyOwnedByYou for service response error code
// "BucketAlreadyOwnedByYou".
+ //
+ // The bucket you tried to create already exists, and you own it. Amazon S3
+ // returns this error in all AWS Regions except in the North Virginia Region.
+ // For legacy compatibility, if you re-create an existing bucket that you already
+ // own in the North Virginia Region, Amazon S3 returns 200 OK and resets the
+ // bucket access control lists (ACLs).
ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou"
// ErrCodeNoSuchBucket for service response error code
@@ -36,13 +42,13 @@ const (
// ErrCodeObjectAlreadyInActiveTierError for service response error code
// "ObjectAlreadyInActiveTierError".
//
- // This operation is not allowed against this storage tier
+ // This operation is not allowed against this storage tier.
ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError"
// ErrCodeObjectNotInActiveTierError for service response error code
// "ObjectNotInActiveTierError".
//
// The source object of the COPY operation is not in the active tier and is
- // only stored in Amazon Glacier.
+ // only stored in Amazon S3 Glacier.
ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError"
)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
index a7fbc2de2..81cdec1ae 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
@@ -30,10 +30,10 @@ var accelerateOpBlacklist = operationBlacklist{
opListBuckets, opCreateBucket, opDeleteBucket,
}
-// Request handler to automatically add the bucket name to the endpoint domain
+// Automatically add the bucket name to the endpoint domain
// if possible. This style of bucket is valid for all bucket names which are
// DNS compatible and do not contain "."
-func updateEndpointForS3Config(r *request.Request) {
+func updateEndpointForS3Config(r *request.Request, bucketName string) {
forceHostStyle := aws.BoolValue(r.Config.S3ForcePathStyle)
accelerate := aws.BoolValue(r.Config.S3UseAccelerate)
@@ -43,45 +43,29 @@ func updateEndpointForS3Config(r *request.Request) {
r.Config.Logger.Log("ERROR: aws.Config.S3UseAccelerate is not compatible with aws.Config.S3ForcePathStyle, ignoring S3ForcePathStyle.")
}
}
- updateEndpointForAccelerate(r)
+ updateEndpointForAccelerate(r, bucketName)
} else if !forceHostStyle && r.Operation.Name != opGetBucketLocation {
- updateEndpointForHostStyle(r)
+ updateEndpointForHostStyle(r, bucketName)
}
}
-func updateEndpointForHostStyle(r *request.Request) {
- bucket, ok := bucketNameFromReqParams(r.Params)
- if !ok {
- // Ignore operation requests if the bucketname was not provided
- // if this is an input validation error the validation handler
- // will report it.
- return
- }
-
- if !hostCompatibleBucketName(r.HTTPRequest.URL, bucket) {
+func updateEndpointForHostStyle(r *request.Request, bucketName string) {
+ if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
// bucket name must be valid to put into the host
return
}
- moveBucketToHost(r.HTTPRequest.URL, bucket)
+ moveBucketToHost(r.HTTPRequest.URL, bucketName)
}
var (
accelElem = []byte("s3-accelerate.dualstack.")
)
-func updateEndpointForAccelerate(r *request.Request) {
- bucket, ok := bucketNameFromReqParams(r.Params)
- if !ok {
- // Ignore operation requests if the bucketname was not provided
- // if this is an input validation error the validation handler
- // will report it.
- return
- }
-
- if !hostCompatibleBucketName(r.HTTPRequest.URL, bucket) {
+func updateEndpointForAccelerate(r *request.Request, bucketName string) {
+ if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
r.Error = awserr.New("InvalidParameterException",
- fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucket),
+ fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucketName),
nil)
return
}
@@ -106,7 +90,7 @@ func updateEndpointForAccelerate(r *request.Request) {
r.HTTPRequest.URL.Host = strings.Join(parts, ".")
- moveBucketToHost(r.HTTPRequest.URL, bucket)
+ moveBucketToHost(r.HTTPRequest.URL, bucketName)
}
// Attempts to retrieve the bucket name from the request input parameters.
@@ -148,8 +132,5 @@ func dnsCompatibleBucketName(bucket string) bool {
// moveBucketToHost moves the bucket name from the URI path to URL host.
func moveBucketToHost(u *url.URL, bucket string) {
u.Host = bucket + "." + u.Host
- u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
- if u.Path == "" {
- u.Path = "/"
- }
+ removeBucketFromPath(u)
}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/accesspoint_arn.go b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/accesspoint_arn.go
new file mode 100644
index 000000000..2f93f96fd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/accesspoint_arn.go
@@ -0,0 +1,45 @@
+package arn
+
+import (
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws/arn"
+)
+
+// AccessPointARN provides representation
+type AccessPointARN struct {
+ arn.ARN
+ AccessPointName string
+}
+
+// GetARN returns the base ARN for the Access Point resource
+func (a AccessPointARN) GetARN() arn.ARN {
+ return a.ARN
+}
+
+// ParseAccessPointResource attempts to parse the ARN's resource as an
+// AccessPoint resource.
+func ParseAccessPointResource(a arn.ARN, resParts []string) (AccessPointARN, error) {
+ if len(a.Region) == 0 {
+ return AccessPointARN{}, InvalidARNError{a, "region not set"}
+ }
+ if len(a.AccountID) == 0 {
+ return AccessPointARN{}, InvalidARNError{a, "account-id not set"}
+ }
+ if len(resParts) == 0 {
+ return AccessPointARN{}, InvalidARNError{a, "resource-id not set"}
+ }
+ if len(resParts) > 1 {
+ return AccessPointARN{}, InvalidARNError{a, "sub resource not supported"}
+ }
+
+ resID := resParts[0]
+ if len(strings.TrimSpace(resID)) == 0 {
+ return AccessPointARN{}, InvalidARNError{a, "resource-id not set"}
+ }
+
+ return AccessPointARN{
+ ARN: a,
+ AccessPointName: resID,
+ }, nil
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/arn.go
new file mode 100644
index 000000000..a942d887f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/arn.go
@@ -0,0 +1,71 @@
+package arn
+
+import (
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws/arn"
+)
+
+// Resource provides the interfaces abstracting ARNs of specific resource
+// types.
+type Resource interface {
+ GetARN() arn.ARN
+ String() string
+}
+
+// ResourceParser provides the function for parsing an ARN's resource
+// component into a typed resource.
+type ResourceParser func(arn.ARN) (Resource, error)
+
+// ParseResource parses an AWS ARN into a typed resource for the S3 API.
+func ParseResource(s string, resParser ResourceParser) (resARN Resource, err error) {
+ a, err := arn.Parse(s)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(a.Partition) == 0 {
+ return nil, InvalidARNError{a, "partition not set"}
+ }
+ if a.Service != "s3" {
+ return nil, InvalidARNError{a, "service is not S3"}
+ }
+ if len(a.Resource) == 0 {
+ return nil, InvalidARNError{a, "resource not set"}
+ }
+
+ return resParser(a)
+}
+
+// SplitResource splits the resource components by the ARN resource delimiters.
+func SplitResource(v string) []string {
+ var parts []string
+ var offset int
+
+ for offset <= len(v) {
+ idx := strings.IndexAny(v[offset:], "/:")
+ if idx < 0 {
+ parts = append(parts, v[offset:])
+ break
+ }
+ parts = append(parts, v[offset:idx+offset])
+ offset += idx + 1
+ }
+
+ return parts
+}
+
+// IsARN returns whether the given string is an ARN
+func IsARN(s string) bool {
+ return arn.IsARN(s)
+}
+
+// InvalidARNError provides the error for an invalid ARN error.
+type InvalidARNError struct {
+ ARN arn.ARN
+ Reason string
+}
+
+func (e InvalidARNError) Error() string {
+ return "invalid Amazon S3 ARN, " + e.Reason + ", " + e.ARN.String()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
index d17dcc9da..b4c07b4d4 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
@@ -31,7 +31,7 @@ var initRequest func(*request.Request)
const (
ServiceName = "s3" // Name of service.
EndpointsID = ServiceName // ID to lookup a service endpoint with.
- ServiceID = "S3" // ServiceID is a unique identifer of a specific service.
+ ServiceID = "S3" // ServiceID is a unique identifier of a specific service.
)
// New creates a new instance of the S3 client with a session.
@@ -39,6 +39,8 @@ const (
// aws.Config parameter to add your extra config.
//
// Example:
+// mySession := session.Must(session.NewSession())
+//
// // Create a S3 client from just a session.
// svc := s3.New(mySession)
//
@@ -46,11 +48,11 @@ const (
// svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *S3 {
c := p.ClientConfig(EndpointsID, cfgs...)
- return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
}
// newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *S3 {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *S3 {
svc := &S3{
Client: client.New(
cfg,
@@ -59,6 +61,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
ServiceID: ServiceID,
SigningName: signingName,
SigningRegion: signingRegion,
+ PartitionID: partitionID,
Endpoint: endpoint,
APIVersion: "2006-03-01",
},
@@ -75,6 +78,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler)
svc.Handlers.UnmarshalError.PushBackNamed(restxml.UnmarshalErrorHandler)
+ svc.Handlers.BuildStream.PushBackNamed(restxml.BuildHandler)
svc.Handlers.UnmarshalStream.PushBackNamed(restxml.UnmarshalHandler)
// Run custom client initialization if present
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
index f6a69aed1..247770e4c 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
@@ -2,6 +2,7 @@ package s3
import (
"bytes"
+ "io"
"io/ioutil"
"net/http"
@@ -24,17 +25,18 @@ func copyMultipartStatusOKUnmarhsalError(r *request.Request) {
r.HTTPResponse.Body = ioutil.NopCloser(body)
defer body.Seek(0, sdkio.SeekStart)
- if body.Len() == 0 {
- // If there is no body don't attempt to parse the body.
- return
- }
-
unmarshalError(r)
if err, ok := r.Error.(awserr.Error); ok && err != nil {
- if err.Code() == request.ErrCodeSerialization {
+ if err.Code() == request.ErrCodeSerialization &&
+ err.OrigErr() != io.EOF {
r.Error = nil
return
}
- r.HTTPResponse.StatusCode = http.StatusServiceUnavailable
+ // if empty payload
+ if err.OrigErr() == io.EOF {
+ r.HTTPResponse.StatusCode = http.StatusInternalServerError
+ } else {
+ r.HTTPResponse.StatusCode = http.StatusServiceUnavailable
+ }
}
}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
index 5b63fac72..6eecf6691 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
@@ -1,6 +1,7 @@
package s3
import (
+ "bytes"
"encoding/xml"
"fmt"
"io"
@@ -45,17 +46,24 @@ func unmarshalError(r *request.Request) {
// Attempt to parse error from body if it is known
var errResp xmlErrorResponse
- err := xmlutil.UnmarshalXMLError(&errResp, r.HTTPResponse.Body)
- if err == io.EOF {
- // Only capture the error if an unmarshal error occurs that is not EOF,
- // because S3 might send an error without a error message which causes
- // the XML unmarshal to fail with EOF.
- err = nil
+ var err error
+ if r.HTTPResponse.StatusCode >= 200 && r.HTTPResponse.StatusCode < 300 {
+ err = s3unmarshalXMLError(&errResp, r.HTTPResponse.Body)
+ } else {
+ err = xmlutil.UnmarshalXMLError(&errResp, r.HTTPResponse.Body)
}
+
if err != nil {
+ var errorMsg string
+ if err == io.EOF {
+ errorMsg = "empty response payload"
+ } else {
+ errorMsg = "failed to unmarshal error message"
+ }
+
r.Error = awserr.NewRequestFailure(
awserr.New(request.ErrCodeSerialization,
- "failed to unmarshal error message", err),
+ errorMsg, err),
r.HTTPResponse.StatusCode,
r.RequestID,
)
@@ -86,3 +94,21 @@ type RequestFailure interface {
// Host ID is the S3 Host ID needed for debug, and contacting support
HostID() string
}
+
+// s3unmarshalXMLError is s3 specific xml error unmarshaler
+// for 200 OK errors and response payloads.
+// This function differs from the xmlUtil.UnmarshalXMLError
+// func. It does not ignore the EOF error and passes it up.
+// Related to bug fix for `s3 200 OK response with empty payload`
+func s3unmarshalXMLError(v interface{}, stream io.Reader) error {
+ var errBuf bytes.Buffer
+ body := io.TeeReader(stream, &errBuf)
+
+ err := xml.NewDecoder(body).Decode(v)
+ if err != nil && err != io.EOF {
+ return awserr.NewUnmarshalError(err,
+ "failed to unmarshal error message", errBuf.Bytes())
+ }
+
+ return err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
index eb0a6a417..550b5f687 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -78,6 +78,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
// in the IAM User Guide.
//
+// Session Duration
+//
// By default, the temporary security credentials created by AssumeRole last
// for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. You can provide a value from 900
@@ -91,6 +93,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
+// Permissions
+//
// The temporary security credentials created by AssumeRole can be used to make
// API calls to any AWS service with the following exception: You cannot call
// the AWS STS GetFederationToken or GetSessionToken API operations.
@@ -99,7 +103,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
-// and managed session policies shouldn't exceed 2048 characters. Passing policies
+// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
// the session policies. You can use the role's temporary credentials in subsequent
@@ -131,6 +135,24 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// in the IAM User Guide.
//
+// Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These tags are
+// called session tags. For more information about session tags, see Passing
+// Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
// Using MFA with AssumeRole
//
// (Optional) You can include multi-factor authentication (MFA) information
@@ -165,9 +187,18 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// message describes the specific error.
//
// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-// The request was rejected because the policy document was too large. The error
-// message describes how big the policy document is, in packed form, as a percentage
-// of what the API allows.
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An AWS conversion compresses the
+// session policy document, session policy ARNs, and session tags into a packed
+// binary format that has a separate limit. The error message indicates by percentage
+// how close the policies and tags are to the upper size limit. For more information,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
//
// * ErrCodeRegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
@@ -256,6 +287,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// an access key ID, a secret access key, and a security token. Applications
// can use these temporary security credentials to sign calls to AWS services.
//
+// Session Duration
+//
// By default, the temporary security credentials created by AssumeRoleWithSAML
// last for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. Your role session lasts for the
@@ -271,6 +304,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
+// Permissions
+//
// The temporary security credentials created by AssumeRoleWithSAML can be used
// to make API calls to any AWS service with the following exception: you cannot
// call the STS GetFederationToken or GetSessionToken API operations.
@@ -279,7 +314,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
-// and managed session policies shouldn't exceed 2048 characters. Passing policies
+// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
// the session policies. You can use the role's temporary credentials in subsequent
@@ -289,12 +324,6 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
-// Before your application can call AssumeRoleWithSAML, you must configure your
-// SAML identity provider (IdP) to issue the claims required by AWS. Additionally,
-// you must use AWS Identity and Access Management (IAM) to create a SAML provider
-// entity in your AWS account that represents your identity provider. You must
-// also create an IAM role that specifies this SAML provider in its trust policy.
-//
// Calling AssumeRoleWithSAML does not require the use of AWS security credentials.
// The identity of the caller is validated by using keys in the metadata document
// that is uploaded for the SAML provider entity for your identity provider.
@@ -302,8 +331,50 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail
// logs. The entry includes the value in the NameID element of the SAML assertion.
// We recommend that you use a NameIDType that is not associated with any personally
-// identifiable information (PII). For example, you could instead use the Persistent
-// Identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
+// identifiable information (PII). For example, you could instead use the persistent
+// identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
+//
+// Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your SAML assertion
+// as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plain text session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An AWS conversion compresses the passed session policies and session tags
+// into a packed binary format that has a separate limit. Your request can fail
+// for this limit even if your plain text meets the other requirements. The
+// PackedPolicySize response element indicates by percentage how close the policies
+// and tags for your request are to the upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, session tags override the role's tags with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// SAML Configuration
+//
+// Before your application can call AssumeRoleWithSAML, you must configure your
+// SAML identity provider (IdP) to issue the claims required by AWS. Additionally,
+// you must use AWS Identity and Access Management (IAM) to create a SAML provider
+// entity in your AWS account that represents your identity provider. You must
+// also create an IAM role that specifies this SAML provider in its trust policy.
//
// For more information, see the following resources:
//
@@ -332,9 +403,18 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// message describes the specific error.
//
// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-// The request was rejected because the policy document was too large. The error
-// message describes how big the policy document is, in packed form, as a percentage
-// of what the API allows.
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An AWS conversion compresses the
+// session policy document, session policy ARNs, and session tags into a packed
+// binary format that has a separate limit. The error message indicates by percentage
+// how close the policies and tags are to the upper size limit. For more information,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
//
// * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
// The identity provider (IdP) reported that authentication failed. This might
@@ -456,6 +536,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// key ID, a secret access key, and a security token. Applications can use these
// temporary security credentials to sign calls to AWS service API operations.
//
+// Session Duration
+//
// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
// last for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. You can provide a value from 900
@@ -469,6 +551,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
+// Permissions
+//
// The temporary security credentials created by AssumeRoleWithWebIdentity can
// be used to make API calls to any AWS service with the following exception:
// you cannot call the STS GetFederationToken or GetSessionToken API operations.
@@ -477,7 +561,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
-// and managed session policies shouldn't exceed 2048 characters. Passing policies
+// and managed session policies can't exceed 2,048 characters. Passing policies
// to this operation returns new temporary credentials. The resulting session's
// permissions are the intersection of the role's identity-based policy and
// the session policies. You can use the role's temporary credentials in subsequent
@@ -487,6 +571,42 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
+// Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your web identity
+// token as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plain text session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An AWS conversion compresses the passed session policies and session tags
+// into a packed binary format that has a separate limit. Your request can fail
+// for this limit even if your plain text meets the other requirements. The
+// PackedPolicySize response element indicates by percentage how close the policies
+// and tags for your request are to the upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, the session tag overrides the role tag with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// Identities
+//
// Before your application can call AssumeRoleWithWebIdentity, you must have
// an identity token from a supported identity provider and create a role that
// the application can assume. The role that your application assumes must trust
@@ -514,8 +634,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and
// AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
// These toolkits contain sample apps that show how to invoke the identity
-// providers, and then how to use the information from these providers to
-// get and use temporary security credentials.
+// providers. The toolkits then show how to use the information from these
+// providers to get and use temporary security credentials.
//
// * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
// This article discusses web identity federation and shows an example of
@@ -535,9 +655,18 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// message describes the specific error.
//
// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-// The request was rejected because the policy document was too large. The error
-// message describes how big the policy document is, in packed form, as a percentage
-// of what the API allows.
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An AWS conversion compresses the
+// session policy document, session policy ARNs, and session tags into a packed
+// binary format that has a separate limit. The error message indicates by percentage
+// how close the policies and tags are to the upper size limit. For more information,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
//
// * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
// The identity provider (IdP) reported that authentication failed. This might
@@ -547,11 +676,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// can also mean that the claim has expired or has been explicitly revoked.
//
// * ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
-// The request could not be fulfilled because the non-AWS identity provider
-// (IDP) that was asked to verify the incoming identity token could not be reached.
-// This is often a transient error caused by network conditions. Retry the request
+// The request could not be fulfilled because the identity provider (IDP) that
+// was asked to verify the incoming identity token could not be reached. This
+// is often a transient error caused by network conditions. Retry the request
// a limited number of times so that you don't exceed the request rate. If the
-// error persists, the non-AWS identity provider might be down or not responding.
+// error persists, the identity provider might be down or not responding.
//
// * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
// The web identity token that was passed could not be validated by AWS. Get
@@ -763,7 +892,8 @@ func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *reques
// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
// to learn which IAM user owns the keys. To learn who requested the temporary
// credentials for an ASIA access key, view the STS events in your CloudTrail
-// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html).
+// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
+// in the IAM User Guide.
//
// This operation does not indicate the state of the access key. The key might
// be active, inactive, or deleted. Active keys might not have permissions to
@@ -850,7 +980,8 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
// sts:GetCallerIdentity action, you can still perform this operation. Permissions
// are not required because the same information is returned when an IAM user
// or role is denied access. To view an example response, see I Am Not Authorized
-// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa).
+// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
+// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@@ -942,7 +1073,8 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// or an OpenID Connect-compatible identity provider. In this case, we recommend
// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
// For more information, see Federation Through a Web-based Identity Provider
-// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+// in the IAM User Guide.
//
// You can also call GetFederationToken using the security credentials of an
// AWS account root user, but we do not recommend it. Instead, we recommend
@@ -952,41 +1084,67 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
// in the IAM User Guide.
//
+// Session duration
+//
// The temporary credentials are valid for the specified duration, from 900
// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
-// is 43,200 seconds (12 hours). Temporary credentials that are obtained by
-// using AWS account root user credentials have a maximum duration of 3,600
-// seconds (1 hour).
+// session duration is 43,200 seconds (12 hours). Temporary credentials that
+// are obtained by using AWS account root user credentials have a maximum duration
+// of 3,600 seconds (1 hour).
//
-// The temporary security credentials created by GetFederationToken can be used
-// to make API calls to any AWS service with the following exceptions:
+// Permissions
//
-// * You cannot use these credentials to call any IAM API operations.
+// You can use the temporary credentials created by GetFederationToken in any
+// AWS service except the following:
//
-// * You cannot call any STS API operations except GetCallerIdentity.
+// * You cannot call any IAM operations using the AWS CLI or the AWS API.
//
-// Permissions
+// * You cannot call any STS operations except GetCallerIdentity.
//
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
-// and managed session policies shouldn't exceed 2048 characters.
+// and managed session policies can't exceed 2,048 characters.
//
// Though the session policy parameters are optional, if you do not pass a policy,
-// then the resulting federated user session has no permissions. The only exception
-// is when the credentials are used to access a resource that has a resource-based
-// policy that specifically references the federated user session in the Principal
-// element of the policy. When you pass session policies, the session permissions
-// are the intersection of the IAM user policies and the session policies that
-// you pass. This gives you a way to further restrict the permissions for a
-// federated user. You cannot use session policies to grant more permissions
-// than those that are defined in the permissions policy of the IAM user. For
-// more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// then the resulting federated user session has no permissions. When you pass
+// session policies, the session permissions are the intersection of the IAM
+// user policies and the session policies that you pass. This gives you a way
+// to further restrict the permissions for a federated user. You cannot use
+// session policies to grant more permissions than those that are defined in
+// the permissions policy of the IAM user. For more information, see Session
+// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. For information about using GetFederationToken to
// create temporary security credentials, see GetFederationToken—Federation
// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
//
+// You can use the credentials to access a resource that has a resource-based
+// policy. If that policy specifically references the federated user session
+// in the Principal element of the policy, the session has the permissions allowed
+// by the policy. These permissions are granted in addition to the permissions
+// granted by the session policies.
+//
+// Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These are called
+// session tags. For more information about session tags, see Passing Session
+// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// Tag key–value pairs are not case sensitive, but case is preserved. This
+// means that you cannot have separate Department and department tag keys. Assume
+// that the user that you are federating has the Department=Marketing tag and
+// you pass the department=engineering session tag. Department and department
+// are not saved as separate tags, and the session tag passed in the request
+// takes precedence over the user tag.
+//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
@@ -1000,9 +1158,18 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// message describes the specific error.
//
// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
-// The request was rejected because the policy document was too large. The error
-// message describes how big the policy document is, in packed form, as a percentage
-// of what the API allows.
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An AWS conversion compresses the
+// session policy document, session policy ARNs, and session tags into a packed
+// binary format that has a separate limit. The error message indicates by percentage
+// how close the policies and tags are to the upper size limit. For more information,
+// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
//
// * ErrCodeRegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
@@ -1091,6 +1258,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
+// Session Duration
+//
// The GetSessionToken operation must be called by using the long-term AWS security
// credentials of the AWS account root user or an IAM user. Credentials that
// are created by IAM users are valid for the duration that you specify. This
@@ -1099,6 +1268,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
// based on account credentials can range from 900 seconds (15 minutes) up to
// 3,600 seconds (1 hour), with a default of 1 hour.
//
+// Permissions
+//
// The temporary security credentials created by GetSessionToken can be used
// to make API calls to any AWS service with the following exceptions:
//
@@ -1213,16 +1384,16 @@ type AssumeRoleInput struct {
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
- // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
+ // can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@@ -1231,15 +1402,15 @@ type AssumeRoleInput struct {
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
- // policies shouldn't exceed 2048 characters. For more information about ARNs,
+ // policies can't exceed 2,048 characters. For more information about ARNs,
// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@@ -1284,6 +1455,41 @@ type AssumeRoleInput struct {
// also include underscores or any of the following characters: =,.@-
SerialNumber *string `min:"9" type:"string"`
+ // A list of session tags that you want to pass. Each session tag consists of
+ // a key name and an associated value. For more information about session tags,
+ // see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. You can pass up to 50 session tags. The plain
+ // text session tag keys can’t exceed 128 characters, and the values can’t
+ // exceed 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
+ //
+ // You can pass a session tag with the same key as a tag that is already attached
+ // to the role. When you do, session tags override a role tag with the same
+ // key.
+ //
+ // Tag key–value pairs are not case sensitive, but case is preserved. This
+ // means that you cannot have separate Department and department tag keys. Assume
+ // that the role has the Department=Marketing tag and you pass the department=engineering
+ // session tag. Department and department are not saved as separate tags, and
+ // the session tag passed in the request takes precedence over the role tag.
+ //
+ // Additionally, if you used temporary credentials to perform this operation,
+ // the new session inherits any transitive session tags from the calling session.
+ // If you pass a session tag with the same key as an inherited tag, the operation
+ // fails. To view the inherited tags for a session, see the AWS CloudTrail logs.
+ // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs)
+ // in the IAM User Guide.
+ Tags []*Tag `type:"list"`
+
// The value provided by the MFA device, if the trust policy of the role being
// assumed requires MFA (that is, if the policy includes a condition that tests
// for MFA). If the role being assumed requires MFA and if the TokenCode value
@@ -1292,6 +1498,19 @@ type AssumeRoleInput struct {
// The format for this parameter, as described by its regex pattern, is a sequence
// of six numeric digits.
TokenCode *string `min:"6" type:"string"`
+
+ // A list of keys for session tags that you want to set as transitive. If you
+ // set a tag key as transitive, the corresponding key and value passes to subsequent
+ // sessions in a role chain. For more information, see Chaining Roles with Session
+ // Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. When you set session tags as transitive, the
+ // session policy and session tags packed binary limit is not affected.
+ //
+ // If you choose not to specify a transitive tag key, then no tags are passed
+ // from this session to any subsequent sessions.
+ TransitiveTagKeys []*string `type:"list"`
}
// String returns the string representation
@@ -1344,6 +1563,16 @@ func (s *AssumeRoleInput) Validate() error {
}
}
}
+ if s.Tags != nil {
+ for i, v := range s.Tags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -1393,12 +1622,24 @@ func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput {
return s
}
+// SetTags sets the Tags field's value.
+func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput {
+ s.Tags = v
+ return s
+}
+
// SetTokenCode sets the TokenCode field's value.
func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput {
s.TokenCode = &v
return s
}
+// SetTransitiveTagKeys sets the TransitiveTagKeys field's value.
+func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput {
+ s.TransitiveTagKeys = v
+ return s
+}
+
// Contains the response to a successful AssumeRole request, including temporary
// AWS credentials that can be used to make AWS requests.
type AssumeRoleOutput struct {
@@ -1418,9 +1659,10 @@ type AssumeRoleOutput struct {
// We strongly recommend that you make no assumptions about the maximum size.
Credentials *Credentials `type:"structure"`
- // A percentage value that indicates the size of the policy in packed form.
- // The service rejects any policy with a packed size greater than 100 percent,
- // which means the policy exceeded the allowed space.
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
}
@@ -1491,16 +1733,16 @@ type AssumeRoleWithSAMLInput struct {
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
- // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
+ // can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@@ -1509,15 +1751,15 @@ type AssumeRoleWithSAMLInput struct {
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
- // policies shouldn't exceed 2048 characters. For more information about ARNs,
+ // policies can't exceed 2,048 characters. For more information about ARNs,
// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@@ -1546,7 +1788,7 @@ type AssumeRoleWithSAMLInput struct {
// in the IAM User Guide.
//
// SAMLAssertion is a required field
- SAMLAssertion *string `min:"4" type:"string" required:"true"`
+ SAMLAssertion *string `min:"4" type:"string" required:"true" sensitive:"true"`
}
// String returns the string representation
@@ -1673,9 +1915,10 @@ type AssumeRoleWithSAMLOutput struct {
// ) )
NameQualifier *string `type:"string"`
- // A percentage value that indicates the size of the policy in packed form.
- // The service rejects any policy with a packed size greater than 100 percent,
- // which means the policy exceeded the allowed space.
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
// The value of the NameID element in the Subject element of the SAML assertion.
@@ -1786,16 +2029,16 @@ type AssumeRoleWithWebIdentityInput struct {
// in the IAM User Guide.
//
// The plain text that you use for both inline and managed session policies
- // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
+ // can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@@ -1804,15 +2047,15 @@ type AssumeRoleWithWebIdentityInput struct {
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plain text that you use for both inline and managed session
- // policies shouldn't exceed 2048 characters. For more information about ARNs,
+ // policies can't exceed 2,048 characters. For more information about ARNs,
// see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's identity-based
@@ -1857,7 +2100,7 @@ type AssumeRoleWithWebIdentityInput struct {
// the application makes an AssumeRoleWithWebIdentity call.
//
// WebIdentityToken is a required field
- WebIdentityToken *string `min:"4" type:"string" required:"true"`
+ WebIdentityToken *string `min:"4" type:"string" required:"true" sensitive:"true"`
}
// String returns the string representation
@@ -1983,9 +2226,10 @@ type AssumeRoleWithWebIdentityOutput struct {
// We strongly recommend that you make no assumptions about the maximum size.
Credentials *Credentials `type:"structure"`
- // A percentage value that indicates the size of the policy in packed form.
- // The service rejects any policy with a packed size greater than 100 percent,
- // which means the policy exceeded the allowed space.
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
// The issuing authority of the web identity token presented. For OpenID Connect
@@ -2057,7 +2301,7 @@ type AssumedRoleUser struct {
// The ARN of the temporary security credentials that are returned from the
// AssumeRole action. For more information about ARNs and how to use them in
// policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
- // in Using IAM.
+ // in the IAM User Guide.
//
// Arn is a required field
Arn *string `min:"20" type:"string" required:"true"`
@@ -2225,7 +2469,7 @@ type FederatedUser struct {
// The ARN that specifies the federated user that is associated with the credentials.
// For more information about ARNs and how to use them in policies, see IAM
// Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
- // in Using IAM.
+ // in the IAM User Guide.
//
// Arn is a required field
Arn *string `min:"20" type:"string" required:"true"`
@@ -2265,7 +2509,7 @@ type GetAccessKeyInfoInput struct {
// The identifier of an access key.
//
// This parameter allows (through its regex pattern) a string of characters
- // that can consist of any upper- or lowercased letter or digit.
+ // that can consist of any upper- or lowercase letter or digit.
//
// AccessKeyId is a required field
AccessKeyId *string `min:"16" type:"string" required:"true"`
@@ -2418,10 +2662,7 @@ type GetFederationTokenInput struct {
// use as managed session policies.
//
// This parameter is optional. However, if you do not pass any session policies,
- // then the resulting federated user session has no permissions. The only exception
- // is when the credentials are used to access a resource that has a resource-based
- // policy that specifically references the federated user session in the Principal
- // element of the policy.
+ // then the resulting federated user session has no permissions.
//
// When you pass session policies, the session permissions are the intersection
// of the IAM user policies and the session policies that you pass. This gives
@@ -2431,17 +2672,23 @@ type GetFederationTokenInput struct {
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
+ // The resulting credentials can be used to access a resource that has a resource-based
+ // policy. If that policy specifically references the federated user session
+ // in the Principal element of the policy, the session has the permissions allowed
+ // by the policy. These permissions are granted in addition to the permissions
+ // that are granted by the session policies.
+ //
// The plain text that you use for both inline and managed session policies
- // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
+ // can't exceed 2,048 characters. The JSON policy characters can be any ASCII
// character from the space character to the end of the valid character list
// (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
// and carriage return (\u000D) characters.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
Policy *string `min:"1" type:"string"`
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want
@@ -2452,16 +2699,13 @@ type GetFederationTokenInput struct {
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
- // and managed session policies shouldn't exceed 2048 characters. You can provide
+ // and managed session policies can't exceed 2,048 characters. You can provide
// up to 10 managed policy ARNs. For more information about ARNs, see Amazon
// Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the AWS General Reference.
//
// This parameter is optional. However, if you do not pass any session policies,
- // then the resulting federated user session has no permissions. The only exception
- // is when the credentials are used to access a resource that has a resource-based
- // policy that specifically references the federated user session in the Principal
- // element of the policy.
+ // then the resulting federated user session has no permissions.
//
// When you pass session policies, the session permissions are the intersection
// of the IAM user policies and the session policies that you pass. This gives
@@ -2471,12 +2715,46 @@ type GetFederationTokenInput struct {
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
- // The characters in this parameter count towards the 2048 character session
- // policy guideline. However, an AWS conversion compresses the session policies
- // into a packed binary format that has a separate limit. This is the enforced
- // limit. The PackedPolicySize response element indicates by percentage how
- // close the policy is to the upper size limit.
+ // The resulting credentials can be used to access a resource that has a resource-based
+ // policy. If that policy specifically references the federated user session
+ // in the Principal element of the policy, the session has the permissions allowed
+ // by the policy. These permissions are granted in addition to the permissions
+ // that are granted by the session policies.
+ //
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
PolicyArns []*PolicyDescriptorType `type:"list"`
+
+ // A list of session tags. Each session tag consists of a key name and an associated
+ // value. For more information about session tags, see Passing Session Tags
+ // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. You can pass up to 50 session tags. The plain
+ // text session tag keys can’t exceed 128 characters and the values can’t
+ // exceed 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // An AWS conversion compresses the passed session policies and session tags
+ // into a packed binary format that has a separate limit. Your request can fail
+ // for this limit even if your plain text meets the other requirements. The
+ // PackedPolicySize response element indicates by percentage how close the policies
+ // and tags for your request are to the upper size limit.
+ //
+ // You can pass a session tag with the same key as a tag that is already attached
+ // to the user you are federating. When you do, session tags override a user
+ // tag with the same key.
+ //
+ // Tag key–value pairs are not case sensitive, but case is preserved. This
+ // means that you cannot have separate Department and department tag keys. Assume
+ // that the role has the Department=Marketing tag and you pass the department=engineering
+ // session tag. Department and department are not saved as separate tags, and
+ // the session tag passed in the request takes precedence over the role tag.
+ Tags []*Tag `type:"list"`
}
// String returns the string representation
@@ -2514,6 +2792,16 @@ func (s *GetFederationTokenInput) Validate() error {
}
}
}
+ if s.Tags != nil {
+ for i, v := range s.Tags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -2545,6 +2833,12 @@ func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetF
return s
}
+// SetTags sets the Tags field's value.
+func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput {
+ s.Tags = v
+ return s
+}
+
// Contains the response to a successful GetFederationToken request, including
// temporary AWS credentials that can be used to make AWS requests.
type GetFederationTokenOutput struct {
@@ -2563,9 +2857,10 @@ type GetFederationTokenOutput struct {
// an Amazon S3 bucket policy.
FederatedUser *FederatedUser `type:"structure"`
- // A percentage value indicating the size of the policy in packed form. The
- // service rejects policies for which the packed size is greater than 100 percent
- // of the allowed value.
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
PackedPolicySize *int64 `type:"integer"`
}
@@ -2748,3 +3043,73 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
s.Arn = &v
return s
}
+
+// You can pass custom key-value pair attributes when you assume a role or federate
+// a user. These are called session tags. You can then use the session tags
+// to control access to resources. For more information, see Tagging AWS STS
+// Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+type Tag struct {
+ _ struct{} `type:"structure"`
+
+ // The key for a session tag.
+ //
+ // You can pass up to 50 session tags. The plain text session tag keys can’t
+ // exceed 128 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // Key is a required field
+ Key *string `min:"1" type:"string" required:"true"`
+
+ // The value for a session tag.
+ //
+ // You can pass up to 50 session tags. The plain text session tag values can’t
+ // exceed 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // Value is a required field
+ Value *string `type:"string" required:"true"`
+}
+
+// String returns the string representation
+func (s Tag) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation
+func (s Tag) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tag) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "Tag"}
+ if s.Key == nil {
+ invalidParams.Add(request.NewErrParamRequired("Key"))
+ }
+ if s.Key != nil && len(*s.Key) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+ }
+ if s.Value == nil {
+ invalidParams.Add(request.NewErrParamRequired("Value"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+ s.Key = &v
+ return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+ s.Value = &v
+ return s
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
index 41ea09c35..a233f542e 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
@@ -14,11 +14,11 @@ const (
// ErrCodeIDPCommunicationErrorException for service response error code
// "IDPCommunicationError".
//
- // The request could not be fulfilled because the non-AWS identity provider
- // (IDP) that was asked to verify the incoming identity token could not be reached.
- // This is often a transient error caused by network conditions. Retry the request
+ // The request could not be fulfilled because the identity provider (IDP) that
+ // was asked to verify the incoming identity token could not be reached. This
+ // is often a transient error caused by network conditions. Retry the request
// a limited number of times so that you don't exceed the request rate. If the
- // error persists, the non-AWS identity provider might be down or not responding.
+ // error persists, the identity provider might be down or not responding.
ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
// ErrCodeIDPRejectedClaimException for service response error code
@@ -56,9 +56,18 @@ const (
// ErrCodePackedPolicyTooLargeException for service response error code
// "PackedPolicyTooLarge".
//
- // The request was rejected because the policy document was too large. The error
- // message describes how big the policy document is, in packed form, as a percentage
- // of what the API allows.
+ // The request was rejected because the total packed size of the session policies
+ // and session tags combined was too large. An AWS conversion compresses the
+ // session policy document, session policy ARNs, and session tags into a packed
+ // binary format that has a separate limit. The error message indicates by percentage
+ // how close the policies and tags are to the upper size limit. For more information,
+ // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // You could receive this error even though you meet other defined session policy
+ // and session tag limits. For more information, see IAM and STS Entity Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+ // in the IAM User Guide.
ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
// ErrCodeRegionDisabledException for service response error code
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
index 185c914d1..d34a68553 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
@@ -31,7 +31,7 @@ var initRequest func(*request.Request)
const (
ServiceName = "sts" // Name of service.
EndpointsID = ServiceName // ID to lookup a service endpoint with.
- ServiceID = "STS" // ServiceID is a unique identifer of a specific service.
+ ServiceID = "STS" // ServiceID is a unique identifier of a specific service.
)
// New creates a new instance of the STS client with a session.
@@ -39,6 +39,8 @@ const (
// aws.Config parameter to add your extra config.
//
// Example:
+// mySession := session.Must(session.NewSession())
+//
// // Create a STS client from just a session.
// svc := sts.New(mySession)
//
@@ -46,11 +48,11 @@ const (
// svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
c := p.ClientConfig(EndpointsID, cfgs...)
- return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
}
// newClient creates, initializes and returns a new service client instance.
-func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *STS {
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *STS {
svc := &STS{
Client: client.New(
cfg,
@@ -59,6 +61,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
ServiceID: ServiceID,
SigningName: signingName,
SigningRegion: signingRegion,
+ PartitionID: partitionID,
Endpoint: endpoint,
APIVersion: "2011-06-15",
},
diff --git a/vendor/github.com/jmespath/go-jmespath/.travis.yml b/vendor/github.com/jmespath/go-jmespath/.travis.yml
index 1f9807757..730c7fa51 100644
--- a/vendor/github.com/jmespath/go-jmespath/.travis.yml
+++ b/vendor/github.com/jmespath/go-jmespath/.travis.yml
@@ -3,7 +3,15 @@ language: go
sudo: false
go:
- - 1.4
+ - 1.5.x
+ - 1.6.x
+ - 1.7.x
+ - 1.8.x
+ - 1.9.x
+ - 1.10.x
+ - 1.11.x
+ - 1.12.x
+ - 1.13.x
install: go get -v -t ./...
script: make test
diff --git a/vendor/github.com/jmespath/go-jmespath/README.md b/vendor/github.com/jmespath/go-jmespath/README.md
index 187ef676d..110ad7999 100644
--- a/vendor/github.com/jmespath/go-jmespath/README.md
+++ b/vendor/github.com/jmespath/go-jmespath/README.md
@@ -4,4 +4,84 @@
-See http://jmespath.org for more info.
+go-jmespath is a GO implementation of JMESPath,
+which is a query language for JSON. It will take a JSON
+document and transform it into another JSON document
+through a JMESPath expression.
+
+Using go-jmespath is really easy. There's a single function
+you use, `jmespath.search`:
+
+
+```go
+> import "github.com/jmespath/go-jmespath"
+>
+> var jsondata = []byte(`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.Search("foo.bar.baz[2]", data)
+result = 2
+```
+
+In the example we gave the ``search`` function input data of
+`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}` as well as the JMESPath
+expression `foo.bar.baz[2]`, and the `search` function evaluated
+the expression against the input data to produce the result ``2``.
+
+The JMESPath language can do a lot more than select an element
+from a list. Here are a few more examples:
+
+```go
+> var jsondata = []byte(`{"foo": {"bar": {"baz": [0, 1, 2, 3, 4]}}}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search("foo.bar", data)
+result = { "baz": [ 0, 1, 2, 3, 4 ] }
+
+
+> var jsondata = []byte(`{"foo": [{"first": "a", "last": "b"},
+ {"first": "c", "last": "d"}]}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search({"foo[*].first", data)
+result [ 'a', 'c' ]
+
+
+> var jsondata = []byte(`{"foo": [{"age": 20}, {"age": 25},
+ {"age": 30}, {"age": 35},
+ {"age": 40}]}`) // your data
+> var data interface{}
+> err := json.Unmarshal(jsondata, &data)
+> result, err := jmespath.search("foo[?age > `30`]")
+result = [ { age: 35 }, { age: 40 } ]
+```
+
+You can also pre-compile your query. This is usefull if
+you are going to run multiple searches with it:
+
+```go
+ > var jsondata = []byte(`{"foo": "bar"}`)
+ > var data interface{}
+ > err := json.Unmarshal(jsondata, &data)
+ > precompiled, err := Compile("foo")
+ > if err != nil{
+ > // ... handle the error
+ > }
+ > result, err := precompiled.Search(data)
+ result = "bar"
+```
+
+## More Resources
+
+The example above only show a small amount of what
+a JMESPath expression can do. If you want to take a
+tour of the language, the *best* place to go is the
+[JMESPath Tutorial](http://jmespath.org/tutorial.html).
+
+One of the best things about JMESPath is that it is
+implemented in many different programming languages including
+python, ruby, php, lua, etc. To see a complete list of libraries,
+check out the [JMESPath libraries page](http://jmespath.org/libraries.html).
+
+And finally, the full JMESPath specification can be found
+on the [JMESPath site](http://jmespath.org/specification.html).
diff --git a/vendor/github.com/jmespath/go-jmespath/api.go b/vendor/github.com/jmespath/go-jmespath/api.go
index 8e26ffeec..010efe9bf 100644
--- a/vendor/github.com/jmespath/go-jmespath/api.go
+++ b/vendor/github.com/jmespath/go-jmespath/api.go
@@ -2,7 +2,7 @@ package jmespath
import "strconv"
-// JMESPath is the epresentation of a compiled JMES path query. A JMESPath is
+// JMESPath is the representation of a compiled JMES path query. A JMESPath is
// safe for concurrent use by multiple goroutines.
type JMESPath struct {
ast ASTNode
diff --git a/vendor/github.com/jmespath/go-jmespath/go.mod b/vendor/github.com/jmespath/go-jmespath/go.mod
new file mode 100644
index 000000000..aa1e3f1c9
--- /dev/null
+++ b/vendor/github.com/jmespath/go-jmespath/go.mod
@@ -0,0 +1,5 @@
+module github.com/jmespath/go-jmespath
+
+go 1.14
+
+require github.com/stretchr/testify v1.5.1
diff --git a/vendor/github.com/jmespath/go-jmespath/go.sum b/vendor/github.com/jmespath/go-jmespath/go.sum
new file mode 100644
index 000000000..331fa6982
--- /dev/null
+++ b/vendor/github.com/jmespath/go-jmespath/go.sum
@@ -0,0 +1,11 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/vendor/github.com/jmespath/go-jmespath/parser.go b/vendor/github.com/jmespath/go-jmespath/parser.go
index 1240a1755..4abc303ab 100644
--- a/vendor/github.com/jmespath/go-jmespath/parser.go
+++ b/vendor/github.com/jmespath/go-jmespath/parser.go
@@ -137,7 +137,7 @@ func (p *Parser) Parse(expression string) (ASTNode, error) {
}
if p.current() != tEOF {
return ASTNode{}, p.syntaxError(fmt.Sprintf(
- "Unexpected token at the end of the expresssion: %s", p.current()))
+ "Unexpected token at the end of the expression: %s", p.current()))
}
return parsed, nil
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 63674db3e..1d9d3d202 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -25,8 +25,9 @@ github.com/apparentlymart/go-cidr/cidr
github.com/apparentlymart/go-textseg/textseg
# github.com/armon/go-radix v1.0.0
github.com/armon/go-radix
-# github.com/aws/aws-sdk-go v1.25.3
+# github.com/aws/aws-sdk-go v1.32.1
github.com/aws/aws-sdk-go/aws
+github.com/aws/aws-sdk-go/aws/arn
github.com/aws/aws-sdk-go/aws/awserr
github.com/aws/aws-sdk-go/aws/awsutil
github.com/aws/aws-sdk-go/aws/client
@@ -44,6 +45,7 @@ github.com/aws/aws-sdk-go/aws/endpoints
github.com/aws/aws-sdk-go/aws/request
github.com/aws/aws-sdk-go/aws/session
github.com/aws/aws-sdk-go/aws/signer/v4
+github.com/aws/aws-sdk-go/internal/context
github.com/aws/aws-sdk-go/internal/ini
github.com/aws/aws-sdk-go/internal/s3err
github.com/aws/aws-sdk-go/internal/sdkio
@@ -51,6 +53,9 @@ github.com/aws/aws-sdk-go/internal/sdkmath
github.com/aws/aws-sdk-go/internal/sdkrand
github.com/aws/aws-sdk-go/internal/sdkuri
github.com/aws/aws-sdk-go/internal/shareddefaults
+github.com/aws/aws-sdk-go/internal/strings
+github.com/aws/aws-sdk-go/internal/sync/singleflight
+github.com/aws/aws-sdk-go/private/checksum
github.com/aws/aws-sdk-go/private/protocol
github.com/aws/aws-sdk-go/private/protocol/eventstream
github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi
@@ -61,6 +66,7 @@ github.com/aws/aws-sdk-go/private/protocol/rest
github.com/aws/aws-sdk-go/private/protocol/restxml
github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil
github.com/aws/aws-sdk-go/service/s3
+github.com/aws/aws-sdk-go/service/s3/internal/arn
github.com/aws/aws-sdk-go/service/sts
github.com/aws/aws-sdk-go/service/sts/stsiface
# github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d
@@ -197,7 +203,7 @@ github.com/hashicorp/terraform-svchost/auth
github.com/hashicorp/terraform-svchost/disco
# github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d
github.com/hashicorp/yamux
-# github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af
+# github.com/jmespath/go-jmespath v0.3.0
github.com/jmespath/go-jmespath
# github.com/joho/godotenv v1.3.0
github.com/joho/godotenv