From d65f091dc5220f5f297ead9d478b1998d57b0dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Taveira=20Ara=C3=BAjo?= Date: Fri, 23 Jun 2023 13:39:56 -0700 Subject: [PATCH] chore: update SDK --- go.mod | 2 +- go.sum | 2 + .../cloudwatchlogs/testdata/expect.json | 8 + .../testdata/describetable-expect.json | 1 + .../testdata/describeinstances-expect.json | 6 + .../describereplicationgroups-expect.json | 2 + .../testdata/describedbclusters-expect.json | 1 + .../testdata/describedbinstances-expect.json | 2 + .../testdata/describeclusters-expect.json | 3 + .../github.com/aws/aws-sdk-go/aws/config.go | 64 +- .../aws/credentials/processcreds/provider.go | 24 +- .../stscreds/assume_role_provider.go | 12 +- .../aws/aws-sdk-go/aws/ec2metadata/service.go | 10 +- .../aws/ec2metadata/token_provider.go | 25 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 3088 +++++- .../aws/aws-sdk-go/aws/session/session.go | 60 +- .../aws/aws-sdk-go/aws/signer/v4/v4.go | 11 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../protocol/restjson/unmarshal_error.go | 133 +- .../aws/aws-sdk-go/service/autoscaling/api.go | 377 +- .../aws-sdk-go/service/cloudformation/api.go | 742 +- .../service/cloudformation/waiters.go | 5 + .../aws/aws-sdk-go/service/cloudfront/api.go | 198 +- .../aws-sdk-go/service/cloudwatchlogs/api.go | 873 +- .../aws/aws-sdk-go/service/dynamodb/api.go | 427 +- .../aws/aws-sdk-go/service/dynamodb/errors.go | 49 +- .../aws/aws-sdk-go/service/ec2/api.go | 3909 +++++-- .../aws-sdk-go/service/ec2/customizations.go | 22 +- .../aws/aws-sdk-go/service/ecs/api.go | 689 +- .../aws/aws-sdk-go/service/ecs/errors.go | 2 +- .../aws/aws-sdk-go/service/efs/api.go | 67 +- .../aws/aws-sdk-go/service/elasticache/api.go | 121 +- .../aws/aws-sdk-go/service/eventbridge/api.go | 22 +- .../aws/aws-sdk-go/service/iam/api.go | 166 +- .../aws/aws-sdk-go/service/iam/errors.go | 3 +- .../aws/aws-sdk-go/service/kms/api.go | 979 +- .../aws/aws-sdk-go/service/kms/doc.go | 16 +- .../aws/aws-sdk-go/service/lambda/api.go | 1491 ++- .../aws/aws-sdk-go/service/lambda/errors.go | 8 + .../aws/aws-sdk-go/service/lambda/service.go | 3 + .../aws-sdk-go/service/organizations/api.go | 164 +- .../service/organizations/errors.go | 4 + .../aws/aws-sdk-go/service/rds/api.go | 3070 +++--- .../aws/aws-sdk-go/service/rds/errors.go | 15 +- .../aws/aws-sdk-go/service/redshift/api.go | 1020 +- .../aws/aws-sdk-go/service/redshift/errors.go | 12 + .../aws/aws-sdk-go/service/s3/api.go | 1601 +-- .../service/s3/platform_handlers_go1.6.go | 2 +- .../aws-sdk-go/service/secretsmanager/api.go | 74 +- .../aws/aws-sdk-go/service/securityhub/api.go | 9708 ++++++++++++++--- .../aws/aws-sdk-go/service/securityhub/doc.go | 8 +- .../aws/aws-sdk-go/service/sqs/api.go | 959 +- .../aws/aws-sdk-go/service/sqs/errors.go | 8 +- .../aws/aws-sdk-go/service/sts/api.go | 135 +- .../aws/aws-sdk-go/service/sts/doc.go | 7 +- vendor/modules.txt | 2 +- 56 files changed, 24752 insertions(+), 5662 deletions(-) diff --git a/go.mod b/go.mod index 42aba8c..28a1e47 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/observeinc/aws-snapshot go 1.19 require ( - github.com/aws/aws-sdk-go v1.44.199 + github.com/aws/aws-sdk-go v1.44.289 github.com/google/go-cmp v0.5.9 github.com/mitchellh/mapstructure v1.5.0 ) diff --git a/go.sum b/go.sum index ff27e5b..1958dd1 100644 --- a/go.sum +++ b/go.sum @@ -44,6 +44,8 @@ github.com/aws/aws-sdk-go v1.44.172 h1:JwhHWVkU/UUq8b4kc2ETzoYg6UXlSslK1EthXcXY8 github.com/aws/aws-sdk-go v1.44.172/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.199 h1:hYuQmS4zLMJR9v2iOp2UOD6Vi/0V+nwyR/Uhrkrtlbc= github.com/aws/aws-sdk-go v1.44.199/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0= +github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/service/cloudwatchlogs/testdata/expect.json b/pkg/service/cloudwatchlogs/testdata/expect.json index a959c08..85ed322 100644 --- a/pkg/service/cloudwatchlogs/testdata/expect.json +++ b/pkg/service/cloudwatchlogs/testdata/expect.json @@ -6,6 +6,7 @@ "Arn": "arn:aws:logs:us-west-2:1234567890:log-group:/aws/eks/az_test/cluster:*", "CreationTime": 1616686614974, "DataProtectionStatus": null, + "InheritedProperties": null, "KmsKeyId": null, "LogGroupName": "/aws/eks/az_test/cluster", "MetricFilterCount": 0, @@ -20,6 +21,7 @@ "Arn": "arn:aws:logs:us-west-2:1234567890:log-group:/aws/kinesisfirehose/demo:*", "CreationTime": 1525905839402, "DataProtectionStatus": null, + "InheritedProperties": null, "KmsKeyId": null, "LogGroupName": "/aws/kinesisfirehose/demo", "MetricFilterCount": 0, @@ -34,6 +36,7 @@ "Arn": "arn:aws:logs:us-west-2:1234567890:log-group:/aws/kinesisfirehose/event_link_json_input_v1_s3:*", "CreationTime": 1521588035845, "DataProtectionStatus": null, + "InheritedProperties": null, "KmsKeyId": null, "LogGroupName": "/aws/kinesisfirehose/event_link_json_input_v1_s3", "MetricFilterCount": 0, @@ -48,6 +51,7 @@ "Arn": "arn:aws:logs:us-west-2:1234567890:log-group:/aws/kinesisfirehose/twitter_stream:*", "CreationTime": 1520464878241, "DataProtectionStatus": null, + "InheritedProperties": null, "KmsKeyId": null, "LogGroupName": "/aws/kinesisfirehose/twitter_stream", "MetricFilterCount": 0, @@ -62,6 +66,7 @@ "Arn": "arn:aws:logs:us-west-2:1234567890:log-group:/aws/kinesisfirehose/twitter_to_s3:*", "CreationTime": 1520465901889, "DataProtectionStatus": null, + "InheritedProperties": null, "KmsKeyId": null, "LogGroupName": "/aws/kinesisfirehose/twitter_to_s3", "MetricFilterCount": 0, @@ -76,6 +81,7 @@ "Arn": "arn:aws:logs:us-west-2:1234567890:log-group:/aws/lambda/awsobserver:*", "CreationTime": 1569452642892, "DataProtectionStatus": null, + "InheritedProperties": null, "KmsKeyId": null, "LogGroupName": "/aws/lambda/awsobserver", "MetricFilterCount": 0, @@ -90,6 +96,7 @@ "Arn": "arn:aws:logs:us-west-2:1234567890:log-group:/aws/lambda/marketing:*", "CreationTime": 1544487890798, "DataProtectionStatus": null, + "InheritedProperties": null, "KmsKeyId": null, "LogGroupName": "/aws/lambda/marketing", "MetricFilterCount": 0, @@ -104,6 +111,7 @@ "Arn": "arn:aws:logs:us-west-2:1234567890:log-group:/aws/lambda/marketing-dev-app:*", "CreationTime": 1544500593461, "DataProtectionStatus": null, + "InheritedProperties": null, "KmsKeyId": null, "LogGroupName": "/aws/lambda/marketing-dev-app", "MetricFilterCount": 0, diff --git a/pkg/service/dynamodb/testdata/describetable-expect.json b/pkg/service/dynamodb/testdata/describetable-expect.json index f680c2f..c767c2e 100644 --- a/pkg/service/dynamodb/testdata/describetable-expect.json +++ b/pkg/service/dynamodb/testdata/describetable-expect.json @@ -12,6 +12,7 @@ ], "BillingModeSummary": null, "CreationDateTime": "2020-04-09T12:57:21.205-07:00", + "DeletionProtectionEnabled": null, "GlobalSecondaryIndexes": null, "GlobalTableVersion": null, "ItemCount": 9, diff --git a/pkg/service/ec2/testdata/describeinstances-expect.json b/pkg/service/ec2/testdata/describeinstances-expect.json index 6af92e9..825c204 100644 --- a/pkg/service/ec2/testdata/describeinstances-expect.json +++ b/pkg/service/ec2/testdata/describeinstances-expect.json @@ -34,9 +34,11 @@ }, "ClientToken": "", "CpuOptions": { + "AmdSevSnp": null, "CoreCount": 2, "ThreadsPerCore": 2 }, + "CurrentInstanceBootMode": null, "EbsOptimized": false, "ElasticGpuAssociations": null, "ElasticInferenceAcceleratorAssociations": null, @@ -226,9 +228,11 @@ }, "ClientToken": "00000000-8999-bd17-d6f7-000000000000", "CpuOptions": { + "AmdSevSnp": null, "CoreCount": 1, "ThreadsPerCore": 2 }, + "CurrentInstanceBootMode": null, "EbsOptimized": false, "ElasticGpuAssociations": null, "ElasticInferenceAcceleratorAssociations": null, @@ -571,9 +575,11 @@ }, "ClientToken": "00000000-c9b9-cc34-85b2-000000000000", "CpuOptions": { + "AmdSevSnp": null, "CoreCount": 1, "ThreadsPerCore": 2 }, + "CurrentInstanceBootMode": null, "EbsOptimized": false, "ElasticGpuAssociations": null, "ElasticInferenceAcceleratorAssociations": null, diff --git a/pkg/service/elasticache/testdata/describereplicationgroups-expect.json b/pkg/service/elasticache/testdata/describereplicationgroups-expect.json index 199eeef..beb8968 100644 --- a/pkg/service/elasticache/testdata/describereplicationgroups-expect.json +++ b/pkg/service/elasticache/testdata/describereplicationgroups-expect.json @@ -11,6 +11,7 @@ "AutomaticFailover": "enabled", "CacheNodeType": "cache.r6g.large", "ClusterEnabled": false, + "ClusterMode": null, "ConfigurationEndpoint": null, "DataTiering": null, "Description": " ", @@ -96,6 +97,7 @@ "PendingModifiedValues": { "AuthTokenStatus": null, "AutomaticFailoverStatus": null, + "ClusterMode": null, "LogDeliveryConfigurations": null, "PrimaryClusterId": null, "Resharding": null, diff --git a/pkg/service/rds/testdata/describedbclusters-expect.json b/pkg/service/rds/testdata/describedbclusters-expect.json index b33274a..77e5a88 100644 --- a/pkg/service/rds/testdata/describedbclusters-expect.json +++ b/pkg/service/rds/testdata/describedbclusters-expect.json @@ -59,6 +59,7 @@ "HostedZoneId": "Z100000000001W", "HttpEndpointEnabled": false, "IAMDatabaseAuthenticationEnabled": false, + "IOOptimizedNextAllowedModificationTime": null, "Iops": null, "KmsKeyId": "arn:aws:kms:us-west-2:1234567890:key/0000000b-a3d5-4588-0000-000000000002", "LatestRestorableTime": "2021-06-01T17:43:18.835Z", diff --git a/pkg/service/rds/testdata/describedbinstances-expect.json b/pkg/service/rds/testdata/describedbinstances-expect.json index 47ed1cf..26b0cb1 100644 --- a/pkg/service/rds/testdata/describedbinstances-expect.json +++ b/pkg/service/rds/testdata/describedbinstances-expect.json @@ -133,6 +133,7 @@ "DBInstanceClass": null, "DBInstanceIdentifier": null, "DBSubnetGroupName": null, + "Engine": null, "EngineVersion": null, "IAMDatabaseAuthenticationEnabled": null, "Iops": null, @@ -156,6 +157,7 @@ "PubliclyAccessible": false, "ReadReplicaDBClusterIdentifiers": null, "ReadReplicaDBInstanceIdentifiers": [], + "ReadReplicaSourceDBClusterIdentifier": null, "ReadReplicaSourceDBInstanceIdentifier": null, "ReplicaMode": null, "ResumeFullAutomationModeTime": null, diff --git a/pkg/service/redshift/testdata/describeclusters-expect.json b/pkg/service/redshift/testdata/describeclusters-expect.json index deb4718..592f2cf 100644 --- a/pkg/service/redshift/testdata/describeclusters-expect.json +++ b/pkg/service/redshift/testdata/describeclusters-expect.json @@ -36,6 +36,9 @@ "ClusterStatus": "available", "ClusterSubnetGroupName": "default", "ClusterVersion": "1.0", + "CustomDomainCertificateArn": null, + "CustomDomainCertificateExpiryDate": null, + "CustomDomainName": null, "DBName": "dev", "DataTransferProgress": null, "DefaultIamRoleArn": null, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go index 4818ea4..776e31b 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go @@ -20,16 +20,16 @@ type RequestRetryer interface{} // A Config provides service configuration for service clients. By default, // all clients will use the defaults.DefaultConfig structure. // -// // Create Session with MaxRetries configuration to be shared by multiple -// // service clients. -// sess := session.Must(session.NewSession(&aws.Config{ -// MaxRetries: aws.Int(3), -// })) +// // Create Session with MaxRetries configuration to be shared by multiple +// // service clients. +// sess := session.Must(session.NewSession(&aws.Config{ +// MaxRetries: aws.Int(3), +// })) // -// // Create S3 service client with a specific Region. -// svc := s3.New(sess, &aws.Config{ -// Region: aws.String("us-west-2"), -// }) +// // Create S3 service client with a specific Region. +// svc := s3.New(sess, &aws.Config{ +// Region: aws.String("us-west-2"), +// }) type Config struct { // Enables verbose error printing of all credential chain errors. // Should be used when wanting to see all errors while attempting to @@ -192,6 +192,23 @@ type Config struct { // EC2MetadataDisableTimeoutOverride *bool + // Set this to `false` to disable EC2Metadata client from falling back to IMDSv1. + // By default, EC2 role credentials will fall back to IMDSv1 as needed for backwards compatibility. + // You can disable this behavior by explicitly setting this flag to `false`. When false, the EC2Metadata + // client will return any errors encountered from attempting to fetch a token instead of silently + // using the insecure data flow of IMDSv1. + // + // Example: + // sess := session.Must(session.NewSession(aws.NewConfig() + // .WithEC2MetadataEnableFallback(false))) + // + // svc := s3.New(sess) + // + // See [configuring IMDS] for more information. + // + // [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html + EC2MetadataEnableFallback *bool + // Instructs the endpoint to be generated for a service client to // be the dual stack endpoint. The dual stack endpoint will support // both IPv4 and IPv6 addressing. @@ -283,16 +300,16 @@ type Config struct { // NewConfig returns a new Config pointer that can be chained with builder // methods to set multiple configuration values inline without using pointers. // -// // Create Session with MaxRetries configuration to be shared by multiple -// // service clients. -// sess := session.Must(session.NewSession(aws.NewConfig(). -// WithMaxRetries(3), -// )) +// // Create Session with MaxRetries configuration to be shared by multiple +// // service clients. +// sess := session.Must(session.NewSession(aws.NewConfig(). +// WithMaxRetries(3), +// )) // -// // Create S3 service client with a specific Region. -// svc := s3.New(sess, aws.NewConfig(). -// WithRegion("us-west-2"), -// ) +// // Create S3 service client with a specific Region. +// svc := s3.New(sess, aws.NewConfig(). +// WithRegion("us-west-2"), +// ) func NewConfig() *Config { return &Config{} } @@ -432,6 +449,13 @@ func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config { return c } +// WithEC2MetadataEnableFallback sets a config EC2MetadataEnableFallback value +// returning a Config pointer for chaining. +func (c *Config) WithEC2MetadataEnableFallback(v bool) *Config { + c.EC2MetadataEnableFallback = &v + return c +} + // WithSleepDelay overrides the function used to sleep while waiting for the // next retry. Defaults to time.Sleep. func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config { @@ -576,6 +600,10 @@ func mergeInConfig(dst *Config, other *Config) { dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride } + if other.EC2MetadataEnableFallback != nil { + dst.EC2MetadataEnableFallback = other.EC2MetadataEnableFallback + } + if other.SleepDelay != nil { dst.SleepDelay = other.SleepDelay } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go index e624836..18694f0 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go @@ -226,12 +226,24 @@ func NewCredentialsCommand(command *exec.Cmd, options ...func(*ProcessProvider)) return credentials.NewCredentials(p) } -type credentialProcessResponse struct { - Version int - AccessKeyID string `json:"AccessKeyId"` +// A CredentialProcessResponse is the AWS credentials format that must be +// returned when executing an external credential_process. +type CredentialProcessResponse struct { + // As of this writing, the Version key must be set to 1. This might + // increment over time as the structure evolves. + Version int + + // The access key ID that identifies the temporary security credentials. + AccessKeyID string `json:"AccessKeyId"` + + // The secret access key that can be used to sign requests. SecretAccessKey string - SessionToken string - Expiration *time.Time + + // The token that users must pass to the service API to use the temporary credentials. + SessionToken string + + // The date on which the current credentials expire. + Expiration *time.Time } // Retrieve executes the 'credential_process' and returns the credentials. @@ -242,7 +254,7 @@ func (p *ProcessProvider) Retrieve() (credentials.Value, error) { } // Serialize and validate response - resp := &credentialProcessResponse{} + resp := &CredentialProcessResponse{} if err = json.Unmarshal(out, resp); err != nil { return credentials.Value{ProviderName: ProviderName}, awserr.New( ErrCodeProcessProviderParse, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go index 260a37c..86db488 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go @@ -9,7 +9,7 @@ to refresh the credentials will be synchronized. But, the SDK is unable to ensure synchronous usage of the AssumeRoleProvider if the value is shared between multiple Credentials, Sessions or service clients. -Assume Role +# Assume Role To assume an IAM role using STS with the SDK you can create a new Credentials with the SDKs's stscreds package. @@ -27,7 +27,7 @@ with the SDKs's stscreds package. // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) -Assume Role with static MFA Token +# Assume Role with static MFA Token To assume an IAM role with a MFA token you can either specify a MFA token code directly or provide a function to prompt the user each time the credentials @@ -49,7 +49,7 @@ credentials. // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) -Assume Role with MFA Token Provider +# Assume Role with MFA Token Provider To assume an IAM role with MFA for longer running tasks where the credentials may need to be refreshed setting the TokenProvider field of AssumeRoleProvider @@ -74,7 +74,6 @@ single Credentials with an AssumeRoleProvider can be shared safely. // Create service client value configured for credentials // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) - */ package stscreds @@ -199,6 +198,10 @@ type AssumeRoleProvider struct { // or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). SerialNumber *string + // The SourceIdentity which is used to identity a persistent identity through the whole session. + // For more details see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html + SourceIdentity *string + // The value provided by the MFA device, if the trust policy of the role being // assumed requires MFA (that is, if the policy includes a condition that tests // for MFA). If the role being assumed requires MFA and if the TokenCode value @@ -320,6 +323,7 @@ func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (crede Tags: p.Tags, PolicyArns: p.PolicyArns, TransitiveTagKeys: p.TransitiveTagKeys, + SourceIdentity: p.SourceIdentity, } if p.Policy != nil { input.Policy = p.Policy diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index df63bad..f4cc875 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -57,13 +57,13 @@ type EC2Metadata struct { // New creates a new instance of the EC2Metadata client with a session. // This client is safe to use across multiple goroutines. // -// // Example: -// // Create a EC2Metadata client from just a session. -// svc := ec2metadata.New(mySession) // -// // Create a EC2Metadata client with additional configuration -// svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody)) +// // Create a EC2Metadata client from just a session. +// svc := ec2metadata.New(mySession) +// +// // Create a EC2Metadata client with additional configuration +// svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody)) func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2Metadata { c := p.ClientConfig(ServiceName, cfgs...) return NewClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go index 4b29f19..604aeff 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go @@ -1,6 +1,7 @@ package ec2metadata import ( + "fmt" "net/http" "sync/atomic" "time" @@ -33,11 +34,15 @@ func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider { return &tokenProvider{client: c, configuredTTL: duration} } +// check if fallback is enabled +func (t *tokenProvider) fallbackEnabled() bool { + return t.client.Config.EC2MetadataEnableFallback == nil || *t.client.Config.EC2MetadataEnableFallback +} + // fetchTokenHandler fetches token for EC2Metadata service client by default. func (t *tokenProvider) fetchTokenHandler(r *request.Request) { - // short-circuits to insecure data flow if tokenProvider is disabled. - if v := atomic.LoadUint32(&t.disabled); v == 1 { + if v := atomic.LoadUint32(&t.disabled); v == 1 && t.fallbackEnabled() { return } @@ -49,23 +54,21 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) { output, err := t.client.getToken(r.Context(), t.configuredTTL) if err != nil { + // only attempt fallback to insecure data flow if IMDSv1 is enabled + if !t.fallbackEnabled() { + r.Error = awserr.New("EC2MetadataError", "failed to get IMDSv2 token and fallback to IMDSv1 is disabled", err) + return + } - // change the disabled flag on token provider to true, - // when error is request timeout error. + // change the disabled flag on token provider to true and fallback if requestFailureError, ok := err.(awserr.RequestFailure); ok { switch requestFailureError.StatusCode() { case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed: atomic.StoreUint32(&t.disabled, 1) + t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError)) case http.StatusBadRequest: r.Error = requestFailureError } - - // Check if request timed out while waiting for response - if e, ok := requestFailureError.OrigErr().(awserr.Error); ok { - if e.Code() == request.ErrCodeRequestError { - atomic.StoreUint32(&t.disabled, 1) - } - } } return } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index bbdac18..9943af7 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -13,6 +13,8 @@ const ( AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition. AwsIsoPartitionID = "aws-iso" // AWS ISO (US) partition. AwsIsoBPartitionID = "aws-iso-b" // AWS ISOB (US) partition. + AwsIsoEPartitionID = "aws-iso-e" // AWS ISOE (Europe) partition. + AwsIsoFPartitionID = "aws-iso-f" // AWS ISOF partition. ) // AWS Standard partition's regions. @@ -69,8 +71,14 @@ const ( UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio). ) +// AWS ISOE (Europe) partition's regions. +const () + +// AWS ISOF partition's regions. +const () + // DefaultResolver returns an Endpoint resolver that will be able -// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US). +// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF. // // Use DefaultPartitions() to get the list of the default partitions. func DefaultResolver() Resolver { @@ -78,7 +86,7 @@ func DefaultResolver() Resolver { } // DefaultPartitions returns a list of the partitions the SDK is bundled -// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US). +// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF. // // partitions := endpoints.DefaultPartitions // for _, p := range partitions { @@ -94,6 +102,8 @@ var defaultPartitions = partitions{ awsusgovPartition, awsisoPartition, awsisobPartition, + awsisoePartition, + awsisofPartition, } // AwsPartition returns the Resolver for AWS Standard. @@ -592,6 +602,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -601,6 +614,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -613,12 +629,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -856,6 +878,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -911,6 +936,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -1837,6 +1865,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -1846,18 +1877,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -2047,6 +2087,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -2390,24 +2433,39 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -2417,6 +2475,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -2961,6 +3022,15 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -3130,6 +3200,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3145,12 +3218,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -3160,6 +3239,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -3190,6 +3272,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3208,6 +3296,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -3221,9 +3315,27 @@ var awsPartition = partition{ }, "arc-zonal-shift": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3233,21 +3345,54 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -3468,6 +3613,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, @@ -3483,6 +3634,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-east-2.amazonaws.com", }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-east-2.api.aws", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, @@ -3498,6 +3655,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-west-1.api.aws", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -3513,6 +3676,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-west-2.amazonaws.com", }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-west-2.api.aws", + }, }, }, "auditmanager": service{ @@ -3740,6 +3909,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3749,18 +3921,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -3904,6 +4085,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3913,18 +4097,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -4063,6 +4256,21 @@ var awsPartition = partition{ }, "cases": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -5077,6 +5285,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -5086,18 +5297,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -5221,12 +5441,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -5272,6 +5498,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -5533,6 +5762,9 @@ var awsPartition = partition{ }, "codepipeline": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -5563,6 +5795,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -5623,6 +5858,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -5733,6 +5971,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -5873,6 +6114,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "cognito-identity-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-west-2", }: endpoint{ @@ -5909,6 +6159,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-identity-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -6578,12 +6834,42 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "connect-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "connect-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect-fips.us-west-2.amazonaws.com", + }, }, }, "connect-campaigns": service{ @@ -6591,6 +6877,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, @@ -6662,12 +6951,21 @@ var awsPartition = partition{ }, "controltower": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -6677,6 +6975,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -6701,6 +7002,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -6710,6 +7014,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -6749,6 +7056,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "controltower-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -7293,6 +7618,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -7493,6 +7821,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -7508,6 +7842,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "devops-guru-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -7526,6 +7869,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "devops-guru-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-west-2", }: endpoint{ @@ -7559,6 +7911,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -7778,12 +8136,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -8206,6 +8570,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -9076,6 +9443,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -9526,6 +9896,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com", }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-south-2.amazonaws.com", + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -9553,6 +9932,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com", }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -9688,6 +10076,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-south-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ap-southeast-1", }: endpoint{ @@ -9715,6 +10112,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -10372,6 +10778,9 @@ var awsPartition = partition{ }, "emr-containers": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -10456,6 +10865,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -10499,6 +10911,9 @@ var awsPartition = partition{ }, "emr-serverless": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -10583,6 +10998,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -11056,6 +11474,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11221,6 +11642,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "fms-fips.ap-south-1.amazonaws.com", }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -11242,6 +11666,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11260,6 +11687,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "fms-fips.eu-central-1.amazonaws.com", }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -11272,6 +11702,9 @@ var awsPartition = partition{ }: endpoint{ Hostname: "fms-fips.eu-south-1.amazonaws.com", }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -11729,6 +12162,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -11738,6 +12174,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11750,12 +12189,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -12297,12 +12742,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -12505,6 +12956,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -12514,15 +12971,69 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "greengrass-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "greengrass-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "greengrass-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "greengrass-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-west-2.amazonaws.com", + }, }, }, "groundstation": service{ @@ -12636,6 +13147,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -12645,6 +13159,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -12809,6 +13326,9 @@ var awsPartition = partition{ }, }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -13255,14 +13775,122 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "iot": service{ + "internetmonitor": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", - }, + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "internetmonitor.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "internetmonitor.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "internetmonitor.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "internetmonitor.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "internetmonitor.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "internetmonitor.ca-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "internetmonitor.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "internetmonitor.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "internetmonitor.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "internetmonitor.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "internetmonitor.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "internetmonitor.eu-west-3.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "internetmonitor.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "internetmonitor.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "internetmonitor.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "internetmonitor.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "internetmonitor.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "internetmonitor.us-west-2.api.aws", }, }, + }, + "iot": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "ap-east-1", @@ -13310,45 +13938,35 @@ var awsPartition = partition{ Region: "fips-ca-central-1", }: endpoint{ Hostname: "iot-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ Hostname: "iot-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "fips-us-east-2", }: endpoint{ Hostname: "iot-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "fips-us-west-1", }: endpoint{ Hostname: "iot-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "fips-us-west-2", }: endpoint{ Hostname: "iot-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ @@ -13999,12 +14617,42 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com", + }, }, }, "iotwireless": service{ @@ -14101,6 +14749,31 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "ivsrealtime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "kafka": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -14121,6 +14794,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -14130,18 +14806,33 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -14151,6 +14842,54 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "kafka-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "kafka-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "kafka-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "kafka-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "kafka-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -14160,15 +14899,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-west-2.amazonaws.com", + }, }, }, "kafkaconnect": service{ @@ -14243,6 +15006,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -14322,6 +15088,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.ap-east-1.api.aws", }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "kendra-ranking.ap-northeast-1.api.aws", + }, endpointKey{ Region: "ap-northeast-2", }: endpoint{ @@ -14332,6 +15103,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.ap-northeast-3.api.aws", }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "kendra-ranking.ap-south-1.api.aws", + }, endpointKey{ Region: "ap-south-2", }: endpoint{ @@ -14362,6 +15138,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.ca-central-1.api.aws", }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.ca-central-1.api.aws", + }, endpointKey{ Region: "eu-central-2", }: endpoint{ @@ -14412,11 +15194,23 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.us-east-1.api.aws", }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-2", }: endpoint{ Hostname: "kendra-ranking.us-east-2.api.aws", }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-east-2.api.aws", + }, endpointKey{ Region: "us-west-1", }: endpoint{ @@ -14427,6 +15221,12 @@ var awsPartition = partition{ }: endpoint{ Hostname: "kendra-ranking.us-west-2.api.aws", }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-west-2.api.aws", + }, }, }, "kinesis": service{ @@ -14594,6 +15394,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -14603,18 +15406,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -14624,6 +15436,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -15067,6 +15882,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1-fips", + }: endpoint{ + Hostname: "kms-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -15221,18 +16044,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -15278,6 +16110,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -15761,6 +16596,12 @@ var awsPartition = partition{ }, "license-manager-linux-subscriptions": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -15773,21 +16614,39 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -15833,6 +16692,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -16983,6 +17848,55 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "mediapackagev2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "mediastore": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -17263,6 +18177,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -17272,24 +18189,36 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -17358,6 +18287,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -17367,18 +18299,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -17424,6 +18365,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -17805,6 +18749,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -17814,18 +18761,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -18180,6 +19136,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -18243,18 +19202,33 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -18525,6 +19499,94 @@ var awsPartition = partition{ }, }, }, + "omics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "omics.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "omics.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "omics.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "omics.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "omics-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "omics-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "omics.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "omics-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "omics.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "omics-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, "opsworks": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -18637,6 +19699,40 @@ var awsPartition = partition{ }, }, }, + "osis": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "outposts": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -18968,146 +20064,219 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "pinpoint": service{ - Defaults: endpointDefaults{ - defaultKey{}: endpoint{ - CredentialScope: credentialScope{ - Service: "mobiletargeting", - }, - }, - }, - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, - endpointKey{ - Region: "ca-central-1", - }: endpoint{ - Hostname: "pinpoint.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - }, - endpointKey{ - Region: "ca-central-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "pinpoint-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - }, - endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-2", - }: endpoint{}, - endpointKey{ - Region: "fips-ca-central-1", - }: endpoint{ - Hostname: "pinpoint-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-east-1", - }: endpoint{ - Hostname: "pinpoint-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-east-2", - }: endpoint{ - Hostname: "pinpoint-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-2", - }: endpoint{ - Hostname: "pinpoint-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "us-east-1", - }: endpoint{ - Hostname: "pinpoint.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - }, - endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "pinpoint-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - }, - endpointKey{ - Region: "us-east-2", - }: endpoint{ - Hostname: "pinpoint.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - }, - endpointKey{ - Region: "us-east-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "pinpoint-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - }, - endpointKey{ - Region: "us-west-2", - }: endpoint{ - Hostname: "pinpoint.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - }, - endpointKey{ - Region: "us-west-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "pinpoint-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - }, - }, - }, - "pipes": service{ + "pinpoint": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "mobiletargeting", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "pinpoint.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "pinpoint-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "pinpoint-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "pinpoint-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "pinpoint-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "pinpoint.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "pinpoint.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "pinpoint.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "pipes": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "polly": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "af-south-1", @@ -19133,76 +20302,6 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, - endpointKey{ - Region: "ap-southeast-3", - }: endpoint{}, - endpointKey{ - Region: "ca-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-central-1", - }: endpoint{}, - endpointKey{ - Region: "eu-north-1", - }: endpoint{}, - endpointKey{ - Region: "eu-south-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-1", - }: endpoint{}, - endpointKey{ - Region: "eu-west-2", - }: endpoint{}, - endpointKey{ - Region: "eu-west-3", - }: endpoint{}, - endpointKey{ - Region: "me-central-1", - }: endpoint{}, - endpointKey{ - Region: "me-south-1", - }: endpoint{}, - endpointKey{ - Region: "sa-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-1", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - }, - }, - "polly": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "af-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-east-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-northeast-2", - }: endpoint{}, - endpointKey{ - Region: "ap-south-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-1", - }: endpoint{}, - endpointKey{ - Region: "ap-southeast-2", - }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -19501,18 +20600,63 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "profile-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "profile-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "profile-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.us-west-2.amazonaws.com", + }, }, }, "projects.iot1click": service{ @@ -19691,9 +20835,6 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, - endpointKey{ - Region: "api", - }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -19758,6 +20899,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -20615,12 +21759,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -20633,12 +21783,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -20974,16 +22130,6 @@ var awsPartition = partition{ }, }, Endpoints: serviceEndpoints{ - endpointKey{ - Region: "af-south-1", - }: endpoint{ - Hostname: "resource-explorer-2.af-south-1.api.aws", - }, - endpointKey{ - Region: "ap-east-1", - }: endpoint{ - Hostname: "resource-explorer-2.ap-east-1.api.aws", - }, endpointKey{ Region: "ap-northeast-1", }: endpoint{ @@ -21402,6 +22548,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -21411,18 +22560,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -21627,6 +22785,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -21636,18 +22797,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -22814,30 +23984,84 @@ var awsPartition = partition{ }, "scheduler": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -23114,6 +24338,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -23123,18 +24350,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -23232,6 +24468,15 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, @@ -23241,12 +24486,21 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -23371,6 +24625,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -23380,18 +24637,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -23401,6 +24667,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -23721,6 +24990,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "servicediscovery.ap-southeast-3.amazonaws.com", }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-4.amazonaws.com", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -23994,6 +25272,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -24003,18 +25284,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -24167,6 +25457,130 @@ var awsPartition = partition{ }, }, }, + "signer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "signer-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "signer-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "signer-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "signer-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-west-2.amazonaws.com", + }, + }, + }, "simspaceweaver": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -24658,6 +26072,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -25253,6 +26670,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25271,6 +26694,51 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -25280,15 +26748,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-2.amazonaws.com", + }, }, }, "sso": service{ @@ -25526,6 +27018,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -25535,6 +27030,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -26593,12 +28091,21 @@ var awsPartition = partition{ }, "transcribestreaming": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, @@ -26756,6 +28263,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -26777,12 +28287,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -26837,6 +28353,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -26983,6 +28502,91 @@ var awsPartition = partition{ }, }, }, + "verifiedpermissions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "voice-chime": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -27132,6 +28736,31 @@ var awsPartition = partition{ }, }, }, + "vpc-lattice": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "waf": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, @@ -27295,6 +28924,23 @@ var awsPartition = partition{ Region: "ap-south-1", }, }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "waf-regional.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{ @@ -27346,6 +28992,23 @@ var awsPartition = partition{ Region: "ap-southeast-3", }, }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "waf-regional.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -27380,6 +29043,23 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "waf-regional.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -27414,6 +29094,23 @@ var awsPartition = partition{ Region: "eu-south-1", }, }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "waf-regional.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -27519,6 +29216,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-south-2", + }: endpoint{ + Hostname: "waf-regional-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ap-southeast-1", }: endpoint{ @@ -27546,6 +29252,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -27564,6 +29279,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-central-2", + }: endpoint{ + Hostname: "waf-regional-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-north-1", }: endpoint{ @@ -27582,6 +29306,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-south-2", + }: endpoint{ + Hostname: "waf-regional-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-west-1", }: endpoint{ @@ -27609,6 +29342,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "waf-regional-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "fips-me-central-1", }: endpoint{ @@ -27897,6 +29638,23 @@ var awsPartition = partition{ Region: "ap-south-1", }, }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "wafv2.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{ @@ -27948,6 +29706,23 @@ var awsPartition = partition{ Region: "ap-southeast-3", }, }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "wafv2.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -27982,6 +29757,23 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "wafv2.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -28016,6 +29808,23 @@ var awsPartition = partition{ Region: "eu-south-1", }, }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "wafv2.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -28121,6 +29930,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-south-2", + }: endpoint{ + Hostname: "wafv2-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ap-southeast-1", }: endpoint{ @@ -28148,6 +29966,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -28166,6 +29993,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-central-2", + }: endpoint{ + Hostname: "wafv2-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-north-1", }: endpoint{ @@ -28184,6 +30020,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-south-2", + }: endpoint{ + Hostname: "wafv2-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-west-1", }: endpoint{ @@ -28211,6 +30056,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "wafv2-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "fips-me-central-1", }: endpoint{ @@ -28927,6 +30780,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "airflow": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "api.ecr": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29305,7 +31168,10 @@ var awscnPartition = partition{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", - }: endpoint{}, + }: endpoint{ + Hostname: "data.ats.iot.cn-north-1.amazonaws.com.cn", + Protocols: []string{"https"}, + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, @@ -29568,6 +31434,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "emr-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "es": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29733,14 +31609,32 @@ var awscnPartition = partition{ }, }, }, - "iot": service{ + "internetmonitor": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", - }, + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", }, }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "internetmonitor.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "internetmonitor.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "iot": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", @@ -29907,6 +31801,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "logs": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -29994,6 +31898,16 @@ var awscnPartition = partition{ }, }, }, + "oam": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "organizations": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -30107,6 +32021,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "route53": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -30324,6 +32248,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "signer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "sms": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -30748,6 +32682,24 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "access-analyzer.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ @@ -30756,6 +32708,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "access-analyzer.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "acm": service{ @@ -31182,12 +33152,44 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", Protocols: []string{"http", "https"}, + + Deprecated: boxedTrue, }, }, }, @@ -31230,6 +33232,24 @@ var awsusgovPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -31285,6 +33305,12 @@ var awsusgovPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -31300,6 +33326,12 @@ var awsusgovPartition = partition{ }: endpoint{ Hostname: "athena-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-gov-west-1.api.aws", + }, }, }, "autoscaling": service{ @@ -31421,6 +33453,24 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cassandra.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "cassandra.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ @@ -31429,6 +33479,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cassandra.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "cassandra.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "cloudcontrolapi": service{ @@ -31476,6 +33544,21 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "clouddirectory.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "clouddirectory.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "cloudformation": service{ @@ -31746,6 +33829,9 @@ var awsusgovPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -31920,9 +34006,24 @@ var awsusgovPartition = partition{ }, "connect": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "connect.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect.us-gov-west-1.amazonaws.com", + }, }, }, "controltower": service{ @@ -32110,9 +34211,39 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dlm.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "dlm.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dlm.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "dlm.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "dms": service{ @@ -32489,6 +34620,24 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ @@ -32497,6 +34646,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "elasticfilesystem": service{ @@ -32663,6 +34830,16 @@ var awsusgovPartition = partition{ }, }, }, + "emr-containers": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "es": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -33338,31 +35515,45 @@ var awsusgovPartition = partition{ }: endpoint{}, }, }, - "iot": service{ + "internetmonitor": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", - }, + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", }, }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "internetmonitor.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "internetmonitor.us-gov-west-1.api.aws", + }, + }, + }, + "iot": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "fips-us-gov-east-1", }: endpoint{ Hostname: "iot-fips.us-gov-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ Hostname: "iot-fips.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Service: "execute-api", - }, + Deprecated: boxedTrue, }, endpointKey{ @@ -33507,14 +35698,82 @@ var awsusgovPartition = partition{ }, }, }, + "iottwinmaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "kafka": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-gov-east-1", - }: endpoint{}, + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", - }: endpoint{}, + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "kendra": service{ @@ -33861,12 +36120,22 @@ var awsusgovPartition = partition{ "mediaconvert": service{ Endpoints: serviceEndpoints{ endpointKey{ - Region: "us-gov-west-1", + Region: "fips-us-gov-west-1", }: endpoint{ Hostname: "mediaconvert.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mediaconvert.us-gov-west-1.amazonaws.com", }, }, }, @@ -33937,6 +36206,46 @@ var awsusgovPartition = partition{ }: endpoint{}, }, }, + "mgn": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "mgn-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "mgn-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "models.lex": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -34231,12 +36540,22 @@ var awsusgovPartition = partition{ "participant.connect": service{ Endpoints: serviceEndpoints{ endpointKey{ - Region: "us-gov-west-1", + Region: "fips-us-gov-west-1", }: endpoint{ Hostname: "participant.connect.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "participant.connect.us-gov-west-1.amazonaws.com", }, }, }, @@ -34687,9 +37006,35 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "route53resolver.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "route53resolver.us-gov-east-1.amazonaws.com", + + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "route53resolver.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "route53resolver.us-gov-west-1.amazonaws.com", + + Deprecated: boxedTrue, + }, }, }, "runtime.lex": service{ @@ -34739,6 +37084,9 @@ var awsusgovPartition = partition{ }, }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -35083,21 +37431,45 @@ var awsusgovPartition = partition{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-gov-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, }: endpoint{ Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com", Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, }: endpoint{ Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com", Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, @@ -35289,6 +37661,16 @@ var awsusgovPartition = partition{ }, }, }, + "simspaceweaver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "sms": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -35423,14 +37805,14 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-west-1", }: endpoint{ - Protocols: []string{"http", "https"}, + Protocols: []string{"https"}, }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{ Hostname: "sns.us-gov-west-1.amazonaws.com", - Protocols: []string{"http", "https"}, + Protocols: []string{"https"}, }, }, }, @@ -36162,6 +38544,15 @@ var awsusgovPartition = partition{ }, "workspaces": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -36171,6 +38562,15 @@ var awsusgovPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, @@ -36333,6 +38733,13 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "athena": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, "autoscaling": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36345,6 +38752,16 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, "cloudformation": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36414,6 +38831,16 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "dlm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, "dms": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{}, @@ -36768,6 +39195,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "logs": service{ @@ -36828,6 +39258,28 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov", + }, + }, + }, "rds": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36867,6 +39319,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "runtime.sagemaker": service{ @@ -36899,6 +39354,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "snowball": service{ @@ -37017,6 +39475,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "transcribe": service{ @@ -37486,6 +39947,28 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov", + }, + }, + }, "rds": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -37541,6 +40024,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "secretsmanager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "snowball": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -37652,3 +40142,71 @@ var awsisobPartition = partition{ }, }, } + +// AwsIsoEPartition returns the Resolver for AWS ISOE (Europe). +func AwsIsoEPartition() Partition { + return awsisoePartition.Partition() +} + +var awsisoePartition = partition{ + ID: "aws-iso-e", + Name: "AWS ISOE (Europe)", + DNSSuffix: "cloud.adc-e.uk", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^eu\\-isoe\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "cloud.adc-e.uk", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + Regions: regions{}, + Services: services{}, +} + +// AwsIsoFPartition returns the Resolver for AWS ISOF. +func AwsIsoFPartition() Partition { + return awsisofPartition.Partition() +} + +var awsisofPartition = partition{ + ID: "aws-iso-f", + Name: "AWS ISOF", + DNSSuffix: "csp.hci.ic.gov", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^us\\-isof\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "csp.hci.ic.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + Regions: regions{}, + Services: services{}, +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 4293dbe..cbccb60 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -174,7 +174,6 @@ const ( // Options provides the means to control how a Session is created and what // configuration values will be loaded. -// type Options struct { // Provides config values for the SDK to use when creating service clients // and making API requests to services. Any value set in with this field @@ -224,7 +223,7 @@ type Options struct { // from stdin for the MFA token code. // // This field is only used if the shared configuration is enabled, and - // the config enables assume role wit MFA via the mfa_serial field. + // the config enables assume role with MFA via the mfa_serial field. AssumeRoleTokenProvider func() (string, error) // When the SDK's shared config is configured to assume a role this option @@ -322,24 +321,24 @@ type Options struct { // credentials file. Enabling the Shared Config will also allow the Session // to be built with retrieving credentials with AssumeRole set in the config. // -// // Equivalent to session.New -// sess := session.Must(session.NewSessionWithOptions(session.Options{})) +// // Equivalent to session.New +// sess := session.Must(session.NewSessionWithOptions(session.Options{})) // -// // Specify profile to load for the session's config -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// Profile: "profile_name", -// })) +// // Specify profile to load for the session's config +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// Profile: "profile_name", +// })) // -// // Specify profile for config and region for requests -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// Config: aws.Config{Region: aws.String("us-east-1")}, -// Profile: "profile_name", -// })) +// // Specify profile for config and region for requests +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// Config: aws.Config{Region: aws.String("us-east-1")}, +// Profile: "profile_name", +// })) // -// // Force enable Shared Config support -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// SharedConfigState: session.SharedConfigEnable, -// })) +// // Force enable Shared Config support +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// SharedConfigState: session.SharedConfigEnable, +// })) func NewSessionWithOptions(opts Options) (*Session, error) { var envCfg envConfig var err error @@ -375,7 +374,7 @@ func NewSessionWithOptions(opts Options) (*Session, error) { // This helper is intended to be used in variable initialization to load the // Session and configuration at startup. Such as: // -// var sess = session.Must(session.NewSession()) +// var sess = session.Must(session.NewSession()) func Must(sess *Session, err error) *Session { if err != nil { panic(err) @@ -780,16 +779,6 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode) } - // Configure credentials if not already set by the user when creating the - // Session. - if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { - creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts) - if err != nil { - return err - } - cfg.Credentials = creds - } - cfg.S3UseARNRegion = userCfg.S3UseARNRegion if cfg.S3UseARNRegion == nil { cfg.S3UseARNRegion = &envCfg.S3UseARNRegion @@ -812,6 +801,17 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, } } + // Configure credentials if not already set by the user when creating the Session. + // Credentials are resolved last such that all _resolved_ config values are propagated to credential providers. + // ticket: P83606045 + if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { + creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts) + if err != nil { + return err + } + cfg.Credentials = creds + } + return nil } @@ -845,8 +845,8 @@ func initHandlers(s *Session) { // and handlers. If any additional configs are provided they will be merged // on top of the Session's copied config. // -// // Create a copy of the current Session, configured for the us-west-2 region. -// sess.Copy(&aws.Config{Region: aws.String("us-west-2")}) +// // Create a copy of the current Session, configured for the us-west-2 region. +// sess.Copy(&aws.Config{Region: aws.String("us-west-2")}) func (s *Session) Copy(cfgs ...*aws.Config) *Session { newSession := &Session{ Config: s.Config.Copy(cfgs...), diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 4d78162..0240bd0 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -3,7 +3,7 @@ // Provides request signing for request that need to be signed with // AWS V4 Signatures. // -// Standalone Signer +// # Standalone Signer // // Generally using the signer outside of the SDK should not require any additional // logic when using Go v1.5 or higher. The signer does this by taking advantage @@ -14,10 +14,10 @@ // The signer will first check the URL.Opaque field, and use its value if set. // The signer does require the URL.Opaque field to be set in the form of: // -// "///" +// "///" // -// // e.g. -// "//example.com/some/path" +// // e.g. +// "//example.com/some/path" // // The leading "//" and hostname are required or the URL.Opaque escaping will // not work correctly. @@ -695,7 +695,8 @@ func (ctx *signingCtx) buildBodyDigest() error { includeSHA256Header := ctx.unsignedPayload || ctx.ServiceName == "s3" || ctx.ServiceName == "s3-object-lambda" || - ctx.ServiceName == "glacier" + ctx.ServiceName == "glacier" || + ctx.ServiceName == "s3-outposts" s3Presign := ctx.isPresign && (ctx.ServiceName == "s3" || diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 3632d1b..cd61d93 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.199" +const SDKVersion = "1.44.289" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go index d756d8c..5366a64 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go @@ -2,6 +2,7 @@ package restjson import ( "bytes" + "encoding/json" "io" "io/ioutil" "net/http" @@ -40,52 +41,30 @@ func (u *UnmarshalTypedError) UnmarshalError( resp *http.Response, respMeta protocol.ResponseMetadata, ) (error, error) { - - code := resp.Header.Get(errorTypeHeader) - msg := resp.Header.Get(errorMessageHeader) - - body := resp.Body - if len(code) == 0 { - // If unable to get code from HTTP headers have to parse JSON message - // to determine what kind of exception this will be. - var buf bytes.Buffer - var jsonErr jsonErrorResponse - teeReader := io.TeeReader(resp.Body, &buf) - err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader) - if err != nil { - return nil, err - } - - body = ioutil.NopCloser(&buf) - code = jsonErr.Code - msg = jsonErr.Message + code, msg, err := unmarshalErrorInfo(resp) + if err != nil { + return nil, err } - // If code has colon separators remove them so can compare against modeled - // exception names. - code = strings.SplitN(code, ":", 2)[0] - - if fn, ok := u.exceptions[code]; ok { - // If exception code is know, use associated constructor to get a value - // for the exception that the JSON body can be unmarshaled into. - v := fn(respMeta) - if err := jsonutil.UnmarshalJSONCaseInsensitive(v, body); err != nil { - return nil, err - } + fn, ok := u.exceptions[code] + if !ok { + return awserr.NewRequestFailure( + awserr.New(code, msg, nil), + respMeta.StatusCode, + respMeta.RequestID, + ), nil + } - if err := rest.UnmarshalResponse(resp, v, true); err != nil { - return nil, err - } + v := fn(respMeta) + if err := jsonutil.UnmarshalJSONCaseInsensitive(v, resp.Body); err != nil { + return nil, err + } - return v, nil + if err := rest.UnmarshalResponse(resp, v, true); err != nil { + return nil, err } - // fallback to unmodeled generic exceptions - return awserr.NewRequestFailure( - awserr.New(code, msg, nil), - respMeta.StatusCode, - respMeta.RequestID, - ), nil + return v, nil } // UnmarshalErrorHandler is a named request handler for unmarshaling restjson @@ -99,36 +78,80 @@ var UnmarshalErrorHandler = request.NamedHandler{ func UnmarshalError(r *request.Request) { defer r.HTTPResponse.Body.Close() - var jsonErr jsonErrorResponse - err := jsonutil.UnmarshalJSONError(&jsonErr, r.HTTPResponse.Body) + code, msg, err := unmarshalErrorInfo(r.HTTPResponse) if err != nil { r.Error = awserr.NewRequestFailure( - awserr.New(request.ErrCodeSerialization, - "failed to unmarshal response error", err), + awserr.New(request.ErrCodeSerialization, "failed to unmarshal response error", err), r.HTTPResponse.StatusCode, r.RequestID, ) return } - code := r.HTTPResponse.Header.Get(errorTypeHeader) - if code == "" { - code = jsonErr.Code - } - msg := r.HTTPResponse.Header.Get(errorMessageHeader) - if msg == "" { - msg = jsonErr.Message - } - - code = strings.SplitN(code, ":", 2)[0] r.Error = awserr.NewRequestFailure( - awserr.New(code, jsonErr.Message, nil), + awserr.New(code, msg, nil), r.HTTPResponse.StatusCode, r.RequestID, ) } type jsonErrorResponse struct { + Type string `json:"__type"` Code string `json:"code"` Message string `json:"message"` } + +func (j *jsonErrorResponse) SanitizedCode() string { + code := j.Code + if len(j.Type) > 0 { + code = j.Type + } + return sanitizeCode(code) +} + +// Remove superfluous components from a restJson error code. +// - If a : character is present, then take only the contents before the +// first : character in the value. +// - If a # character is present, then take only the contents after the first +// # character in the value. +// +// All of the following error values resolve to FooError: +// - FooError +// - FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/ +// - aws.protocoltests.restjson#FooError +// - aws.protocoltests.restjson#FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/ +func sanitizeCode(code string) string { + noColon := strings.SplitN(code, ":", 2)[0] + hashSplit := strings.SplitN(noColon, "#", 2) + return hashSplit[len(hashSplit)-1] +} + +// attempt to garner error details from the response, preferring header values +// when present +func unmarshalErrorInfo(resp *http.Response) (code string, msg string, err error) { + code = sanitizeCode(resp.Header.Get(errorTypeHeader)) + msg = resp.Header.Get(errorMessageHeader) + if len(code) > 0 && len(msg) > 0 { + return + } + + // a modeled error will have to be re-deserialized later, so the body must + // be preserved + var buf bytes.Buffer + tee := io.TeeReader(resp.Body, &buf) + defer func() { resp.Body = ioutil.NopCloser(&buf) }() + + var jsonErr jsonErrorResponse + if decodeErr := json.NewDecoder(tee).Decode(&jsonErr); decodeErr != nil && decodeErr != io.EOF { + err = awserr.NewUnmarshalError(decodeErr, "failed to decode response body", buf.Bytes()) + return + } + + if len(code) == 0 { + code = jsonErr.SanitizedCode() + } + if len(msg) == 0 { + msg = jsonErr.Message + } + return +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go index 2102659..b98e707 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go @@ -155,6 +155,12 @@ func (c *AutoScaling) AttachLoadBalancerTargetGroupsRequest(input *AttachLoadBal // AttachLoadBalancerTargetGroups API operation for Auto Scaling. // +// This API operation is superseded by AttachTrafficSources, which can attach +// multiple traffic sources types. We recommend using AttachTrafficSources to +// simplify how you manage traffic sources. However, we continue to support +// AttachLoadBalancerTargetGroups. You can use both the original AttachLoadBalancerTargetGroups +// API operation and AttachTrafficSources on the same Auto Scaling group. +// // Attaches one or more target groups to the specified Auto Scaling group. // // This operation is used with the following load balancer types: @@ -260,8 +266,11 @@ func (c *AutoScaling) AttachLoadBalancersRequest(input *AttachLoadBalancersInput // AttachLoadBalancers API operation for Auto Scaling. // -// To attach an Application Load Balancer, Network Load Balancer, or Gateway -// Load Balancer, use the AttachLoadBalancerTargetGroups API operation instead. +// This API operation is superseded by AttachTrafficSources, which can attach +// multiple traffic sources types. We recommend using AttachTrafficSources to +// simplify how you manage traffic sources. However, we continue to support +// AttachLoadBalancers. You can use both the original AttachLoadBalancers API +// operation and AttachTrafficSources on the same Auto Scaling group. // // Attaches one or more Classic Load Balancers to the specified Auto Scaling // group. Amazon EC2 Auto Scaling registers the running instances with these @@ -360,19 +369,28 @@ func (c *AutoScaling) AttachTrafficSourcesRequest(input *AttachTrafficSourcesInp // AttachTrafficSources API operation for Auto Scaling. // -// Reserved for use with Amazon VPC Lattice, which is in preview and subject -// to change. Do not use this API for production workloads. This API is also -// subject to change. -// // Attaches one or more traffic sources to the specified Auto Scaling group. // -// To describe the traffic sources for an Auto Scaling group, call the DescribeTrafficSources -// API. To detach a traffic source from the Auto Scaling group, call the DetachTrafficSources -// API. +// You can use any of the following as traffic sources for an Auto Scaling group: +// +// - Application Load Balancer +// +// - Classic Load Balancer +// +// - Gateway Load Balancer +// +// - Network Load Balancer +// +// - VPC Lattice // // This operation is additive and does not detach existing traffic sources from // the Auto Scaling group. // +// After the operation completes, use the DescribeTrafficSources API to return +// details about the state of the attachments between traffic sources and your +// Auto Scaling group. To detach a traffic source from the Auto Scaling group, +// call the DetachTrafficSources API. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2807,6 +2825,12 @@ func (c *AutoScaling) DescribeLoadBalancerTargetGroupsRequest(input *DescribeLoa // DescribeLoadBalancerTargetGroups API operation for Auto Scaling. // +// This API operation is superseded by DescribeTrafficSources, which can describe +// multiple traffic sources types. We recommend using DetachTrafficSources to +// simplify how you manage traffic sources. However, we continue to support +// DescribeLoadBalancerTargetGroups. You can use both the original DescribeLoadBalancerTargetGroups +// API operation and DescribeTrafficSources on the same Auto Scaling group. +// // Gets information about the Elastic Load Balancing target groups for the specified // Auto Scaling group. // @@ -2918,11 +2942,17 @@ func (c *AutoScaling) DescribeLoadBalancersRequest(input *DescribeLoadBalancersI // DescribeLoadBalancers API operation for Auto Scaling. // +// This API operation is superseded by DescribeTrafficSources, which can describe +// multiple traffic sources types. We recommend using DescribeTrafficSources +// to simplify how you manage traffic sources. However, we continue to support +// DescribeLoadBalancers. You can use both the original DescribeLoadBalancers +// API operation and DescribeTrafficSources on the same Auto Scaling group. +// // Gets information about the load balancers for the specified Auto Scaling // group. // // This operation describes only Classic Load Balancers. If you have Application -// Load Balancers, Network Load Balancers, or Gateway Load Balancer, use the +// Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the // DescribeLoadBalancerTargetGroups API instead. // // To determine the attachment status of the load balancer, use the State element @@ -3990,6 +4020,12 @@ func (c *AutoScaling) DescribeTrafficSourcesRequest(input *DescribeTrafficSource Name: opDescribeTrafficSources, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, } if input == nil { @@ -4003,13 +4039,15 @@ func (c *AutoScaling) DescribeTrafficSourcesRequest(input *DescribeTrafficSource // DescribeTrafficSources API operation for Auto Scaling. // -// Reserved for use with Amazon VPC Lattice, which is in preview and subject -// to change. Do not use this API for production workloads. This API is also -// subject to change. -// // Gets information about the traffic sources for the specified Auto Scaling // group. // +// You can optionally provide a traffic source type. If you provide a traffic +// source type, then the results only include that traffic source type. +// +// If you do not provide a traffic source type, then the results include all +// the traffic sources for the specified Auto Scaling group. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4048,6 +4086,57 @@ func (c *AutoScaling) DescribeTrafficSourcesWithContext(ctx aws.Context, input * return out, req.Send() } +// DescribeTrafficSourcesPages iterates over the pages of a DescribeTrafficSources operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrafficSources method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrafficSources operation. +// pageNum := 0 +// err := client.DescribeTrafficSourcesPages(params, +// func(page *autoscaling.DescribeTrafficSourcesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *AutoScaling) DescribeTrafficSourcesPages(input *DescribeTrafficSourcesInput, fn func(*DescribeTrafficSourcesOutput, bool) bool) error { + return c.DescribeTrafficSourcesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTrafficSourcesPagesWithContext same as DescribeTrafficSourcesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AutoScaling) DescribeTrafficSourcesPagesWithContext(ctx aws.Context, input *DescribeTrafficSourcesInput, fn func(*DescribeTrafficSourcesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrafficSourcesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrafficSourcesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTrafficSourcesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeWarmPool = "DescribeWarmPool" // DescribeWarmPoolRequest generates a "aws/request.Request" representing the @@ -4278,6 +4367,12 @@ func (c *AutoScaling) DetachLoadBalancerTargetGroupsRequest(input *DetachLoadBal // DetachLoadBalancerTargetGroups API operation for Auto Scaling. // +// This API operation is superseded by DetachTrafficSources, which can detach +// multiple traffic sources types. We recommend using DetachTrafficSources to +// simplify how you manage traffic sources. However, we continue to support +// DetachLoadBalancerTargetGroups. You can use both the original DetachLoadBalancerTargetGroups +// API operation and DetachTrafficSources on the same Auto Scaling group. +// // Detaches one or more target groups from the specified Auto Scaling group. // // When you detach a target group, it enters the Removing state while deregistering @@ -4367,11 +4462,17 @@ func (c *AutoScaling) DetachLoadBalancersRequest(input *DetachLoadBalancersInput // DetachLoadBalancers API operation for Auto Scaling. // +// This API operation is superseded by DetachTrafficSources, which can detach +// multiple traffic sources types. We recommend using DetachTrafficSources to +// simplify how you manage traffic sources. However, we continue to support +// DetachLoadBalancers. You can use both the original DetachLoadBalancers API +// operation and DetachTrafficSources on the same Auto Scaling group. +// // Detaches one or more Classic Load Balancers from the specified Auto Scaling // group. // // This operation detaches only Classic Load Balancers. If you have Application -// Load Balancers, Network Load Balancers, or Gateway Load Balancer, use the +// Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the // DetachLoadBalancerTargetGroups API instead. // // When you detach a load balancer, it enters the Removing state while deregistering @@ -4457,12 +4558,13 @@ func (c *AutoScaling) DetachTrafficSourcesRequest(input *DetachTrafficSourcesInp // DetachTrafficSources API operation for Auto Scaling. // -// Reserved for use with Amazon VPC Lattice, which is in preview and subject -// to change. Do not use this API for production workloads. This API is also -// subject to change. -// // Detaches one or more traffic sources from the specified Auto Scaling group. // +// When you detach a taffic, it enters the Removing state while deregistering +// the instances in the group. When all instances are deregistered, then you +// can no longer describe the traffic source using the DescribeTrafficSources +// API call. The instances continue to run. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7143,11 +7245,6 @@ type AttachTrafficSourcesInput struct { // The unique identifiers of one or more traffic sources. You can specify up // to 10 traffic sources. // - // Currently, you must specify an Amazon Resource Name (ARN) for an existing - // VPC Lattice target group. Amazon EC2 Auto Scaling registers the running instances - // with the attached target groups. The target groups receive incoming traffic - // and route requests to one or more registered targets. - // // TrafficSources is a required field TrafficSources []*TrafficSourceIdentifier `type:"list" required:"true"` } @@ -7925,14 +8022,14 @@ type CreateAutoScalingGroupInput struct { // Default: 0 seconds HealthCheckGracePeriod *int64 `type:"integer"` - // Determines whether any additional health checks are performed on the instances - // in this group. Amazon EC2 health checks are always on. For more information, - // see Health checks for Auto Scaling instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html) + // A comma-separated value string of one or more health check types. + // + // The valid values are EC2, ELB, and VPC_LATTICE. EC2 is the default health + // check and cannot be disabled. For more information, see Health checks for + // Auto Scaling instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html) // in the Amazon EC2 Auto Scaling User Guide. // - // The valid values are EC2 (default), ELB, and VPC_LATTICE. The VPC_LATTICE - // health check type is reserved for use with VPC Lattice, which is in preview - // release and is subject to change. + // Only specify EC2 if you must clear a value that was previously set. HealthCheckType *string `min:"1" type:"string"` // The ID of the instance used to base the launch configuration on. If specified, @@ -7970,7 +8067,7 @@ type CreateAutoScalingGroupInput struct { // A list of Classic Load Balancers associated with this Auto Scaling group. // For Application Load Balancers, Network Load Balancers, and Gateway Load - // Balancer, specify the TargetGroupARNs property instead. + // Balancers, specify the TargetGroupARNs property instead. LoadBalancerNames []*string `type:"list"` // The maximum amount of time, in seconds, that an instance can be in service. @@ -8055,16 +8152,10 @@ type CreateAutoScalingGroupInput struct { // | arn:aws:lambda:region:account-id:function:my-function:my-alias TerminationPolicies []*string `type:"list"` - // Reserved for use with Amazon VPC Lattice, which is in preview release and - // is subject to change. Do not use this parameter for production workloads. - // It is also subject to change. - // - // The unique identifiers of one or more traffic sources. - // - // Currently, you must specify an Amazon Resource Name (ARN) for an existing - // VPC Lattice target group. Amazon EC2 Auto Scaling registers the running instances - // with the attached target groups. The target groups receive incoming traffic - // and route requests to one or more registered targets. + // The list of traffic sources to attach to this Auto Scaling group. You can + // use any of the following as traffic sources for an Auto Scaling group: Classic + // Load Balancer, Application Load Balancer, Gateway Load Balancer, Network + // Load Balancer, and VPC Lattice. TrafficSources []*TrafficSourceIdentifier `type:"list"` // A comma-separated list of subnet IDs for a virtual private cloud (VPC) where @@ -11375,11 +11466,17 @@ type DescribeTrafficSourcesInput struct { // a previous call.) NextToken *string `type:"string"` - // The type of traffic source you are describing. Currently, the only valid - // value is vpc-lattice. + // The traffic source type that you want to describe. // - // TrafficSourceType is a required field - TrafficSourceType *string `min:"1" type:"string" required:"true"` + // The following lists the valid values: + // + // * elb if the traffic source is a Classic Load Balancer. + // + // * elbv2 if the traffic source is a Application Load Balancer, Gateway + // Load Balancer, or Network Load Balancer. + // + // * vpc-lattice if the traffic source is VPC Lattice. + TrafficSourceType *string `min:"1" type:"string"` } // String returns the string representation. @@ -11409,9 +11506,6 @@ func (s *DescribeTrafficSourcesInput) Validate() error { if s.AutoScalingGroupName != nil && len(*s.AutoScalingGroupName) < 1 { invalidParams.Add(request.NewErrParamMinLen("AutoScalingGroupName", 1)) } - if s.TrafficSourceType == nil { - invalidParams.Add(request.NewErrParamRequired("TrafficSourceType")) - } if s.TrafficSourceType != nil && len(*s.TrafficSourceType) < 1 { invalidParams.Add(request.NewErrParamMinLen("TrafficSourceType", 1)) } @@ -11967,14 +12061,8 @@ type DetachTrafficSourcesInput struct { // AutoScalingGroupName is a required field AutoScalingGroupName *string `min:"1" type:"string" required:"true"` - // The unique identifiers of one or more traffic sources you are detaching. - // You can specify up to 10 traffic sources. - // - // Currently, you must specify an Amazon Resource Name (ARN) for an existing - // VPC Lattice target group. When you detach a target group, it enters the Removing - // state while deregistering the instances in the group. When all instances - // are deregistered, then you can no longer describe the target group using - // the DescribeTrafficSources API call. The instances continue to run. + // The unique identifiers of one or more traffic sources. You can specify up + // to 10 traffic sources. // // TrafficSources is a required field TrafficSources []*TrafficSourceIdentifier `type:"list" required:"true"` @@ -13251,12 +13339,7 @@ type Group struct { // The duration of the health check grace period, in seconds. HealthCheckGracePeriod *int64 `type:"integer"` - // Determines whether any additional health checks are performed on the instances - // in this group. Amazon EC2 health checks are always on. - // - // The valid values are EC2 (default), ELB, and VPC_LATTICE. The VPC_LATTICE - // health check type is reserved for use with VPC Lattice, which is in preview - // release and is subject to change. + // A comma-separated value string of one or more health check types. // // HealthCheckType is a required field HealthCheckType *string `min:"1" type:"string" required:"true"` @@ -13321,11 +13404,7 @@ type Group struct { // The termination policies for the group. TerminationPolicies []*string `type:"list"` - // Reserved for use with Amazon VPC Lattice, which is in preview release and - // is subject to change. Do not use this parameter for production workloads. - // It is also subject to change. - // - // The unique identifiers of the traffic sources. + // The traffic sources associated with this Auto Scaling group. TrafficSources []*TrafficSourceIdentifier `type:"list"` // One or more subnet IDs, if applicable, separated by commas. @@ -13569,10 +13648,10 @@ type Instance struct { // AvailabilityZone is a required field AvailabilityZone *string `min:"1" type:"string" required:"true"` - // The last reported health status of the instance. "Healthy" means that the - // instance is healthy and should remain in service. "Unhealthy" means that - // the instance is unhealthy and that Amazon EC2 Auto Scaling should terminate - // and replace it. + // The last reported health status of the instance. Healthy means that the instance + // is healthy and should remain in service. Unhealthy means that the instance + // is unhealthy and that Amazon EC2 Auto Scaling should terminate and replace + // it. // // HealthStatus is a required field HealthStatus *string `min:"1" type:"string" required:"true"` @@ -13697,10 +13776,10 @@ type InstanceDetails struct { // AvailabilityZone is a required field AvailabilityZone *string `min:"1" type:"string" required:"true"` - // The last reported health status of this instance. "Healthy" means that the - // instance is healthy and should remain in service. "Unhealthy" means that - // the instance is unhealthy and Amazon EC2 Auto Scaling should terminate and - // replace it. + // The last reported health status of this instance. Healthy means that the + // instance is healthy and should remain in service. Unhealthy means that the + // instance is unhealthy and Amazon EC2 Auto Scaling should terminate and replace + // it. // // HealthStatus is a required field HealthStatus *string `min:"1" type:"string" required:"true"` @@ -13974,7 +14053,7 @@ type InstanceRefresh struct { // rollback. This value gradually goes back down to zero during a rollback. PercentageComplete *int64 `type:"integer"` - // Describes the preferences for an instance refresh. + // The preferences for an instance refresh. Preferences *RefreshPreferences `type:"structure"` // Additional progress details for an Auto Scaling group that has a warm pool. @@ -20471,8 +20550,8 @@ func (s *TargetTrackingMetricDataQuery) SetReturnData(v bool) *TargetTrackingMet return s } -// This structure defines the CloudWatch metric to return, along with the statistic, -// period, and unit. +// This structure defines the CloudWatch metric to return, along with the statistic +// and unit. // // For more information about the CloudWatch terminology below, see Amazon CloudWatch // concepts (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) @@ -20480,7 +20559,7 @@ func (s *TargetTrackingMetricDataQuery) SetReturnData(v bool) *TargetTrackingMet type TargetTrackingMetricStat struct { _ struct{} `type:"structure"` - // Represents a specific metric. + // The metric to use. // // Metric is a required field Metric *Metric `type:"structure" required:"true"` @@ -20489,7 +20568,7 @@ type TargetTrackingMetricStat struct { // statistic. For a list of valid values, see the table in Statistics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) // in the Amazon CloudWatch User Guide. // - // The most commonly used metrics for scaling is Average + // The most commonly used metric for scaling is Average. // // Stat is a required field Stat *string `min:"1" type:"string" required:"true"` @@ -20697,15 +20776,51 @@ func (s *TotalLocalStorageGBRequest) SetMin(v float64) *TotalLocalStorageGBReque return s } -// Describes the identifier of a traffic source. -// -// Currently, you must specify an Amazon Resource Name (ARN) for an existing -// VPC Lattice target group. +// Identifying information for a traffic source. type TrafficSourceIdentifier struct { _ struct{} `type:"structure"` - // The unique identifier of the traffic source. - Identifier *string `min:"1" type:"string"` + // Identifies the traffic source. + // + // For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, + // and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target + // group in this account and Region. For Classic Load Balancers, this will be + // the name of the Classic Load Balancer in this account and Region. + // + // For example: + // + // * Application Load Balancer ARN: arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/1234567890123456 + // + // * Classic Load Balancer name: my-classic-load-balancer + // + // * VPC Lattice ARN: arn:aws:vpc-lattice:us-west-2:123456789012:targetgroup/tg-1234567890123456 + // + // To get the ARN of a target group for a Application Load Balancer, Gateway + // Load Balancer, or Network Load Balancer, or the name of a Classic Load Balancer, + // use the Elastic Load Balancing DescribeTargetGroups (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) + // and DescribeLoadBalancers (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) + // API operations. + // + // To get the ARN of a target group for VPC Lattice, use the VPC Lattice GetTargetGroup + // (https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetTargetGroup.html) + // API operation. + // + // Identifier is a required field + Identifier *string `min:"1" type:"string" required:"true"` + + // Provides additional context for the value of Identifier. + // + // The following lists the valid values: + // + // * elb if Identifier is the name of a Classic Load Balancer. + // + // * elbv2 if Identifier is the ARN of an Application Load Balancer, Gateway + // Load Balancer, or Network Load Balancer target group. + // + // * vpc-lattice if Identifier is the ARN of a VPC Lattice target group. + // + // Required if the identifier is the name of a Classic Load Balancer. + Type *string `min:"1" type:"string"` } // String returns the string representation. @@ -20729,9 +20844,15 @@ func (s TrafficSourceIdentifier) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *TrafficSourceIdentifier) Validate() error { invalidParams := request.ErrInvalidParams{Context: "TrafficSourceIdentifier"} + if s.Identifier == nil { + invalidParams.Add(request.NewErrParamRequired("Identifier")) + } if s.Identifier != nil && len(*s.Identifier) < 1 { invalidParams.Add(request.NewErrParamMinLen("Identifier", 1)) } + if s.Type != nil && len(*s.Type) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Type", 1)) + } if invalidParams.Len() > 0 { return invalidParams @@ -20745,31 +20866,61 @@ func (s *TrafficSourceIdentifier) SetIdentifier(v string) *TrafficSourceIdentifi return s } +// SetType sets the Type field's value. +func (s *TrafficSourceIdentifier) SetType(v string) *TrafficSourceIdentifier { + s.Type = &v + return s +} + // Describes the state of a traffic source. type TrafficSourceState struct { _ struct{} `type:"structure"` - // The following are the possible states for a VPC Lattice target group: + // The unique identifier of the traffic source. + Identifier *string `min:"1" type:"string"` + + // Describes the current state of a traffic source. // - // * Adding - The Auto Scaling instances are being registered with the target - // group. + // The state values are as follows: // - // * Added - All Auto Scaling instances are registered with the target group. + // * Adding - The Auto Scaling instances are being registered with the load + // balancer or target group. // - // * InService - At least one Auto Scaling instance passed the VPC_LATTICE - // health check. + // * Added - All Auto Scaling instances are registered with the load balancer + // or target group. + // + // * InService - For an Elastic Load Balancing load balancer or target group, + // at least one Auto Scaling instance passed an ELB health check. For VPC + // Lattice, at least one Auto Scaling instance passed an VPC_LATTICE health + // check. // // * Removing - The Auto Scaling instances are being deregistered from the - // target group. If connection draining is enabled, VPC Lattice waits for - // in-flight requests to complete before deregistering the instances. + // load balancer or target group. If connection draining (deregistration + // delay) is enabled, Elastic Load Balancing or VPC Lattice waits for in-flight + // requests to complete before deregistering the instances. // - // * Removed - All Auto Scaling instances are deregistered from the target - // group. + // * Removed - All Auto Scaling instances are deregistered from the load + // balancer or target group. State *string `min:"1" type:"string"` - // The unique identifier of the traffic source. Currently, this is the Amazon - // Resource Name (ARN) for a VPC Lattice target group. - TrafficSource *string `min:"1" type:"string"` + // This is replaced by Identifier. + // + // Deprecated: TrafficSource has been replaced by Identifier + TrafficSource *string `min:"1" deprecated:"true" type:"string"` + + // Provides additional context for the value of Identifier. + // + // The following lists the valid values: + // + // * elb if Identifier is the name of a Classic Load Balancer. + // + // * elbv2 if Identifier is the ARN of an Application Load Balancer, Gateway + // Load Balancer, or Network Load Balancer target group. + // + // * vpc-lattice if Identifier is the ARN of a VPC Lattice target group. + // + // Required if the identifier is the name of a Classic Load Balancer. + Type *string `min:"1" type:"string"` } // String returns the string representation. @@ -20790,6 +20941,12 @@ func (s TrafficSourceState) GoString() string { return s.String() } +// SetIdentifier sets the Identifier field's value. +func (s *TrafficSourceState) SetIdentifier(v string) *TrafficSourceState { + s.Identifier = &v + return s +} + // SetState sets the State field's value. func (s *TrafficSourceState) SetState(v string) *TrafficSourceState { s.State = &v @@ -20802,6 +20959,12 @@ func (s *TrafficSourceState) SetTrafficSource(v string) *TrafficSourceState { return s } +// SetType sets the Type field's value. +func (s *TrafficSourceState) SetType(v string) *TrafficSourceState { + s.Type = &v + return s +} + type UpdateAutoScalingGroupInput struct { _ struct{} `type:"structure"` @@ -20876,12 +21039,14 @@ type UpdateAutoScalingGroupInput struct { // in the Amazon EC2 Auto Scaling User Guide. HealthCheckGracePeriod *int64 `type:"integer"` - // Determines whether any additional health checks are performed on the instances - // in this group. Amazon EC2 health checks are always on. + // A comma-separated value string of one or more health check types. + // + // The valid values are EC2, ELB, and VPC_LATTICE. EC2 is the default health + // check and cannot be disabled. For more information, see Health checks for + // Auto Scaling instances (https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html) + // in the Amazon EC2 Auto Scaling User Guide. // - // The valid values are EC2 (default), ELB, and VPC_LATTICE. The VPC_LATTICE - // health check type is reserved for use with VPC Lattice, which is in preview - // release and is subject to change. + // Only specify EC2 if you must clear a value that was previously set. HealthCheckType *string `min:"1" type:"string"` // The name of the launch configuration. If you specify LaunchConfigurationName @@ -21884,6 +22049,9 @@ const ( // ScalingActivityStatusCodeCancelled is a ScalingActivityStatusCode enum value ScalingActivityStatusCodeCancelled = "Cancelled" + + // ScalingActivityStatusCodeWaitingForConnectionDraining is a ScalingActivityStatusCode enum value + ScalingActivityStatusCodeWaitingForConnectionDraining = "WaitingForConnectionDraining" ) // ScalingActivityStatusCode_Values returns all elements of the ScalingActivityStatusCode enum @@ -21901,6 +22069,7 @@ func ScalingActivityStatusCode_Values() []string { ScalingActivityStatusCodeSuccessful, ScalingActivityStatusCodeFailed, ScalingActivityStatusCodeCancelled, + ScalingActivityStatusCodeWaitingForConnectionDraining, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go index 4a33432..6cf6114 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go @@ -13,6 +13,91 @@ import ( "github.com/aws/aws-sdk-go/private/protocol/query" ) +const opActivateOrganizationsAccess = "ActivateOrganizationsAccess" + +// ActivateOrganizationsAccessRequest generates a "aws/request.Request" representing the +// client's request for the ActivateOrganizationsAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ActivateOrganizationsAccess for more information on using the ActivateOrganizationsAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ActivateOrganizationsAccessRequest method. +// req, resp := client.ActivateOrganizationsAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/ActivateOrganizationsAccess +func (c *CloudFormation) ActivateOrganizationsAccessRequest(input *ActivateOrganizationsAccessInput) (req *request.Request, output *ActivateOrganizationsAccessOutput) { + op := &request.Operation{ + Name: opActivateOrganizationsAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ActivateOrganizationsAccessInput{} + } + + output = &ActivateOrganizationsAccessOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// ActivateOrganizationsAccess API operation for AWS CloudFormation. +// +// Activate trusted access with Organizations. With trusted access between StackSets +// and Organizations activated, the management account has permissions to create +// and manage StackSets for your organization. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation ActivateOrganizationsAccess for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidOperationException "InvalidOperationException" +// The specified operation isn't valid. +// +// - ErrCodeOperationNotFoundException "OperationNotFoundException" +// The specified ID refers to an operation that doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/ActivateOrganizationsAccess +func (c *CloudFormation) ActivateOrganizationsAccess(input *ActivateOrganizationsAccessInput) (*ActivateOrganizationsAccessOutput, error) { + req, out := c.ActivateOrganizationsAccessRequest(input) + return out, req.Send() +} + +// ActivateOrganizationsAccessWithContext is the same as ActivateOrganizationsAccess with the addition of +// the ability to pass a context and additional request options. +// +// See ActivateOrganizationsAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) ActivateOrganizationsAccessWithContext(ctx aws.Context, input *ActivateOrganizationsAccessInput, opts ...request.Option) (*ActivateOrganizationsAccessOutput, error) { + req, out := c.ActivateOrganizationsAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opActivateType = "ActivateType" // ActivateTypeRequest generates a "aws/request.Request" representing the @@ -61,7 +146,7 @@ func (c *CloudFormation) ActivateTypeRequest(input *ActivateTypeInput) (req *req // in the CloudFormation User Guide. // // Once you have activated a public third-party extension in your account and -// region, use SetTypeConfiguration (AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) +// Region, use SetTypeConfiguration (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) // to specify configuration properties for the extension. For more information, // see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. @@ -147,7 +232,7 @@ func (c *CloudFormation) BatchDescribeTypeConfigurationsRequest(input *BatchDesc // BatchDescribeTypeConfigurations API operation for AWS CloudFormation. // // Returns configuration data for the specified CloudFormation extensions, from -// the CloudFormation registry for the account and region. +// the CloudFormation registry for the account and Region. // // For more information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. @@ -521,7 +606,7 @@ func (c *CloudFormation) CreateStackRequest(input *CreateStackInput) (req *reque // // Creates a stack as specified in the template. After the call completes successfully, // the stack creation starts. You can check the status of the stack through -// the DescribeStacksoperation. +// the DescribeStacks operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -763,6 +848,91 @@ func (c *CloudFormation) CreateStackSetWithContext(ctx aws.Context, input *Creat return out, req.Send() } +const opDeactivateOrganizationsAccess = "DeactivateOrganizationsAccess" + +// DeactivateOrganizationsAccessRequest generates a "aws/request.Request" representing the +// client's request for the DeactivateOrganizationsAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeactivateOrganizationsAccess for more information on using the DeactivateOrganizationsAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeactivateOrganizationsAccessRequest method. +// req, resp := client.DeactivateOrganizationsAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DeactivateOrganizationsAccess +func (c *CloudFormation) DeactivateOrganizationsAccessRequest(input *DeactivateOrganizationsAccessInput) (req *request.Request, output *DeactivateOrganizationsAccessOutput) { + op := &request.Operation{ + Name: opDeactivateOrganizationsAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeactivateOrganizationsAccessInput{} + } + + output = &DeactivateOrganizationsAccessOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeactivateOrganizationsAccess API operation for AWS CloudFormation. +// +// Deactivates trusted access with Organizations. If trusted access is deactivated, +// the management account does not have permissions to create and manage service-managed +// StackSets for your organization. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation DeactivateOrganizationsAccess for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidOperationException "InvalidOperationException" +// The specified operation isn't valid. +// +// - ErrCodeOperationNotFoundException "OperationNotFoundException" +// The specified ID refers to an operation that doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DeactivateOrganizationsAccess +func (c *CloudFormation) DeactivateOrganizationsAccess(input *DeactivateOrganizationsAccessInput) (*DeactivateOrganizationsAccessOutput, error) { + req, out := c.DeactivateOrganizationsAccessRequest(input) + return out, req.Send() +} + +// DeactivateOrganizationsAccessWithContext is the same as DeactivateOrganizationsAccess with the addition of +// the ability to pass a context and additional request options. +// +// See DeactivateOrganizationsAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) DeactivateOrganizationsAccessWithContext(ctx aws.Context, input *DeactivateOrganizationsAccessInput, opts ...request.Option) (*DeactivateOrganizationsAccessOutput, error) { + req, out := c.DeactivateOrganizationsAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeactivateType = "DeactivateType" // DeactivateTypeRequest generates a "aws/request.Request" representing the @@ -808,7 +978,7 @@ func (c *CloudFormation) DeactivateTypeRequest(input *DeactivateTypeInput) (req // DeactivateType API operation for AWS CloudFormation. // // Deactivates a public extension that was previously activated in this account -// and region. +// and Region. // // Once deactivated, an extension can't be used in any CloudFormation operation. // This includes stack update operations where the stack template includes the @@ -1599,6 +1769,91 @@ func (c *CloudFormation) DescribeChangeSetHooksWithContext(ctx aws.Context, inpu return out, req.Send() } +const opDescribeOrganizationsAccess = "DescribeOrganizationsAccess" + +// DescribeOrganizationsAccessRequest generates a "aws/request.Request" representing the +// client's request for the DescribeOrganizationsAccess operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeOrganizationsAccess for more information on using the DescribeOrganizationsAccess +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeOrganizationsAccessRequest method. +// req, resp := client.DescribeOrganizationsAccessRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DescribeOrganizationsAccess +func (c *CloudFormation) DescribeOrganizationsAccessRequest(input *DescribeOrganizationsAccessInput) (req *request.Request, output *DescribeOrganizationsAccessOutput) { + op := &request.Operation{ + Name: opDescribeOrganizationsAccess, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeOrganizationsAccessInput{} + } + + output = &DescribeOrganizationsAccessOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeOrganizationsAccess API operation for AWS CloudFormation. +// +// Retrieves information about the account's OrganizationAccess status. This +// API can be called either by the management account or the delegated administrator +// by using the CallAs parameter. This API can also be called without the CallAs +// parameter by the management account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation DescribeOrganizationsAccess for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidOperationException "InvalidOperationException" +// The specified operation isn't valid. +// +// - ErrCodeOperationNotFoundException "OperationNotFoundException" +// The specified ID refers to an operation that doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DescribeOrganizationsAccess +func (c *CloudFormation) DescribeOrganizationsAccess(input *DescribeOrganizationsAccessInput) (*DescribeOrganizationsAccessOutput, error) { + req, out := c.DescribeOrganizationsAccessRequest(input) + return out, req.Send() +} + +// DescribeOrganizationsAccessWithContext is the same as DescribeOrganizationsAccess with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeOrganizationsAccess for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) DescribeOrganizationsAccessWithContext(ctx aws.Context, input *DescribeOrganizationsAccessInput, opts ...request.Option) (*DescribeOrganizationsAccessOutput, error) { + req, out := c.DescribeOrganizationsAccessRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribePublisher = "DescribePublisher" // DescribePublisherRequest generates a "aws/request.Request" representing the @@ -1733,7 +1988,7 @@ func (c *CloudFormation) DescribeStackDriftDetectionStatusRequest(input *Describ // // Returns information about a stack drift detection operation. A stack drift // detection operation detects whether a stack's actual configuration differs, -// or has drifted, from it's expected configuration, as defined in the stack +// or has drifted, from its expected configuration, as defined in the stack // template and any values specified as template parameters. A stack is considered // to have drifted if one or more of its resources have drifted. For more information // about stack and resource drift, see Detecting Unregulated Configuration Changes @@ -1951,10 +2206,10 @@ func (c *CloudFormation) DescribeStackInstanceRequest(input *DescribeStackInstan // DescribeStackInstance API operation for AWS CloudFormation. // -// Returns the stack instance that's associated with the specified stack set, -// Amazon Web Services account, and Region. +// Returns the stack instance that's associated with the specified StackSet, +// Amazon Web Services account, and Amazon Web Services Region. // -// For a list of stack instances that are associated with a specific stack set, +// For a list of stack instances that are associated with a specific StackSet, // use ListStackInstances. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2344,7 +2599,7 @@ func (c *CloudFormation) DescribeStackSetRequest(input *DescribeStackSetInput) ( // DescribeStackSet API operation for AWS CloudFormation. // -// Returns the description of the specified stack set. +// Returns the description of the specified StackSet. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2422,7 +2677,7 @@ func (c *CloudFormation) DescribeStackSetOperationRequest(input *DescribeStackSe // DescribeStackSetOperation API operation for AWS CloudFormation. // -// Returns the description of the specified stack set operation. +// Returns the description of the specified StackSet operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2726,7 +2981,7 @@ func (c *CloudFormation) DescribeTypeRegistrationRequest(input *DescribeTypeRegi // Returns information about an extension's registration, including its current // status and type and version identifiers. // -// When you initiate a registration request using RegisterType , you can then +// When you initiate a registration request using RegisterType, you can then // use DescribeTypeRegistration to monitor the progress of that registration // request. // @@ -2810,7 +3065,7 @@ func (c *CloudFormation) DetectStackDriftRequest(input *DetectStackDriftInput) ( // DetectStackDrift API operation for AWS CloudFormation. // // Detects whether a stack's actual configuration differs, or has drifted, from -// it's expected configuration, as defined in the stack template and any values +// its expected configuration, as defined in the stack template and any values // specified as template parameters. For each resource in the stack that supports // drift detection, CloudFormation compares the actual configuration of the // resource with its expected template configuration. Only resource properties @@ -2907,7 +3162,7 @@ func (c *CloudFormation) DetectStackResourceDriftRequest(input *DetectStackResou // DetectStackResourceDrift API operation for AWS CloudFormation. // // Returns information about whether a resource's actual configuration differs, -// or has drifted, from it's expected configuration, as defined in the stack +// or has drifted, from its expected configuration, as defined in the stack // template and any values specified as template parameters. This information // includes actual and expected property values for resources in which CloudFormation // detects drift. Only resource properties explicitly defined in the stack template @@ -3025,7 +3280,7 @@ func (c *CloudFormation) DetectStackSetDriftRequest(input *DetectStackSetDriftIn // You can only run a single drift detection operation on a given stack set // at one time. // -// To stop a drift detection stack set operation, use StopStackSetOperation . +// To stop a drift detection stack set operation, use StopStackSetOperation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3545,8 +3800,6 @@ func (c *CloudFormation) ImportStacksToStackSetRequest(input *ImportStacksToStac // source stack or in a different administrator account and Region, by specifying // the stack ID of the stack you intend to import. // -// ImportStacksToStackSet is only supported by self-managed permissions. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5281,7 +5534,7 @@ func (c *CloudFormation) PublishTypeRequest(input *PublishTypeInput) (req *reque // PublishType API operation for AWS CloudFormation. // // Publishes the specified extension to the CloudFormation registry as a public -// extension in this region. Public extensions are available for use by all +// extension in this Region. Public extensions are available for use by all // CloudFormation users. For more information about publishing extensions, see // Publishing extensions to make them available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) // in the CloudFormation CLI User Guide. @@ -5557,15 +5810,15 @@ func (c *CloudFormation) RegisterTypeRequest(input *RegisterTypeInput) (req *req // in the CloudFormation CLI User Guide. // // You can have a maximum of 50 resource extension versions registered at a -// time. This maximum is per account and per region. Use DeregisterType (AWSCloudFormation/latest/APIReference/API_DeregisterType.html) +// time. This maximum is per account and per Region. Use DeregisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeregisterType.html) // to deregister specific extension versions if necessary. // -// Once you have initiated a registration request using RegisterType , you can +// Once you have initiated a registration request using RegisterType, you can // use DescribeTypeRegistration to monitor the progress of the registration // request. // -// Once you have registered a private extension in your account and region, -// use SetTypeConfiguration (AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) +// Once you have registered a private extension in your account and Region, +// use SetTypeConfiguration (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) // to specify configuration properties for the extension. For more information, // see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. @@ -5818,10 +6071,10 @@ func (c *CloudFormation) SetTypeConfigurationRequest(input *SetTypeConfiguration // SetTypeConfiguration API operation for AWS CloudFormation. // // Specifies the configuration data for a registered CloudFormation extension, -// in the given account and region. +// in the given account and Region. // // To view the current configuration data for an extension, refer to the ConfigurationSchema -// element of DescribeType (AWSCloudFormation/latest/APIReference/API_DescribeType.html). +// element of DescribeType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html). // For more information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. // @@ -6175,10 +6428,10 @@ func (c *CloudFormation) TestTypeRequest(input *TestTypeInput) (req *request.Req // in the CloudFormation CLI User Guide. // // If you don't specify a version, CloudFormation uses the default version of -// the extension in your account and region for testing. +// the extension in your account and Region for testing. // // To perform testing, CloudFormation assumes the execution role specified when -// the type was registered. For more information, see RegisterType (AWSCloudFormation/latest/APIReference/API_RegisterType.html). +// the type was registered. For more information, see RegisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). // // Once you've initiated testing on an extension using TestType, you can pass // the returned TypeVersionArn into DescribeType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html) @@ -6819,10 +7072,54 @@ func (s *AccountLimit) SetValue(v int64) *AccountLimit { return s } +type ActivateOrganizationsAccessInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ActivateOrganizationsAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ActivateOrganizationsAccessInput) GoString() string { + return s.String() +} + +type ActivateOrganizationsAccessOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ActivateOrganizationsAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ActivateOrganizationsAccessOutput) GoString() string { + return s.String() +} + type ActivateTypeInput struct { _ struct{} `type:"structure"` - // Whether to automatically update the extension in this account and region + // Whether to automatically update the extension in this account and Region // when a new minor version is published by the extension publisher. Major versions // released by the publisher must be manually updated. // @@ -6862,15 +7159,15 @@ type ActivateTypeInput struct { // Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId. TypeName *string `min:"10" type:"string"` - // An alias to assign to the public extension, in this account and region. If + // An alias to assign to the public extension, in this account and Region. If // you specify an alias for the extension, CloudFormation treats the alias as - // the extension type name within this account and region. You must use the + // the extension type name within this account and Region. You must use the // alias to refer to the extension in your templates, API calls, and CloudFormation // console. // - // An extension alias must be unique within a given account and region. You + // An extension alias must be unique within a given account and Region. You // can activate the same public resource multiple times in the same account - // and region, using different type name aliases. + // and Region, using different type name aliases. TypeNameAlias *string `min:"10" type:"string"` // Manually updates a previously-activated type to a new major or minor version, @@ -6996,7 +7293,7 @@ type ActivateTypeOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the activated extension, in this account - // and region. + // and Region. Arn *string `type:"string"` } @@ -7246,6 +7543,17 @@ type CancelUpdateStackInput struct { // them. ClientRequestToken *string `min:"1" type:"string"` + // + // If you don't pass a parameter to StackName, the API returns a response that + // describes all resources in the account. + // + // The IAM policy below can be added to IAM policies when you want to limit + // resource-level permissions and avoid returning a response when no parameter + // is sent in the request: + // + // { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": "cloudformation:DescribeStacks", + // "NotResource": "arn:aws:cloudformation:*:*:stack/*/*" }] } + // // The name or the unique stack ID that's associated with the stack. // // StackName is a required field @@ -7707,7 +8015,7 @@ type ContinueUpdateRollbackInput struct { _ struct{} `type:"structure"` // A unique identifier for this ContinueUpdateRollback request. Specify this - // token if you plan to retry requests so that CloudFormationknows that you're + // token if you plan to retry requests so that CloudFormation knows that you're // not attempting to continue the rollback to a stack with the same name. You // might retry ContinueUpdateRollback requests to ensure that CloudFormation // successfully received them. @@ -7950,6 +8258,29 @@ type CreateChangeSetInput struct { // associated notification topics, specify an empty list. NotificationARNs []*string `type:"list"` + // Determines what action will be taken if stack creation fails. If this parameter + // is specified, the DisableRollback parameter to the ExecuteChangeSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ExecuteChangeSet.html) + // API operation must not be specified. This must be one of these values: + // + // * DELETE - Deletes the change set if the stack creation fails. This is + // only valid when the ChangeSetType parameter is set to CREATE. If the deletion + // of the stack fails, the status of the stack is DELETE_FAILED. + // + // * DO_NOTHING - if the stack creation fails, do nothing. This is equivalent + // to specifying true for the DisableRollback parameter to the ExecuteChangeSet + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ExecuteChangeSet.html) + // API operation. + // + // * ROLLBACK - if the stack creation fails, roll back the stack. This is + // equivalent to specifying false for the DisableRollback parameter to the + // ExecuteChangeSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ExecuteChangeSet.html) + // API operation. + // + // For nested stacks, when the OnStackFailure parameter is set to DELETE for + // the change set for the parent stack, any failure in a child stack will cause + // the parent stack creation to fail and all stacks to be deleted. + OnStackFailure *string `type:"string" enum:"OnStackFailure"` + // A list of Parameter structures that specify input parameters for the change // set. For more information, see the Parameter data type. Parameters []*Parameter `type:"list"` @@ -8140,6 +8471,12 @@ func (s *CreateChangeSetInput) SetNotificationARNs(v []*string) *CreateChangeSet return s } +// SetOnStackFailure sets the OnStackFailure field's value. +func (s *CreateChangeSetInput) SetOnStackFailure(v string) *CreateChangeSetInput { + s.OnStackFailure = &v + return s +} + // SetParameters sets the Parameters field's value. func (s *CreateChangeSetInput) SetParameters(v []*Parameter) *CreateChangeSetInput { s.Parameters = v @@ -9182,10 +9519,54 @@ func (s *CreateStackSetOutput) SetStackSetId(v string) *CreateStackSetOutput { return s } +type DeactivateOrganizationsAccessInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeactivateOrganizationsAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeactivateOrganizationsAccessInput) GoString() string { + return s.String() +} + +type DeactivateOrganizationsAccessOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeactivateOrganizationsAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeactivateOrganizationsAccessOutput) GoString() string { + return s.String() +} + type DeactivateTypeInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) for the extension, in this account and region. + // The Amazon Resource Name (ARN) for the extension, in this account and Region. // // Conditional: You must specify either Arn, or TypeName and Type. Arn *string `type:"string"` @@ -9195,7 +9576,7 @@ type DeactivateTypeInput struct { // Conditional: You must specify either Arn, or TypeName and Type. Type *string `type:"string" enum:"ThirdPartyType"` - // The type name of the extension, in this account and region. If you specified + // The type name of the extension, in this account and Region. If you specified // a type name alias when enabling the extension, use the type name alias. // // Conditional: You must specify either Arn, or TypeName and Type. @@ -10353,6 +10734,25 @@ type DescribeChangeSetOutput struct { // will be associated with the stack if you execute the change set. NotificationARNs []*string `type:"list"` + // Determines what action will be taken if stack creation fails. When this parameter + // is specified, the DisableRollback parameter to the ExecuteChangeSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ExecuteChangeSet.html) + // API operation must not be specified. This must be one of these values: + // + // * DELETE - Deletes the change set if the stack creation fails. This is + // only valid when the ChangeSetType parameter is set to CREATE. If the deletion + // of the stack fails, the status of the stack is DELETE_FAILED. + // + // * DO_NOTHING - if the stack creation fails, do nothing. This is equivalent + // to specifying true for the DisableRollback parameter to the ExecuteChangeSet + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ExecuteChangeSet.html) + // API operation. + // + // * ROLLBACK - if the stack creation fails, roll back the stack. This is + // equivalent to specifying false for the DisableRollback parameter to the + // ExecuteChangeSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ExecuteChangeSet.html) + // API operation. + OnStackFailure *string `type:"string" enum:"OnStackFailure"` + // A list of Parameter structures that describes the input parameters and their // values used to create the change set. For more information, see the Parameter // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_Parameter.html) @@ -10469,6 +10869,12 @@ func (s *DescribeChangeSetOutput) SetNotificationARNs(v []*string) *DescribeChan return s } +// SetOnStackFailure sets the OnStackFailure field's value. +func (s *DescribeChangeSetOutput) SetOnStackFailure(v string) *DescribeChangeSetOutput { + s.OnStackFailure = &v + return s +} + // SetParameters sets the Parameters field's value. func (s *DescribeChangeSetOutput) SetParameters(v []*Parameter) *DescribeChangeSetOutput { s.Parameters = v @@ -10523,6 +10929,80 @@ func (s *DescribeChangeSetOutput) SetTags(v []*Tag) *DescribeChangeSetOutput { return s } +type DescribeOrganizationsAccessInput struct { + _ struct{} `type:"structure"` + + // [Service-managed permissions] Specifies whether you are acting as an account + // administrator in the organization's management account or as a delegated + // administrator in a member account. + // + // By default, SELF is specified. + // + // * If you are signed in to the management account, specify SELF. + // + // * If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN. + // Your Amazon Web Services account must be registered as a delegated administrator + // in the management account. For more information, see Register a delegated + // administrator (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-delegated-admin.html) + // in the CloudFormation User Guide. + CallAs *string `type:"string" enum:"CallAs"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeOrganizationsAccessInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeOrganizationsAccessInput) GoString() string { + return s.String() +} + +// SetCallAs sets the CallAs field's value. +func (s *DescribeOrganizationsAccessInput) SetCallAs(v string) *DescribeOrganizationsAccessInput { + s.CallAs = &v + return s +} + +type DescribeOrganizationsAccessOutput struct { + _ struct{} `type:"structure"` + + // Presents the status of the OrganizationAccess. + Status *string `type:"string" enum:"OrganizationStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeOrganizationsAccessOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeOrganizationsAccessOutput) GoString() string { + return s.String() +} + +// SetStatus sets the Status field's value. +func (s *DescribeOrganizationsAccessOutput) SetStatus(v string) *DescribeOrganizationsAccessOutput { + s.Status = &v + return s +} + type DescribePublisherInput struct { _ struct{} `type:"structure"` @@ -11626,6 +12106,18 @@ type DescribeStacksInput struct { // A string that identifies the next page of stacks that you want to retrieve. NextToken *string `min:"1" type:"string"` + // + // If you don't pass a parameter to StackName, the API returns a response that + // describes all resources in the account. This requires ListStacks and DescribeStacks + // permissions. + // + // The IAM policy below can be added to IAM policies when you want to limit + // resource-level permissions and avoid returning a response when no parameter + // is sent in the request: + // + // { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": "cloudformation:DescribeStacks", + // "NotResource": "arn:aws:cloudformation:*:*:stack/*/*" }] } + // // The name or the unique stack ID that's associated with the stack, which aren't // always interchangeable: // @@ -11842,14 +12334,14 @@ type DescribeTypeOutput struct { Arn *string `type:"string"` // Whether CloudFormation automatically updates the extension in this account - // and region when a new minor version is published by the extension publisher. + // and Region when a new minor version is published by the extension publisher. // Major versions released by the publisher must be manually updated. For more - // information, see Activating public extensions for use in your account (AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable) + // information, see Activating public extensions for use in your account (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable) // in the CloudFormation User Guide. AutoUpdate *bool `type:"boolean"` // A JSON string that represent the current configuration data for the extension - // in this account and region. + // in this account and Region. // // To set the configuration data for an extension, use SetTypeConfiguration // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html). @@ -11865,7 +12357,7 @@ type DescribeTypeOutput struct { // by third parties, CloudFormation returns null. For more information, see // RegisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). // - // To set the default version of an extension, use SetTypeDefaultVersion . + // To set the default version of an extension, use SetTypeDefaultVersion. DefaultVersionId *string `min:"1" type:"string"` // The deprecation status of the extension version. @@ -11899,7 +12391,7 @@ type DescribeTypeOutput struct { // credentials. ExecutionRoleArn *string `min:"1" type:"string"` - // Whether the extension is activated in the account and region. + // Whether the extension is activated in the account and Region. // // This only applies to public third-party extensions. For all other extensions, // CloudFormation returns null. @@ -11934,16 +12426,16 @@ type DescribeTypeOutput struct { // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). LoggingConfig *LoggingConfig `type:"structure"` - // For public extensions that have been activated for this account and region, + // For public extensions that have been activated for this account and Region, // the Amazon Resource Name (ARN) of the public extension. OriginalTypeArn *string `type:"string"` - // For public extensions that have been activated for this account and region, + // For public extensions that have been activated for this account and Region, // the type name of the public extension. // // If you specified a TypeNameAlias when enabling the extension in this account - // and region, CloudFormation treats that alias as the extension's type name - // within the account and region, not the type name of the public extension. + // and Region, CloudFormation treats that alias as the extension's type name + // within the account and Region, not the type name of the public extension. // For more information, see Specifying aliases to refer to extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-alias) // in the CloudFormation User Guide. OriginalTypeName *string `min:"10" type:"string"` @@ -12235,7 +12727,7 @@ type DescribeTypeRegistrationInput struct { // The identifier for this registration request. // // This registration token is generated by CloudFormation when you initiate - // a registration request using RegisterType . + // a registration request using RegisterType. // // RegistrationToken is a required field RegistrationToken *string `min:"1" type:"string" required:"true"` @@ -12803,7 +13295,19 @@ type ExecuteChangeSetInput struct { ClientRequestToken *string `min:"1" type:"string"` // Preserves the state of previously provisioned resources when an operation - // fails. + // fails. This parameter can't be specified when the OnStackFailure parameter + // to the CreateChangeSet (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateChangeSet.html) + // API operation was specified. + // + // * True - if the stack creation fails, do nothing. This is equivalent to + // specifying DO_NOTHING for the OnStackFailure parameter to the CreateChangeSet + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateChangeSet.html) + // API operation. + // + // * False - if the stack creation fails, roll back the stack. This is equivalent + // to specifying ROLLBACK for the OnStackFailure parameter to the CreateChangeSet + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateChangeSet.html) + // API operation. // // Default: True DisableRollback *bool `type:"boolean"` @@ -15104,9 +15608,9 @@ type ListTypesInput struct { // Valid values include: // // * PRIVATE: Extensions that are visible and usable within this account - // and region. This includes: Private extensions you have registered in this - // account and region. Public extensions that you have activated in this - // account and region. + // and Region. This includes: Private extensions you have registered in this + // account and Region. Public extensions that you have activated in this + // account and Region. // // * PUBLIC: Extensions that are publicly visible and available to be activated // within any Amazon Web Services account. This includes extensions from @@ -15358,7 +15862,7 @@ func (s *ManagedExecution) SetActive(v bool) *ManagedExecution { // if the resource was created from a module included in the stack template. // // For more information about modules, see Using modules to encapsulate and -// reuse resource configurations (AWSCloudFormation/latest/UserGuide/modules.html) +// reuse resource configurations (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) // in the CloudFormation User Guide. type ModuleInfo struct { _ struct{} `type:"structure"` @@ -15372,7 +15876,7 @@ type ModuleInfo struct { // // moduleA/moduleB // - // For more information, see Referencing resources in a module (AWSCloudFormation/latest/UserGuide/modules.html#module-ref-resources) + // For more information, see Referencing resources in a module (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html#module-ref-resources) // in the CloudFormation User Guide. LogicalIdHierarchy *string `type:"string"` @@ -16206,7 +16710,7 @@ type RegisterTypeInput struct { // For CloudFormation to assume the specified execution role, the role must // contain a trust relationship with the CloudFormation service principle (resources.cloudformation.amazonaws.com). // For more information about adding trust relationships, see Modifying a role - // trust policy (IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy) + // trust policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy) // in the Identity and Access Management User Guide. // // If your extension calls Amazon Web Services APIs in any of its handlers, @@ -16361,7 +16865,7 @@ type RegisterTypeOutput struct { // The identifier for this registration request. // - // Use this registration token when calling DescribeTypeRegistration , which + // Use this registration token when calling DescribeTypeRegistration, which // returns information about the status and IDs of the extension registration. RegistrationToken *string `min:"1" type:"string"` } @@ -16402,8 +16906,8 @@ type RequiredActivatedType struct { // The type name of the public extension. // // If you specified a TypeNameAlias when enabling the extension in this account - // and region, CloudFormation treats that alias as the extension's type name - // within the account and region, not the type name of the public extension. + // and Region, CloudFormation treats that alias as the extension's type name + // within the account and Region, not the type name of the public extension. // For more information, see Specifying aliases to refer to extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-alias) // in the CloudFormation User Guide. OriginalTypeName *string `min:"10" type:"string"` @@ -16414,9 +16918,9 @@ type RequiredActivatedType struct { // A list of the major versions of the extension type that the macro supports. SupportedMajorVersions []*int64 `type:"list"` - // An alias assigned to the public extension, in this account and region. If + // An alias assigned to the public extension, in this account and Region. If // you specify an alias for the extension, CloudFormation treats the alias as - // the extension type name within this account and region. You must use the + // the extension type name within this account and Region. You must use the // alias to refer to the extension in your templates, API calls, and CloudFormation // console. TypeNameAlias *string `min:"10" type:"string"` @@ -17269,12 +17773,13 @@ func (s SetStackPolicyOutput) GoString() string { type SetTypeConfigurationInput struct { _ struct{} `type:"structure"` - // The configuration data for the extension, in this account and region. + // The configuration data for the extension, in this account and Region. // // The configuration data must be formatted as JSON, and validate against the - // schema returned in the ConfigurationSchema response element of API_DescribeType - // (AWSCloudFormation/latest/APIReference/API_DescribeType.html). For more information, - // see Defining account-level configuration data for an extension (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-model.html#resource-type-howto-configuration) + // schema returned in the ConfigurationSchema response element of DescribeType + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html). + // For more information, see Defining account-level configuration data for an + // extension (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-model.html#resource-type-howto-configuration) // in the CloudFormation CLI User Guide. // // Configuration is a required field @@ -17291,13 +17796,13 @@ type SetTypeConfigurationInput struct { // Conditional: You must specify ConfigurationArn, or Type and TypeName. Type *string `type:"string" enum:"ThirdPartyType"` - // The Amazon Resource Name (ARN) for the extension, in this account and region. + // The Amazon Resource Name (ARN) for the extension, in this account and Region. // // For public extensions, this will be the ARN assigned when you activate the // type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html) - // in this account and region. For private extensions, this will be the ARN + // in this account and Region. For private extensions, this will be the ARN // assigned when you register the type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html) - // in this account and region. + // in this account and Region. // // Do not include the extension versions suffix at the end of the ARN. You can // set the configuration for an extension, but not for a specific extension @@ -17384,7 +17889,7 @@ type SetTypeConfigurationOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) for the configuration data, in this account - // and region. + // and Region. // // Conditional: You must specify ConfigurationArn, or Type and TypeName. ConfigurationArn *string `type:"string"` @@ -17671,7 +18176,7 @@ type Stack struct { DisableRollback *bool `type:"boolean"` // Information about whether a stack's actual configuration differs, or has - // drifted, from it's expected configuration, as defined in the stack template + // drifted, from its expected configuration, as defined in the stack template // and any values specified as template parameters. For more information, see // Detecting Unregulated Configuration Changes to Stacks and Resources (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html). DriftInformation *StackDriftInformation `type:"structure"` @@ -18407,6 +18912,10 @@ type StackInstanceComprehensiveStatus struct { // * RUNNING: The operation in the specified account and Region is currently // in progress. // + // * SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and + // Region has been skipped because the account was suspended at the time + // of the operation. + // // * SUCCEEDED: The operation in the specified account and Region completed // successfully. DetailedStatus *string `type:"string" enum:"StackInstanceDetailedStatus"` @@ -19391,6 +19900,9 @@ type StackSet struct { // more information, see Grant Service-Managed Stack Set Permissions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-service-managed.html). PermissionModel *string `type:"string" enum:"PermissionModels"` + // Returns a list of all Amazon Web Services Regions the given StackSet has + // stack instances deployed in. The Amazon Web Services Regions list output + // is in no particular order. Regions []*string `type:"list"` // The Amazon Resource Name (ARN) of the stack set. @@ -19958,7 +20470,7 @@ type StackSetOperationPreferences struct { // be in parallel or one Region at a time. RegionConcurrencyType *string `type:"string" enum:"RegionConcurrencyType"` - // The order of the Regions in where you want to perform the stack operation. + // The order of the Regions where you want to perform the stack operation. RegionOrder []*string `type:"list"` } @@ -20440,7 +20952,7 @@ type StackSummary struct { DeletionTime *time.Time `type:"timestamp"` // Summarizes information about whether a stack's actual configuration differs, - // or has drifted, from it's expected configuration, as defined in the stack + // or has drifted, from its expected configuration, as defined in the stack // template and any values specified as template parameters. For more information, // see Detecting Unregulated Configuration Changes to Stacks and Resources (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html). DriftInformation *StackDriftInformationSummary `type:"structure"` @@ -20848,7 +21360,7 @@ type TestTypeInput struct { // You can specify the version id with either Arn, or with TypeName and Type. // // If you don't specify a version, CloudFormation uses the default version of - // the extension in this account and region for testing. + // the extension in this account and Region for testing. VersionId *string `min:"1" type:"string"` } @@ -20951,7 +21463,7 @@ func (s *TestTypeOutput) SetTypeVersionArn(v string) *TestTypeOutput { } // Detailed information concerning the specification of a CloudFormation extension -// in a given account and region. +// in a given account and Region. // // For more information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) // in the CloudFormation User Guide. @@ -20963,11 +21475,11 @@ type TypeConfigurationDetails struct { Alias *string `min:"1" type:"string"` // The Amazon Resource Name (ARN) for the configuration data, in this account - // and region. + // and Region. Arn *string `type:"string"` // A JSON string specifying the configuration data for the extension, in this - // account and region. + // account and Region. // // If a configuration hasn't been set for a specified extension, CloudFormation // returns {}. @@ -20982,13 +21494,13 @@ type TypeConfigurationDetails struct { // returns null. LastUpdated *time.Time `type:"timestamp"` - // The Amazon Resource Name (ARN) for the extension, in this account and region. + // The Amazon Resource Name (ARN) for the extension, in this account and Region. // // For public extensions, this will be the ARN assigned when you activate the // type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html) - // in this account and region. For private extensions, this will be the ARN + // in this account and Region. For private extensions, this will be the ARN // assigned when you register the type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html) - // in this account and region. + // in this account and Region. TypeArn *string `type:"string"` // The name of the extension. @@ -21062,13 +21574,13 @@ type TypeConfigurationIdentifier struct { // The type of extension. Type *string `type:"string" enum:"ThirdPartyType"` - // The Amazon Resource Name (ARN) for the extension, in this account and region. + // The Amazon Resource Name (ARN) for the extension, in this account and Region. // // For public extensions, this will be the ARN assigned when you activate the // type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html) - // in this account and region. For private extensions, this will be the ARN + // in this account and Region. For private extensions, this will be the ARN // assigned when you register the type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html) - // in this account and region. + // in this account and Region. TypeArn *string `type:"string"` // The alias specified for this configuration, if one was specified when the @@ -21076,7 +21588,7 @@ type TypeConfigurationIdentifier struct { TypeConfigurationAlias *string `min:"1" type:"string"` // The Amazon Resource Name (ARN) for the configuration, in this account and - // region. + // Region. TypeConfigurationArn *string `type:"string"` // The name of the extension type to which this configuration applies. @@ -21154,10 +21666,10 @@ type TypeFilters struct { // The category of extensions to return. // // * REGISTERED: Private extensions that have been registered for this account - // and region. + // and Region. // // * ACTIVATED: Public extensions that have been activated for this account - // and region. + // and Region. // // * THIRD_PARTY: Extensions available for use from publishers other than // Amazon. This includes: Private extensions registered in the account. Public @@ -21240,13 +21752,13 @@ type TypeSummary struct { // parties, CloudFormation returns null. For more information, see RegisterType // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). // - // To set the default version of an extension, use SetTypeDefaultVersion . + // To set the default version of an extension, use SetTypeDefaultVersion. DefaultVersionId *string `min:"1" type:"string"` // The description of the extension. Description *string `min:"1" type:"string"` - // Whether the extension is activated for this account and region. + // Whether the extension is activated for this account and Region. // // This applies only to third-party public extensions. Extensions published // by Amazon are activated by default. @@ -21263,33 +21775,33 @@ type TypeSummary struct { // For all other extension types, CloudFormation returns null. LastUpdated *time.Time `type:"timestamp"` - // For public extensions that have been activated for this account and region, + // For public extensions that have been activated for this account and Region, // the latest version of the public extension that is available. For any extensions // other than activated third-arty extensions, CloudFormation returns null. // // How you specified AutoUpdate when enabling the extension affects whether - // CloudFormation automatically updates the extension in this account and region + // CloudFormation automatically updates the extension in this account and Region // when a new version is released. For more information, see Setting CloudFormation // to automatically use new versions of extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto) // in the CloudFormation User Guide. LatestPublicVersion *string `min:"5" type:"string"` - // For public extensions that have been activated for this account and region, + // For public extensions that have been activated for this account and Region, // the type name of the public extension. // // If you specified a TypeNameAlias when enabling the extension in this account - // and region, CloudFormation treats that alias as the extension's type name - // within the account and region, not the type name of the public extension. + // and Region, CloudFormation treats that alias as the extension's type name + // within the account and Region, not the type name of the public extension. // For more information, see Specifying aliases to refer to extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-alias) // in the CloudFormation User Guide. OriginalTypeName *string `min:"10" type:"string"` - // For public extensions that have been activated for this account and region, + // For public extensions that have been activated for this account and Region, // the version of the public extension to be used for CloudFormation operations // in this account and Region. // // How you specified AutoUpdate when enabling the extension affects whether - // CloudFormation automatically updates the extension in this account and region + // CloudFormation automatically updates the extension in this account and Region // when a new version is released. For more information, see Setting CloudFormation // to automatically use new versions of extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto) // in the CloudFormation User Guide. @@ -21319,7 +21831,7 @@ type TypeSummary struct { // The name of the extension. // // If you specified a TypeNameAlias when you activate this extension (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html) - // in your account and region, CloudFormation considers that alias as the type + // in your account and Region, CloudFormation considers that alias as the type // name. TypeName *string `min:"10" type:"string"` } @@ -21438,13 +21950,13 @@ type TypeVersionSummary struct { // returns null. IsDefaultVersion *bool `type:"boolean"` - // For public extensions that have been activated for this account and region, + // For public extensions that have been activated for this account and Region, // the version of the public extension to be used for CloudFormation operations - // in this account and region. For any extensions other than activated third-arty + // in this account and Region. For any extensions other than activated third-arty // extensions, CloudFormation returns null. // // How you specified AutoUpdate when enabling the extension affects whether - // CloudFormation automatically updates the extension in this account and region + // CloudFormation automatically updates the extension in this account and Region // when a new version is released. For more information, see Setting CloudFormation // to automatically use new versions of extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto) // in the CloudFormation User Guide. @@ -23363,6 +23875,26 @@ func OnFailure_Values() []string { } } +const ( + // OnStackFailureDoNothing is a OnStackFailure enum value + OnStackFailureDoNothing = "DO_NOTHING" + + // OnStackFailureRollback is a OnStackFailure enum value + OnStackFailureRollback = "ROLLBACK" + + // OnStackFailureDelete is a OnStackFailure enum value + OnStackFailureDelete = "DELETE" +) + +// OnStackFailure_Values returns all elements of the OnStackFailure enum +func OnStackFailure_Values() []string { + return []string{ + OnStackFailureDoNothing, + OnStackFailureRollback, + OnStackFailureDelete, + } +} + const ( // OperationResultFilterNameOperationResultStatus is a OperationResultFilterName enum value OperationResultFilterNameOperationResultStatus = "OPERATION_RESULT_STATUS" @@ -23399,6 +23931,26 @@ func OperationStatus_Values() []string { } } +const ( + // OrganizationStatusEnabled is a OrganizationStatus enum value + OrganizationStatusEnabled = "ENABLED" + + // OrganizationStatusDisabled is a OrganizationStatus enum value + OrganizationStatusDisabled = "DISABLED" + + // OrganizationStatusDisabledPermanently is a OrganizationStatus enum value + OrganizationStatusDisabledPermanently = "DISABLED_PERMANENTLY" +) + +// OrganizationStatus_Values returns all elements of the OrganizationStatus enum +func OrganizationStatus_Values() []string { + return []string{ + OrganizationStatusEnabled, + OrganizationStatusDisabled, + OrganizationStatusDisabledPermanently, + } +} + const ( // PermissionModelsServiceManaged is a PermissionModels enum value PermissionModelsServiceManaged = "SERVICE_MANAGED" @@ -23753,6 +24305,9 @@ const ( // StackInstanceDetailedStatusInoperable is a StackInstanceDetailedStatus enum value StackInstanceDetailedStatusInoperable = "INOPERABLE" + + // StackInstanceDetailedStatusSkippedSuspendedAccount is a StackInstanceDetailedStatus enum value + StackInstanceDetailedStatusSkippedSuspendedAccount = "SKIPPED_SUSPENDED_ACCOUNT" ) // StackInstanceDetailedStatus_Values returns all elements of the StackInstanceDetailedStatus enum @@ -23764,6 +24319,7 @@ func StackInstanceDetailedStatus_Values() []string { StackInstanceDetailedStatusFailed, StackInstanceDetailedStatusCancelled, StackInstanceDetailedStatusInoperable, + StackInstanceDetailedStatusSkippedSuspendedAccount, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/waiters.go index 183720d..28977d0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/waiters.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/waiters.go @@ -203,6 +203,11 @@ func (c *CloudFormation) WaitUntilStackDeleteCompleteWithContext(ctx aws.Context Matcher: request.PathAnyWaiterMatch, Argument: "Stacks[].StackStatus", Expected: "UPDATE_ROLLBACK_COMPLETE", }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "Stacks[].StackStatus", + Expected: "UPDATE_COMPLETE", + }, }, Logger: c.Config.Logger, NewRequest: func(opts []request.Option) (*request.Request, error) { diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/api.go index 00a621a..2851772 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/api.go @@ -485,10 +485,10 @@ func (c *CloudFront) CreateCachePolicyRequest(input *CreateCachePolicyInput) (re // want objects to stay in the CloudFront cache. // // The headers, cookies, and query strings that are included in the cache key -// are automatically included in requests that CloudFront sends to the origin. -// CloudFront sends a request when it can't find an object in its cache that -// matches the request's cache key. If you want to send values to the origin -// but not include them in the cache key, use OriginRequestPolicy. +// are also included in requests that CloudFront sends to the origin. CloudFront +// sends a request when it can't find an object in its cache that matches the +// request's cache key. If you want to send values to the origin but not include +// them in the cache key, use OriginRequestPolicy. // // For more information about cache policies, see Controlling the cache key // (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) @@ -12394,10 +12394,10 @@ func (s *CacheBehaviors) SetQuantity(v int64) *CacheBehaviors { // want objects to stay in the CloudFront cache. // // The headers, cookies, and query strings that are included in the cache key -// are automatically included in requests that CloudFront sends to the origin. -// CloudFront sends a request when it can't find a valid object in its cache -// that matches the request's cache key. If you want to send values to the origin -// but not include them in the cache key, use OriginRequestPolicy. +// are also included in requests that CloudFront sends to the origin. CloudFront +// sends a request when it can't find a valid object in its cache that matches +// the request's cache key. If you want to send values to the origin but not +// include them in the cache key, use OriginRequestPolicy. type CachePolicy struct { _ struct{} `type:"structure"` @@ -12466,10 +12466,10 @@ func (s *CachePolicy) SetLastModifiedTime(v time.Time) *CachePolicy { // want objects to stay in the CloudFront cache. // // The headers, cookies, and query strings that are included in the cache key -// are automatically included in requests that CloudFront sends to the origin. -// CloudFront sends a request when it can't find a valid object in its cache -// that matches the request's cache key. If you want to send values to the origin -// but not include them in the cache key, use OriginRequestPolicy. +// are also included in requests that CloudFront sends to the origin. CloudFront +// sends a request when it can't find a valid object in its cache that matches +// the request's cache key. If you want to send values to the origin but not +// include them in the cache key, use OriginRequestPolicy. type CachePolicyConfig struct { _ struct{} `type:"structure"` @@ -12517,8 +12517,8 @@ type CachePolicyConfig struct { Name *string `type:"string" required:"true"` // The HTTP headers, cookies, and URL query strings to include in the cache - // key. The values included in the cache key are automatically included in requests - // that CloudFront sends to the origin. + // key. The values included in the cache key are also included in requests that + // CloudFront sends to the origin. ParametersInCacheKeyAndForwardedToOrigin *ParametersInCacheKeyAndForwardedToOrigin `type:"structure"` } @@ -12598,31 +12598,29 @@ func (s *CachePolicyConfig) SetParametersInCacheKeyAndForwardedToOrigin(v *Param } // An object that determines whether any cookies in viewer requests (and if -// so, which cookies) are included in the cache key and automatically included -// in requests that CloudFront sends to the origin. +// so, which cookies) are included in the cache key and in requests that CloudFront +// sends to the origin. type CachePolicyCookiesConfig struct { _ struct{} `type:"structure"` // Determines whether any cookies in viewer requests are included in the cache - // key and automatically included in requests that CloudFront sends to the origin. - // Valid values are: + // key and in requests that CloudFront sends to the origin. Valid values are: // - // * none – Cookies in viewer requests are not included in the cache key - // and are not automatically included in requests that CloudFront sends to - // the origin. Even when this field is set to none, any cookies that are - // listed in an OriginRequestPolicy are included in origin requests. + // * none – No cookies in viewer requests are included in the cache key + // or in requests that CloudFront sends to the origin. Even when this field + // is set to none, any cookies that are listed in an OriginRequestPolicy + // are included in origin requests. // - // * whitelist – The cookies in viewer requests that are listed in the - // CookieNames type are included in the cache key and automatically included - // in requests that CloudFront sends to the origin. + // * whitelist – Only the cookies in viewer requests that are listed in + // the CookieNames type are included in the cache key and in requests that + // CloudFront sends to the origin. // - // * allExcept – All cookies in viewer requests that are not listed in - // the CookieNames type are included in the cache key and automatically included - // in requests that CloudFront sends to the origin. + // * allExcept – All cookies in viewer requests are included in the cache + // key and in requests that CloudFront sends to the origin, except for those + // that are listed in the CookieNames type, which are not included. // // * all – All cookies in viewer requests are included in the cache key - // and are automatically included in requests that CloudFront sends to the - // origin. + // and in requests that CloudFront sends to the origin. // // CookieBehavior is a required field CookieBehavior *string `type:"string" required:"true" enum:"CachePolicyCookieBehavior"` @@ -12680,22 +12678,22 @@ func (s *CachePolicyCookiesConfig) SetCookies(v *CookieNames) *CachePolicyCookie } // An object that determines whether any HTTP headers (and if so, which headers) -// are included in the cache key and automatically included in requests that -// CloudFront sends to the origin. +// are included in the cache key and in requests that CloudFront sends to the +// origin. type CachePolicyHeadersConfig struct { _ struct{} `type:"structure"` - // Determines whether any HTTP headers are included in the cache key and automatically - // included in requests that CloudFront sends to the origin. Valid values are: + // Determines whether any HTTP headers are included in the cache key and in + // requests that CloudFront sends to the origin. Valid values are: // - // * none – HTTP headers are not included in the cache key and are not - // automatically included in requests that CloudFront sends to the origin. - // Even when this field is set to none, any headers that are listed in an - // OriginRequestPolicy are included in origin requests. + // * none – No HTTP headers are included in the cache key or in requests + // that CloudFront sends to the origin. Even when this field is set to none, + // any headers that are listed in an OriginRequestPolicy are included in + // origin requests. // - // * whitelist – The HTTP headers that are listed in the Headers type are - // included in the cache key and are automatically included in requests that - // CloudFront sends to the origin. + // * whitelist – Only the HTTP headers that are listed in the Headers type + // are included in the cache key and in requests that CloudFront sends to + // the origin. // // HeaderBehavior is a required field HeaderBehavior *string `type:"string" required:"true" enum:"CachePolicyHeaderBehavior"` @@ -12819,41 +12817,40 @@ func (s *CachePolicyList) SetQuantity(v int64) *CachePolicyList { } // An object that determines whether any URL query strings in viewer requests -// (and if so, which query strings) are included in the cache key and automatically -// included in requests that CloudFront sends to the origin. +// (and if so, which query strings) are included in the cache key and in requests +// that CloudFront sends to the origin. type CachePolicyQueryStringsConfig struct { _ struct{} `type:"structure"` // Determines whether any URL query strings in viewer requests are included - // in the cache key and automatically included in requests that CloudFront sends - // to the origin. Valid values are: + // in the cache key and in requests that CloudFront sends to the origin. Valid + // values are: // - // * none – Query strings in viewer requests are not included in the cache - // key and are not automatically included in requests that CloudFront sends - // to the origin. Even when this field is set to none, any query strings - // that are listed in an OriginRequestPolicy are included in origin requests. + // * none – No query strings in viewer requests are included in the cache + // key or in requests that CloudFront sends to the origin. Even when this + // field is set to none, any query strings that are listed in an OriginRequestPolicy + // are included in origin requests. // - // * whitelist – The query strings in viewer requests that are listed in - // the QueryStringNames type are included in the cache key and automatically - // included in requests that CloudFront sends to the origin. + // * whitelist – Only the query strings in viewer requests that are listed + // in the QueryStringNames type are included in the cache key and in requests + // that CloudFront sends to the origin. // - // * allExcept – All query strings in viewer requests that are not listed - // in the QueryStringNames type are included in the cache key and automatically - // included in requests that CloudFront sends to the origin. + // * allExcept – All query strings in viewer requests are included in the + // cache key and in requests that CloudFront sends to the origin, except + // those that are listed in the QueryStringNames type, which are not included. // // * all – All query strings in viewer requests are included in the cache - // key and are automatically included in requests that CloudFront sends to - // the origin. + // key and in requests that CloudFront sends to the origin. // // QueryStringBehavior is a required field QueryStringBehavior *string `type:"string" required:"true" enum:"CachePolicyQueryStringBehavior"` // Contains the specific query strings in viewer requests that either are or - // are not included in the cache key and automatically included in requests - // that CloudFront sends to the origin. The behavior depends on whether the - // QueryStringBehavior field in the CachePolicyQueryStringsConfig type is set - // to whitelist (the listed query strings are included) or allExcept (the listed - // query strings are not included, but all other query strings are). + // are not included in the cache key and in requests that CloudFront sends to + // the origin. The behavior depends on whether the QueryStringBehavior field + // in the CachePolicyQueryStringsConfig type is set to whitelist (the listed + // query strings are included) or allExcept (the listed query strings are not + // included, but all other query strings are). QueryStrings *QueryStringNames `type:"structure"` } @@ -27779,17 +27776,21 @@ type OriginRequestPolicyCookiesConfig struct { // Determines whether cookies in viewer requests are included in requests that // CloudFront sends to the origin. Valid values are: // - // * none – Cookies in viewer requests are not included in requests that + // * none – No cookies in viewer requests are included in requests that // CloudFront sends to the origin. Even when this field is set to none, any // cookies that are listed in a CachePolicy are included in origin requests. // - // * whitelist – The cookies in viewer requests that are listed in the - // CookieNames type are included in requests that CloudFront sends to the - // origin. + // * whitelist – Only the cookies in viewer requests that are listed in + // the CookieNames type are included in requests that CloudFront sends to + // the origin. // // * all – All cookies in viewer requests are included in requests that // CloudFront sends to the origin. // + // * allExcept – All cookies in viewer requests are included in requests + // that CloudFront sends to the origin, except for those listed in the CookieNames + // type, which are not included. + // // CookieBehavior is a required field CookieBehavior *string `type:"string" required:"true" enum:"OriginRequestPolicyCookieBehavior"` @@ -27853,12 +27854,12 @@ type OriginRequestPolicyHeadersConfig struct { // Determines whether any HTTP headers are included in requests that CloudFront // sends to the origin. Valid values are: // - // * none – HTTP headers are not included in requests that CloudFront sends - // to the origin. Even when this field is set to none, any headers that are - // listed in a CachePolicy are included in origin requests. + // * none – No HTTP headers in viewer requests are included in requests + // that CloudFront sends to the origin. Even when this field is set to none, + // any headers that are listed in a CachePolicy are included in origin requests. // - // * whitelist – The HTTP headers that are listed in the Headers type are - // included in requests that CloudFront sends to the origin. + // * whitelist – Only the HTTP headers that are listed in the Headers type + // are included in requests that CloudFront sends to the origin. // // * allViewer – All HTTP headers in viewer requests are included in requests // that CloudFront sends to the origin. @@ -27868,6 +27869,10 @@ type OriginRequestPolicyHeadersConfig struct { // are included in requests that CloudFront sends to the origin. The additional // headers are added by CloudFront. // + // * allExcept – All HTTP headers in viewer requests are included in requests + // that CloudFront sends to the origin, except for those listed in the Headers + // type, which are not included. + // // HeaderBehavior is a required field HeaderBehavior *string `type:"string" required:"true" enum:"OriginRequestPolicyHeaderBehavior"` @@ -27998,23 +28003,30 @@ type OriginRequestPolicyQueryStringsConfig struct { // Determines whether any URL query strings in viewer requests are included // in requests that CloudFront sends to the origin. Valid values are: // - // * none – Query strings in viewer requests are not included in requests + // * none – No query strings in viewer requests are included in requests // that CloudFront sends to the origin. Even when this field is set to none, // any query strings that are listed in a CachePolicy are included in origin // requests. // - // * whitelist – The query strings in viewer requests that are listed in - // the QueryStringNames type are included in requests that CloudFront sends - // to the origin. + // * whitelist – Only the query strings in viewer requests that are listed + // in the QueryStringNames type are included in requests that CloudFront + // sends to the origin. // // * all – All query strings in viewer requests are included in requests // that CloudFront sends to the origin. // + // * allExcept – All query strings in viewer requests are included in requests + // that CloudFront sends to the origin, except for those listed in the QueryStringNames + // type, which are not included. + // // QueryStringBehavior is a required field QueryStringBehavior *string `type:"string" required:"true" enum:"OriginRequestPolicyQueryStringBehavior"` - // Contains a list of the query strings in viewer requests that are included - // in requests that CloudFront sends to the origin. + // Contains the specific query strings in viewer requests that either are or + // are not included in requests that CloudFront sends to the origin. The behavior + // depends on whether the QueryStringBehavior field in the OriginRequestPolicyQueryStringsConfig + // type is set to whitelist (the listed query strings are included) or allExcept + // (the listed query strings are not included, but all other query strings are). QueryStrings *QueryStringNames `type:"structure"` } @@ -28333,16 +28345,16 @@ func (s *Origins) SetQuantity(v int64) *Origins { // viewer. // // The headers, cookies, and query strings that are included in the cache key -// are automatically included in requests that CloudFront sends to the origin. -// CloudFront sends a request when it can't find an object in its cache that -// matches the request's cache key. If you want to send values to the origin -// but not include them in the cache key, use OriginRequestPolicy. +// are also included in requests that CloudFront sends to the origin. CloudFront +// sends a request when it can't find an object in its cache that matches the +// request's cache key. If you want to send values to the origin but not include +// them in the cache key, use OriginRequestPolicy. type ParametersInCacheKeyAndForwardedToOrigin struct { _ struct{} `type:"structure"` // An object that determines whether any cookies in viewer requests (and if - // so, which cookies) are included in the cache key and automatically included - // in requests that CloudFront sends to the origin. + // so, which cookies) are included in the cache key and in requests that CloudFront + // sends to the origin. // // CookiesConfig is a required field CookiesConfig *CachePolicyCookiesConfig `type:"structure" required:"true"` @@ -28410,15 +28422,15 @@ type ParametersInCacheKeyAndForwardedToOrigin struct { EnableAcceptEncodingGzip *bool `type:"boolean" required:"true"` // An object that determines whether any HTTP headers (and if so, which headers) - // are included in the cache key and automatically included in requests that - // CloudFront sends to the origin. + // are included in the cache key and in requests that CloudFront sends to the + // origin. // // HeadersConfig is a required field HeadersConfig *CachePolicyHeadersConfig `type:"structure" required:"true"` // An object that determines whether any URL query strings in viewer requests - // (and if so, which query strings) are included in the cache key and automatically - // included in requests that CloudFront sends to the origin. + // (and if so, which query strings) are included in the cache key and in requests + // that CloudFront sends to the origin. // // QueryStringsConfig is a required field QueryStringsConfig *CachePolicyQueryStringsConfig `type:"structure" required:"true"` @@ -35558,6 +35570,9 @@ const ( // OriginRequestPolicyCookieBehaviorAll is a OriginRequestPolicyCookieBehavior enum value OriginRequestPolicyCookieBehaviorAll = "all" + + // OriginRequestPolicyCookieBehaviorAllExcept is a OriginRequestPolicyCookieBehavior enum value + OriginRequestPolicyCookieBehaviorAllExcept = "allExcept" ) // OriginRequestPolicyCookieBehavior_Values returns all elements of the OriginRequestPolicyCookieBehavior enum @@ -35566,6 +35581,7 @@ func OriginRequestPolicyCookieBehavior_Values() []string { OriginRequestPolicyCookieBehaviorNone, OriginRequestPolicyCookieBehaviorWhitelist, OriginRequestPolicyCookieBehaviorAll, + OriginRequestPolicyCookieBehaviorAllExcept, } } @@ -35581,6 +35597,9 @@ const ( // OriginRequestPolicyHeaderBehaviorAllViewerAndWhitelistCloudFront is a OriginRequestPolicyHeaderBehavior enum value OriginRequestPolicyHeaderBehaviorAllViewerAndWhitelistCloudFront = "allViewerAndWhitelistCloudFront" + + // OriginRequestPolicyHeaderBehaviorAllExcept is a OriginRequestPolicyHeaderBehavior enum value + OriginRequestPolicyHeaderBehaviorAllExcept = "allExcept" ) // OriginRequestPolicyHeaderBehavior_Values returns all elements of the OriginRequestPolicyHeaderBehavior enum @@ -35590,6 +35609,7 @@ func OriginRequestPolicyHeaderBehavior_Values() []string { OriginRequestPolicyHeaderBehaviorWhitelist, OriginRequestPolicyHeaderBehaviorAllViewer, OriginRequestPolicyHeaderBehaviorAllViewerAndWhitelistCloudFront, + OriginRequestPolicyHeaderBehaviorAllExcept, } } @@ -35602,6 +35622,9 @@ const ( // OriginRequestPolicyQueryStringBehaviorAll is a OriginRequestPolicyQueryStringBehavior enum value OriginRequestPolicyQueryStringBehaviorAll = "all" + + // OriginRequestPolicyQueryStringBehaviorAllExcept is a OriginRequestPolicyQueryStringBehavior enum value + OriginRequestPolicyQueryStringBehaviorAllExcept = "allExcept" ) // OriginRequestPolicyQueryStringBehavior_Values returns all elements of the OriginRequestPolicyQueryStringBehavior enum @@ -35610,6 +35633,7 @@ func OriginRequestPolicyQueryStringBehavior_Values() []string { OriginRequestPolicyQueryStringBehaviorNone, OriginRequestPolicyQueryStringBehaviorWhitelist, OriginRequestPolicyQueryStringBehaviorAll, + OriginRequestPolicyQueryStringBehaviorAllExcept, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go index 04d0f11..3193d4a 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go @@ -393,8 +393,8 @@ func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req // with the KMS key is still within CloudWatch Logs. This enables CloudWatch // Logs to decrypt this data whenever it is requested. // -// If you attempt to associate a KMS key with the log group but the KMS keydoes -// not exist or the KMS key is disabled, you receive an InvalidParameterException +// If you attempt to associate a KMS key with the log group but the KMS key +// does not exist or the KMS key is disabled, you receive an InvalidParameterException // error. // // CloudWatch Logs supports only symmetric KMS keys. Do not associate an asymmetric @@ -550,6 +550,98 @@ func (c *CloudWatchLogs) CreateLogStreamWithContext(ctx aws.Context, input *Crea return out, req.Send() } +const opDeleteAccountPolicy = "DeleteAccountPolicy" + +// DeleteAccountPolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteAccountPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteAccountPolicy for more information on using the DeleteAccountPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteAccountPolicyRequest method. +// req, resp := client.DeleteAccountPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicy +func (c *CloudWatchLogs) DeleteAccountPolicyRequest(input *DeleteAccountPolicyInput) (req *request.Request, output *DeleteAccountPolicyOutput) { + op := &request.Operation{ + Name: opDeleteAccountPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteAccountPolicyInput{} + } + + output = &DeleteAccountPolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteAccountPolicy API operation for Amazon CloudWatch Logs. +// +// Deletes a CloudWatch Logs account policy. +// +// To use this operation, you must be signed on with the logs:DeleteDataProtectionPolicy +// and logs:DeleteAccountPolicy permissions. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation DeleteAccountPolicy for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicy +func (c *CloudWatchLogs) DeleteAccountPolicy(input *DeleteAccountPolicyInput) (*DeleteAccountPolicyOutput, error) { + req, out := c.DeleteAccountPolicyRequest(input) + return out, req.Send() +} + +// DeleteAccountPolicyWithContext is the same as DeleteAccountPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteAccountPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) DeleteAccountPolicyWithContext(ctx aws.Context, input *DeleteAccountPolicyInput, opts ...request.Option) (*DeleteAccountPolicyOutput, error) { + req, out := c.DeleteAccountPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteDataProtectionPolicy = "DeleteDataProtectionPolicy" // DeleteDataProtectionPolicyRequest generates a "aws/request.Request" representing the @@ -1361,6 +1453,94 @@ func (c *CloudWatchLogs) DeleteSubscriptionFilterWithContext(ctx aws.Context, in return out, req.Send() } +const opDescribeAccountPolicies = "DescribeAccountPolicies" + +// DescribeAccountPoliciesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeAccountPolicies operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeAccountPolicies for more information on using the DescribeAccountPolicies +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeAccountPoliciesRequest method. +// req, resp := client.DescribeAccountPoliciesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPolicies +func (c *CloudWatchLogs) DescribeAccountPoliciesRequest(input *DescribeAccountPoliciesInput) (req *request.Request, output *DescribeAccountPoliciesOutput) { + op := &request.Operation{ + Name: opDescribeAccountPolicies, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeAccountPoliciesInput{} + } + + output = &DescribeAccountPoliciesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeAccountPolicies API operation for Amazon CloudWatch Logs. +// +// Returns a list of all CloudWatch Logs account policies in the account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation DescribeAccountPolicies for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPolicies +func (c *CloudWatchLogs) DescribeAccountPolicies(input *DescribeAccountPoliciesInput) (*DescribeAccountPoliciesOutput, error) { + req, out := c.DescribeAccountPoliciesRequest(input) + return out, req.Send() +} + +// DescribeAccountPoliciesWithContext is the same as DescribeAccountPolicies with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeAccountPolicies for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) DescribeAccountPoliciesWithContext(ctx aws.Context, input *DescribeAccountPoliciesInput, opts ...request.Option) (*DescribeAccountPoliciesOutput, error) { + req, out := c.DescribeAccountPoliciesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeDestinations = "DescribeDestinations" // DescribeDestinationsRequest generates a "aws/request.Request" representing the @@ -2587,7 +2767,7 @@ func (c *CloudWatchLogs) FilterLogEventsRequest(input *FilterLogEventsInput) (re // or filter the results using a filter pattern, a time range, and the name // of the log stream. // -// You must have the logs;FilterLogEvents permission to perform this operation. +// You must have the logs:FilterLogEvents permission to perform this operation. // // You can specify the log group to search by using either logGroupIdentifier // or logGroupName. You must include one of these two parameters, but you can't @@ -3427,6 +3607,129 @@ func (c *CloudWatchLogs) ListTagsLogGroupWithContext(ctx aws.Context, input *Lis return out, req.Send() } +const opPutAccountPolicy = "PutAccountPolicy" + +// PutAccountPolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutAccountPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutAccountPolicy for more information on using the PutAccountPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutAccountPolicyRequest method. +// req, resp := client.PutAccountPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicy +func (c *CloudWatchLogs) PutAccountPolicyRequest(input *PutAccountPolicyInput) (req *request.Request, output *PutAccountPolicyOutput) { + op := &request.Operation{ + Name: opPutAccountPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutAccountPolicyInput{} + } + + output = &PutAccountPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutAccountPolicy API operation for Amazon CloudWatch Logs. +// +// Creates an account-level data protection policy that applies to all log groups +// in the account. A data protection policy can help safeguard sensitive data +// that's ingested by your log groups by auditing and masking the sensitive +// log data. Each account can have only one account-level policy. +// +// Sensitive data is detected and masked when it is ingested into a log group. +// When you set a data protection policy, log events ingested into the log groups +// before that time are not masked. +// +// If you use PutAccountPolicy to create a data protection policy for your whole +// account, it applies to both existing log groups and all log groups that are +// created later in this account. The account policy is applied to existing +// log groups with eventual consistency. It might take up to 5 minutes before +// sensitive data in existing log groups begins to be masked. +// +// By default, when a user views a log event that includes masked data, the +// sensitive data is replaced by asterisks. A user who has the logs:Unmask permission +// can use a GetLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) +// or FilterLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) +// operation with the unmask parameter set to true to view the unmasked log +// events. Users with the logs:Unmask can also view unmasked data in the CloudWatch +// Logs console by running a CloudWatch Logs Insights query with the unmask +// query command. +// +// For more information, including a list of types of data that can be audited +// and masked, see Protect sensitive log data with masking (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html). +// +// To use the PutAccountPolicy operation, you must be signed on with the logs:PutDataProtectionPolicy +// and logs:PutAccountPolicy permissions. +// +// The PutAccountPolicy operation applies to all log groups in the account. +// You can also use PutDataProtectionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html) +// to create a data protection policy that applies to just one log group. If +// a log group has its own data protection policy and the account also has an +// account-level data protection policy, then the two policies are cumulative. +// Any sensitive term specified in either policy is masked. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutAccountPolicy for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicy +func (c *CloudWatchLogs) PutAccountPolicy(input *PutAccountPolicyInput) (*PutAccountPolicyOutput, error) { + req, out := c.PutAccountPolicyRequest(input) + return out, req.Send() +} + +// PutAccountPolicyWithContext is the same as PutAccountPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutAccountPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutAccountPolicyWithContext(ctx aws.Context, input *PutAccountPolicyInput, opts ...request.Option) (*PutAccountPolicyOutput, error) { + req, out := c.PutAccountPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opPutDataProtectionPolicy = "PutDataProtectionPolicy" // PutDataProtectionPolicyRequest generates a "aws/request.Request" representing the @@ -3490,6 +3793,15 @@ func (c *CloudWatchLogs) PutDataProtectionPolicyRequest(input *PutDataProtection // For more information, including a list of types of data that can be audited // and masked, see Protect sensitive log data with masking (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html). // +// The PutDataProtectionPolicy operation applies to only the specified log group. +// You can also use PutAccountPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html) +// to create an account-level data protection policy that applies to all log +// groups in the account, including both existing log groups and log groups +// that are created level. If a log group has its own data protection policy +// and the account also has an account-level data protection policy, then the +// two policies are cumulative. Any sensitive term specified in either policy +// is masked. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3797,6 +4109,8 @@ func (c *CloudWatchLogs) PutLogEventsRequest(input *PutLogEventsInput) (req *req // - A batch of log events in a single request cannot span more than 24 hours. // Otherwise, the operation fails. // +// - Each log event can be no larger than 256 KB. +// // - The maximum number of log events in a batch is 10,000. // // - The quota of five requests per second per log stream has been removed. @@ -4336,8 +4650,8 @@ func (c *CloudWatchLogs) PutSubscriptionFilterRequest(input *PutSubscriptionFilt // If you are updating an existing filter, you must specify the correct name // in filterName. // -// To perform a PutSubscriptionFilter operation, you must also have the iam:PassRole -// permission. +// To perform a PutSubscriptionFilter operation for any destination except a +// Lambda function, you must also have the iam:PassRole permission. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4433,7 +4747,7 @@ func (c *CloudWatchLogs) StartQueryRequest(input *StartQueryInput) (req *request // // For more information, see CloudWatch Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). // -// Queries time out after 15 minutes of runtime. If your queries are timing +// Queries time out after 60 minutes of runtime. If your queries are timing // out, reduce the time range being searched or partition your query into a // number of queries. // @@ -4443,7 +4757,7 @@ func (c *CloudWatchLogs) StartQueryRequest(input *StartQueryInput) (req *request // For a cross-account StartQuery operation, the query definition must be defined // in the monitoring account. // -// You can have up to 20 concurrent CloudWatch Logs insights queries, including +// You can have up to 30 concurrent CloudWatch Logs insights queries, including // queries that have been added to dashboards. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5066,6 +5380,85 @@ func (c *CloudWatchLogs) UntagResourceWithContext(ctx aws.Context, input *UntagR return out, req.Send() } +// A structure that contains information about one CloudWatch Logs account policy. +type AccountPolicy struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services account ID that the policy applies to. + AccountId *string `locationName:"accountId" min:"12" type:"string"` + + // The date and time that this policy was most recently updated. + LastUpdatedTime *int64 `locationName:"lastUpdatedTime" type:"long"` + + // The policy document for this account policy. + // + // The JSON specified in policyDocument can be up to 30,720 characters. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The name of the account policy. + PolicyName *string `locationName:"policyName" type:"string"` + + // The type of policy for this account policy. + PolicyType *string `locationName:"policyType" type:"string" enum:"PolicyType"` + + // The scope of the account policy. + Scope *string `locationName:"scope" type:"string" enum:"Scope"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountPolicy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountPolicy) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *AccountPolicy) SetAccountId(v string) *AccountPolicy { + s.AccountId = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *AccountPolicy) SetLastUpdatedTime(v int64) *AccountPolicy { + s.LastUpdatedTime = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *AccountPolicy) SetPolicyDocument(v string) *AccountPolicy { + s.PolicyDocument = &v + return s +} + +// SetPolicyName sets the PolicyName field's value. +func (s *AccountPolicy) SetPolicyName(v string) *AccountPolicy { + s.PolicyName = &v + return s +} + +// SetPolicyType sets the PolicyType field's value. +func (s *AccountPolicy) SetPolicyType(v string) *AccountPolicy { + s.PolicyType = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *AccountPolicy) SetScope(v string) *AccountPolicy { + s.Scope = &v + return s +} + type AssociateKmsKeyInput struct { _ struct{} `type:"structure"` @@ -5601,7 +5994,77 @@ type DataAlreadyAcceptedException struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DataAlreadyAcceptedException) String() string { +func (s DataAlreadyAcceptedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataAlreadyAcceptedException) GoString() string { + return s.String() +} + +func newErrorDataAlreadyAcceptedException(v protocol.ResponseMetadata) error { + return &DataAlreadyAcceptedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *DataAlreadyAcceptedException) Code() string { + return "DataAlreadyAcceptedException" +} + +// Message returns the exception's message. +func (s *DataAlreadyAcceptedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *DataAlreadyAcceptedException) OrigErr() error { + return nil +} + +func (s *DataAlreadyAcceptedException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *DataAlreadyAcceptedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *DataAlreadyAcceptedException) RequestID() string { + return s.RespMetadata.RequestID +} + +type DeleteAccountPolicyInput struct { + _ struct{} `type:"structure"` + + // The name of the policy to delete. + // + // PolicyName is a required field + PolicyName *string `locationName:"policyName" type:"string" required:"true"` + + // The type of policy to delete. Currently, the only valid value is DATA_PROTECTION_POLICY. + // + // PolicyType is a required field + PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAccountPolicyInput) String() string { return awsutil.Prettify(s) } @@ -5610,46 +6073,58 @@ func (s DataAlreadyAcceptedException) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DataAlreadyAcceptedException) GoString() string { +func (s DeleteAccountPolicyInput) GoString() string { return s.String() } -func newErrorDataAlreadyAcceptedException(v protocol.ResponseMetadata) error { - return &DataAlreadyAcceptedException{ - RespMetadata: v, +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteAccountPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteAccountPolicyInput"} + if s.PolicyName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyName")) + } + if s.PolicyType == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyType")) } -} -// Code returns the exception type name. -func (s *DataAlreadyAcceptedException) Code() string { - return "DataAlreadyAcceptedException" + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// Message returns the exception's message. -func (s *DataAlreadyAcceptedException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" +// SetPolicyName sets the PolicyName field's value. +func (s *DeleteAccountPolicyInput) SetPolicyName(v string) *DeleteAccountPolicyInput { + s.PolicyName = &v + return s } -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *DataAlreadyAcceptedException) OrigErr() error { - return nil +// SetPolicyType sets the PolicyType field's value. +func (s *DeleteAccountPolicyInput) SetPolicyType(v string) *DeleteAccountPolicyInput { + s.PolicyType = &v + return s } -func (s *DataAlreadyAcceptedException) Error() string { - return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +type DeleteAccountPolicyOutput struct { + _ struct{} `type:"structure"` } -// Status code returns the HTTP status code for the request's response error. -func (s *DataAlreadyAcceptedException) StatusCode() int { - return s.RespMetadata.StatusCode +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAccountPolicyOutput) String() string { + return awsutil.Prettify(s) } -// RequestID returns the service's response RequestID for request. -func (s *DataAlreadyAcceptedException) RequestID() string { - return s.RespMetadata.RequestID +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAccountPolicyOutput) GoString() string { + return s.String() } type DeleteDataProtectionPolicyInput struct { @@ -6334,6 +6809,111 @@ func (s DeleteSubscriptionFilterOutput) GoString() string { return s.String() } +type DescribeAccountPoliciesInput struct { + _ struct{} `type:"structure"` + + // If you are using an account that is set up as a monitoring account for CloudWatch + // unified cross-account observability, you can use this to specify the account + // ID of a source account. If you do, the operation returns the account policy + // for the specified account. Currently, you can specify only one account ID + // in this parameter. + // + // If you omit this parameter, only the policy in the current account is returned. + AccountIdentifiers []*string `locationName:"accountIdentifiers" type:"list"` + + // Use this parameter to limit the returned policies to only the policy with + // the name that you specify. + PolicyName *string `locationName:"policyName" type:"string"` + + // Use this parameter to limit the returned policies to only the policies that + // match the policy type that you specify. Currently, the only valid value is + // DATA_PROTECTION_POLICY. + // + // PolicyType is a required field + PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountPoliciesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountPoliciesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeAccountPoliciesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeAccountPoliciesInput"} + if s.PolicyType == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountIdentifiers sets the AccountIdentifiers field's value. +func (s *DescribeAccountPoliciesInput) SetAccountIdentifiers(v []*string) *DescribeAccountPoliciesInput { + s.AccountIdentifiers = v + return s +} + +// SetPolicyName sets the PolicyName field's value. +func (s *DescribeAccountPoliciesInput) SetPolicyName(v string) *DescribeAccountPoliciesInput { + s.PolicyName = &v + return s +} + +// SetPolicyType sets the PolicyType field's value. +func (s *DescribeAccountPoliciesInput) SetPolicyType(v string) *DescribeAccountPoliciesInput { + s.PolicyType = &v + return s +} + +type DescribeAccountPoliciesOutput struct { + _ struct{} `type:"structure"` + + // An array of structures that contain information about the CloudWatch Logs + // account policies that match the specified filters. + AccountPolicies []*AccountPolicy `locationName:"accountPolicies" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountPoliciesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountPoliciesOutput) GoString() string { + return s.String() +} + +// SetAccountPolicies sets the AccountPolicies field's value. +func (s *DescribeAccountPoliciesOutput) SetAccountPolicies(v []*AccountPolicy) *DescribeAccountPoliciesOutput { + s.AccountPolicies = v + return s +} + type DescribeDestinationsInput struct { _ struct{} `type:"structure"` @@ -6581,9 +7161,6 @@ type DescribeLogGroupsInput struct { // If this parameter is set to true and accountIdentifiers contains a null value, // the operation returns all log groups in the monitoring account and all log // groups in all source accounts that are linked to the monitoring account. - // - // If you specify includeLinkedAccounts in your request, then metricFilterCount, - // retentionInDays, and storedBytes are not included in the response. IncludeLinkedAccounts *bool `locationName:"includeLinkedAccounts" type:"boolean"` // The maximum number of items returned. If you don't specify a value, the default @@ -6595,6 +7172,9 @@ type DescribeLogGroupsInput struct { // search. For example, if you specify Foo, log groups named FooBar, aws/Foo, // and GroupFoo would match, but foo, F/o/o and Froo would not match. // + // If you specify logGroupNamePattern in your request, then only arn, creationTime, + // and logGroupName are included in the response. + // // logGroupNamePattern and logGroupNamePrefix are mutually exclusive. Only one // of these parameters can be passed. LogGroupNamePattern *string `locationName:"logGroupNamePattern" type:"string"` @@ -8731,7 +9311,7 @@ type GetQueryResultsOutput struct { // The status of the most recent running of the query. Possible values are Cancelled, // Complete, Failed, Running, Scheduled, Timeout, and Unknown. // - // Queries time out after 15 minutes of runtime. To avoid having your queries + // Queries time out after 60 minutes of runtime. To avoid having your queries // time out, reduce the time range being searched or partition your query into // a number of queries. Status *string `locationName:"status" type:"string" enum:"QueryStatus"` @@ -8778,7 +9358,7 @@ func (s *GetQueryResultsOutput) SetStatus(v string) *GetQueryResultsOutput { type InputLogEvent struct { _ struct{} `type:"structure"` - // The raw event message. + // The raw event message. Each log event can be no larger than 256 KB. // // Message is a required field Message *string `locationName:"message" min:"1" type:"string" required:"true"` @@ -9285,6 +9865,10 @@ type LogGroup struct { // one in the past. For more information, see PutDataProtectionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html). DataProtectionStatus *string `locationName:"dataProtectionStatus" type:"string" enum:"DataProtectionStatus"` + // Displays all the properties that this log group has inherited from account-level + // settings. + InheritedProperties []*string `locationName:"inheritedProperties" type:"list" enum:"InheritedProperty"` + // The Amazon Resource Name (ARN) of the KMS key to use when encrypting log // data. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` @@ -9297,7 +9881,7 @@ type LogGroup struct { // The number of days to retain the log events in the specified log group. Possible // values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, - // 1827, 2192, 2557, 2922, 3288, and 3653. + // 1096, 1827, 2192, 2557, 2922, 3288, and 3653. // // To set a log group so that its log events do not expire, use DeleteRetentionPolicy // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteRetentionPolicy.html). @@ -9343,6 +9927,12 @@ func (s *LogGroup) SetDataProtectionStatus(v string) *LogGroup { return s } +// SetInheritedProperties sets the InheritedProperties field's value. +func (s *LogGroup) SetInheritedProperties(v []*string) *LogGroup { + s.InheritedProperties = v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *LogGroup) SetKmsKeyId(v string) *LogGroup { s.KmsKeyId = &v @@ -9962,6 +10552,153 @@ func (s *OutputLogEvent) SetTimestamp(v int64) *OutputLogEvent { return s } +type PutAccountPolicyInput struct { + _ struct{} `type:"structure"` + + // Specify the data protection policy, in JSON. + // + // This policy must include two JSON blocks: + // + // * The first block must include both a DataIdentifer array and an Operation + // property with an Audit action. The DataIdentifer array lists the types + // of sensitive data that you want to mask. For more information about the + // available options, see Types of data that you can mask (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html). + // The Operation property with an Audit action is required to find the sensitive + // data terms. This Audit action must contain a FindingsDestination object. + // You can optionally use that FindingsDestination object to list one or + // more destinations to send audit findings to. If you specify destinations + // such as log groups, Kinesis Data Firehose streams, and S3 buckets, they + // must already exist. + // + // * The second block must include both a DataIdentifer array and an Operation + // property with an Deidentify action. The DataIdentifer array must exactly + // match the DataIdentifer array in the first block of the policy. The Operation + // property with the Deidentify action is what actually masks the data, and + // it must contain the "MaskConfig": {} object. The "MaskConfig": {} object + // must be empty. + // + // For an example data protection policy, see the Examples section on this page. + // + // The contents of the two DataIdentifer arrays must match exactly. + // + // In addition to the two JSON blocks, the policyDocument can also include Name, + // Description, and Version fields. The Name is different than the operation's + // policyName parameter, and is used as a dimension when CloudWatch Logs reports + // audit findings metrics to CloudWatch. + // + // The JSON specified in policyDocument can be up to 30,720 characters. + // + // PolicyDocument is a required field + PolicyDocument *string `locationName:"policyDocument" type:"string" required:"true"` + + // A name for the policy. This must be unique within the account. + // + // PolicyName is a required field + PolicyName *string `locationName:"policyName" type:"string" required:"true"` + + // Currently the only valid value for this parameter is DATA_PROTECTION_POLICY. + // + // PolicyType is a required field + PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` + + // Currently the only valid value for this parameter is GLOBAL, which specifies + // that the data protection policy applies to all log groups in the account. + // If you omit this parameter, the default of GLOBAL is used. + Scope *string `locationName:"scope" type:"string" enum:"Scope"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutAccountPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutAccountPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutAccountPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutAccountPolicyInput"} + if s.PolicyDocument == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyDocument")) + } + if s.PolicyName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyName")) + } + if s.PolicyType == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *PutAccountPolicyInput) SetPolicyDocument(v string) *PutAccountPolicyInput { + s.PolicyDocument = &v + return s +} + +// SetPolicyName sets the PolicyName field's value. +func (s *PutAccountPolicyInput) SetPolicyName(v string) *PutAccountPolicyInput { + s.PolicyName = &v + return s +} + +// SetPolicyType sets the PolicyType field's value. +func (s *PutAccountPolicyInput) SetPolicyType(v string) *PutAccountPolicyInput { + s.PolicyType = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *PutAccountPolicyInput) SetScope(v string) *PutAccountPolicyInput { + s.Scope = &v + return s +} + +type PutAccountPolicyOutput struct { + _ struct{} `type:"structure"` + + // The account policy that you created. + AccountPolicy *AccountPolicy `locationName:"accountPolicy" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutAccountPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutAccountPolicyOutput) GoString() string { + return s.String() +} + +// SetAccountPolicy sets the AccountPolicy field's value. +func (s *PutAccountPolicyOutput) SetAccountPolicy(v *AccountPolicy) *PutAccountPolicyOutput { + s.AccountPolicy = v + return s +} + type PutDataProtectionPolicyInput struct { _ struct{} `type:"structure"` @@ -9994,7 +10731,13 @@ type PutDataProtectionPolicyInput struct { // // For an example data protection policy, see the Examples section on this page. // - // The contents of two DataIdentifer arrays must match exactly. + // The contents of the two DataIdentifer arrays must match exactly. + // + // In addition to the two JSON blocks, the policyDocument can also include Name, + // Description, and Version fields. The Name is used as a dimension when CloudWatch + // Logs reports audit findings metrics to CloudWatch. + // + // The JSON specified in policyDocument can be up to 30,720 characters. // // PolicyDocument is a required field PolicyDocument *string `locationName:"policyDocument" type:"string" required:"true"` @@ -10244,12 +10987,12 @@ type PutDestinationPolicyInput struct { // Specify true if you are updating an existing destination policy to grant // permission to an organization ID instead of granting permission to individual - // AWS accounts. Before you update a destination policy this way, you must first - // update the subscription filters in the accounts that send logs to this destination. - // If you do not, the subscription filters might stop working. By specifying - // true for forceUpdate, you are affirming that you have already updated the - // subscription filters. For more information, see Updating an existing cross-account - // subscription (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Cross-Account-Log_Subscription-Update.html) + // Amazon Web Services accounts. Before you update a destination policy this + // way, you must first update the subscription filters in the accounts that + // send logs to this destination. If you do not, the subscription filters might + // stop working. By specifying true for forceUpdate, you are affirming that + // you have already updated the subscription filters. For more information, + // see Updating an existing cross-account subscription (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Cross-Account-Log_Subscription-Update.html) // // If you omit this parameter, the default of false is used. ForceUpdate *bool `locationName:"forceUpdate" type:"boolean"` @@ -10866,7 +11609,7 @@ type PutRetentionPolicyInput struct { // The number of days to retain the log events in the specified log group. Possible // values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, - // 1827, 2192, 2557, 2922, 3288, and 3653. + // 1096, 1827, 2192, 2557, 2922, 3288, and 3653. // // To set a log group so that its log events do not expire, use DeleteRetentionPolicy // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteRetentionPolicy.html). @@ -12771,6 +13514,18 @@ func ExportTaskStatusCode_Values() []string { } } +const ( + // InheritedPropertyAccountDataProtection is a InheritedProperty enum value + InheritedPropertyAccountDataProtection = "ACCOUNT_DATA_PROTECTION" +) + +// InheritedProperty_Values returns all elements of the InheritedProperty enum +func InheritedProperty_Values() []string { + return []string{ + InheritedPropertyAccountDataProtection, + } +} + const ( // OrderByLogStreamName is a OrderBy enum value OrderByLogStreamName = "LogStreamName" @@ -12787,6 +13542,18 @@ func OrderBy_Values() []string { } } +const ( + // PolicyTypeDataProtectionPolicy is a PolicyType enum value + PolicyTypeDataProtectionPolicy = "DATA_PROTECTION_POLICY" +) + +// PolicyType_Values returns all elements of the PolicyType enum +func PolicyType_Values() []string { + return []string{ + PolicyTypeDataProtectionPolicy, + } +} + const ( // QueryStatusScheduled is a QueryStatus enum value QueryStatusScheduled = "Scheduled" @@ -12823,6 +13590,18 @@ func QueryStatus_Values() []string { } } +const ( + // ScopeAll is a Scope enum value + ScopeAll = "ALL" +) + +// Scope_Values returns all elements of the Scope enum +func Scope_Values() []string { + return []string{ + ScopeAll, + } +} + const ( // StandardUnitSeconds is a StandardUnit enum value StandardUnitSeconds = "Seconds" diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go index c772710..fc59196 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go @@ -190,10 +190,11 @@ func (c *DynamoDB) BatchGetItemRequest(input *BatchGetItemInput) (req *request.R // // A single operation can retrieve up to 16 MB of data, which can contain as // many as 100 items. BatchGetItem returns a partial result if the response -// size limit is exceeded, the table's provisioned throughput is exceeded, or -// an internal processing failure occurs. If a partial result is returned, the -// operation returns a value for UnprocessedKeys. You can use this value to -// retry the operation starting with the next item to get. +// size limit is exceeded, the table's provisioned throughput is exceeded, more +// than 1MB per partition is requested, or an internal processing failure occurs. +// If a partial result is returned, the operation returns a value for UnprocessedKeys. +// You can use this value to retry the operation starting with the next item +// to get. // // If you request more than 100 items, BatchGetItem returns a ValidationException // with the message "Too many items requested for the BatchGetItem call." @@ -223,7 +224,8 @@ func (c *DynamoDB) BatchGetItemRequest(input *BatchGetItemInput) (req *request.R // in the request. If you want strongly consistent reads instead, you can set // ConsistentRead to true for any or all tables. // -// In order to minimize response latency, BatchGetItem retrieves items in parallel. +// In order to minimize response latency, BatchGetItem may retrieve items in +// parallel. // // When designing your application, keep in mind that DynamoDB does not return // items in any particular order. To help parse the response by item, include @@ -676,6 +678,12 @@ func (c *DynamoDB) CreateBackupRequest(input *CreateBackupInput) (req *request.R // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -773,8 +781,13 @@ func (c *DynamoDB) CreateGlobalTableRequest(input *CreateGlobalTableInput) (req // relationship between two or more DynamoDB tables with the same table name // in the provided Regions. // -// This operation only applies to Version 2017.11.29 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) -// of global tables. +// This operation only applies to Version 2017.11.29 (Legacy) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) +// of global tables. We recommend using Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// when creating new global tables, as it provides greater flexibility, higher +// efficiency and consumes less write capacity than 2017.11.29 (Legacy). To +// determine which version you are using, see Determining the version (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.DetermineVersion.html). +// To update existing global tables from version 2017.11.29 (Legacy) to version +// 2019.11.21 (Current), see Updating global tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_upgrade.html). // // If you want to add a new replica table to a global table, each of the following // conditions must be true: @@ -840,6 +853,12 @@ func (c *DynamoDB) CreateGlobalTableRequest(input *CreateGlobalTableInput) (req // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -989,6 +1008,12 @@ func (c *DynamoDB) CreateTableRequest(input *CreateTableInput) (req *request.Req // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -1119,6 +1144,12 @@ func (c *DynamoDB) DeleteBackupRequest(input *DeleteBackupInput) (req *request.R // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -1363,6 +1394,9 @@ func (c *DynamoDB) DeleteTableRequest(input *DeleteTableInput) (req *request.Req // If the specified table does not exist, DynamoDB returns a ResourceNotFoundException. // If table is already in the DELETING state, no error is returned. // +// This operation only applies to Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// of global tables. +// // DynamoDB might continue to accept data read and write operations, such as // GetItem and PutItem, on a table in the DELETING state until the table deletion // is complete. @@ -1410,6 +1444,12 @@ func (c *DynamoDB) DeleteTableRequest(input *DeleteTableInput) (req *request.Req // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -1708,7 +1748,7 @@ func (c *DynamoDB) DescribeContributorInsightsRequest(input *DescribeContributor // DescribeContributorInsights API operation for Amazon DynamoDB. // -// Returns information about contributor insights, for a given table or global +// Returns information about contributor insights for a given table or global // secondary index. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1792,7 +1832,8 @@ func (c *DynamoDB) DescribeEndpointsRequest(input *DescribeEndpointsInput) (req // DescribeEndpoints API operation for Amazon DynamoDB. // -// Returns the regional endpoint information. +// Returns the regional endpoint information. For more information on policy +// permissions, please see Internetwork traffic privacy (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/inter-network-traffic-privacy.html#inter-network-traffic-DescribeEndpoints). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1968,6 +2009,12 @@ func (c *DynamoDB) DescribeExportRequest(input *DescribeExportInput) (req *reque // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -2063,10 +2110,13 @@ func (c *DynamoDB) DescribeGlobalTableRequest(input *DescribeGlobalTableInput) ( // // Returns information about the specified global table. // -// This operation only applies to Version 2017.11.29 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) -// of global tables. If you are using global tables Version 2019.11.21 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) -// you can use DescribeTable (https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeTable.html) -// instead. +// This operation only applies to Version 2017.11.29 (Legacy) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) +// of global tables. We recommend using Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// when creating new global tables, as it provides greater flexibility, higher +// efficiency and consumes less write capacity than 2017.11.29 (Legacy). To +// determine which version you are using, see Determining the version (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.DetermineVersion.html). +// To update existing global tables from version 2017.11.29 (Legacy) to version +// 2019.11.21 (Current), see Updating global tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_upgrade.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2175,8 +2225,13 @@ func (c *DynamoDB) DescribeGlobalTableSettingsRequest(input *DescribeGlobalTable // // Describes Region-specific settings for a global table. // -// This operation only applies to Version 2017.11.29 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) -// of global tables. +// This operation only applies to Version 2017.11.29 (Legacy) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) +// of global tables. We recommend using Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// when creating new global tables, as it provides greater flexibility, higher +// efficiency and consumes less write capacity than 2017.11.29 (Legacy). To +// determine which version you are using, see Determining the version (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.DetermineVersion.html). +// To update existing global tables from version 2017.11.29 (Legacy) to version +// 2019.11.21 (Current), see Updating global tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_upgrade.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2635,6 +2690,9 @@ func (c *DynamoDB) DescribeTableRequest(input *DescribeTableInput) (req *request // table, when it was created, the primary key schema, and any indexes on the // table. // +// This operation only applies to Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// of global tables. +// // If you issue a DescribeTable request immediately after a CreateTable request, // DynamoDB might return a ResourceNotFoundException. This is because DescribeTable // uses an eventually consistent query, and the metadata for your table might @@ -2724,7 +2782,7 @@ func (c *DynamoDB) DescribeTableReplicaAutoScalingRequest(input *DescribeTableRe // // Describes auto scaling settings across replicas of the global table at once. // -// This operation only applies to Version 2019.11.21 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// This operation only applies to Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) // of global tables. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2973,6 +3031,12 @@ func (c *DynamoDB) DisableKinesisStreamingDestinationRequest(input *DisableKines // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - ResourceInUseException // The operation conflicts with the resource's availability. For example, you // attempted to recreate an existing table, or tried to delete a table currently @@ -3106,6 +3170,12 @@ func (c *DynamoDB) EnableKinesisStreamingDestinationRequest(input *EnableKinesis // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - ResourceInUseException // The operation conflicts with the resource's availability. For example, you // attempted to recreate an existing table, or tried to delete a table currently @@ -3192,7 +3262,8 @@ func (c *DynamoDB) ExecuteStatementRequest(input *ExecuteStatementInput) (req *r // A single SELECT statement response can return up to the maximum number of // items (if using the Limit parameter) or a maximum of 1 MB of data (and then // apply any filtering to the results using WHERE clause). If LastEvaluatedKey -// is present in the response, you need to paginate the result set. +// is present in the response, you need to paginate the result set. If NextToken +// is present, you need to paginate the result set and include NextToken. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3396,7 +3467,7 @@ func (c *DynamoDB) ExecuteTransactionRequest(input *ExecuteTransactionInput) (re // as DynamoDB is automatically scaling the table. Throughput exceeds the // current capacity for one or more global secondary indexes. DynamoDB is // automatically scaling your index so please try again shortly. This message -// is returned when when writes get throttled on an On-Demand GSI as DynamoDB +// is returned when writes get throttled on an On-Demand GSI as DynamoDB // is automatically scaling the GSI. // // - Validation Error: Code: ValidationError Messages: One or more parameter @@ -3414,6 +3485,47 @@ func (c *DynamoDB) ExecuteTransactionRequest(input *ExecuteTransactionInput) (re // - TransactionInProgressException // The transaction with the given request token is already in progress. // +// Recommended Settings +// +// This is a general recommendation for handling the TransactionInProgressException. +// These settings help ensure that the client retries will trigger completion +// of the ongoing TransactWriteItems request. +// +// - Set clientExecutionTimeout to a value that allows at least one retry +// to be processed after 5 seconds have elapsed since the first attempt for +// the TransactWriteItems operation. +// +// - Set socketTimeout to a value a little lower than the requestTimeout +// setting. +// +// - requestTimeout should be set based on the time taken for the individual +// retries of a single HTTP request for your use case, but setting it to +// 1 second or higher should work well to reduce chances of retries and TransactionInProgressException +// errors. +// +// - Use exponential backoff when retrying and tune backoff if needed. +// +// Assuming default retry policy (https://github.com/aws/aws-sdk-java/blob/fd409dee8ae23fb8953e0bb4dbde65536a7e0514/aws-java-sdk-core/src/main/java/com/amazonaws/retry/PredefinedRetryPolicies.java#L97), +// example timeout settings based on the guidelines above are as follows: +// +// Example timeline: +// +// - 0-1000 first attempt +// +// - 1000-1500 first sleep/delay (default retry policy uses 500 ms as base +// delay for 4xx errors) +// +// - 1500-2500 second attempt +// +// - 2500-3500 second sleep/delay (500 * 2, exponential backoff) +// +// - 3500-4500 third attempt +// +// - 4500-6500 third sleep/delay (500 * 2^2) +// +// - 6500-7500 fourth attempt (this can trigger inline recovery since 5 seconds +// have elapsed since the first attempt reached TC) +// // - IdempotentParameterMismatchException // DynamoDB rejected the request because you retried a request with a different // payload but with an idempotent token that was already used. @@ -3537,6 +3649,12 @@ func (c *DynamoDB) ExportTableToPointInTimeRequest(input *ExportTableToPointInTi // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InvalidExportTimeException // The specified ExportTime is outside of the point in time recovery window. // @@ -3772,6 +3890,12 @@ func (c *DynamoDB) ImportTableRequest(input *ImportTableInput) (req *request.Req // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - ImportConflictException // There was a conflict when importing from the specified S3 source. This can // occur when the current import conflicts with a previous import request that @@ -4128,6 +4252,12 @@ func (c *DynamoDB) ListExportsRequest(input *ListExportsInput) (req *request.Req // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -4274,8 +4404,13 @@ func (c *DynamoDB) ListGlobalTablesRequest(input *ListGlobalTablesInput) (req *r // // Lists all global tables that have a replica in the specified Region. // -// This operation only applies to Version 2017.11.29 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) -// of global tables. +// This operation only applies to Version 2017.11.29 (Legacy) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) +// of global tables. We recommend using Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// when creating new global tables, as it provides greater flexibility, higher +// efficiency and consumes less write capacity than 2017.11.29 (Legacy). To +// determine which version you are using, see Determining the version (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.DetermineVersion.html). +// To update existing global tables from version 2017.11.29 (Legacy) to version +// 2019.11.21 (Current), see Updating global tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_upgrade.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4387,6 +4522,12 @@ func (c *DynamoDB) ListImportsRequest(input *ListImportsInput) (req *request.Req // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ListImports func (c *DynamoDB) ListImports(input *ListImportsInput) (*ListImportsOutput, error) { req, out := c.ListImportsRequest(input) @@ -5185,7 +5326,7 @@ func (c *DynamoDB) RestoreTableFromBackupRequest(input *RestoreTableFromBackupIn // RestoreTableFromBackup API operation for Amazon DynamoDB. // // Creates a new table from an existing backup. Any number of users can execute -// up to 4 concurrent restores (any type of restore) in a given account. +// up to 50 concurrent restores (any type of restore) in a given account. // // You can call RestoreTableFromBackup at a maximum rate of 10 times per second. // @@ -5242,6 +5383,12 @@ func (c *DynamoDB) RestoreTableFromBackupRequest(input *RestoreTableFromBackupIn // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -5409,6 +5556,12 @@ func (c *DynamoDB) RestoreTableToPointInTimeRequest(input *RestoreTableToPointIn // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InvalidRestoreTimeException // An invalid restore time was specified. RestoreDateTime must be between EarliestRestorableDateTime // and LatestRestorableDateTime. @@ -5749,6 +5902,12 @@ func (c *DynamoDB) TagResourceRequest(input *TagResourceInput) (req *request.Req // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - ResourceNotFoundException // The operation tried to access a nonexistent table or index. The resource // might not be specified correctly, or its status might not be ACTIVE. @@ -5871,7 +6030,7 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // // - There is a user error, such as an invalid data format. // -// - The aggregate size of the items in the transaction cannot exceed 4 MB. +// - The aggregate size of the items in the transaction exceeded 4 MB. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5958,7 +6117,7 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // as DynamoDB is automatically scaling the table. Throughput exceeds the // current capacity for one or more global secondary indexes. DynamoDB is // automatically scaling your index so please try again shortly. This message -// is returned when when writes get throttled on an On-Demand GSI as DynamoDB +// is returned when writes get throttled on an On-Demand GSI as DynamoDB // is automatically scaling the GSI. // // - Validation Error: Code: ValidationError Messages: One or more parameter @@ -6219,7 +6378,7 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // as DynamoDB is automatically scaling the table. Throughput exceeds the // current capacity for one or more global secondary indexes. DynamoDB is // automatically scaling your index so please try again shortly. This message -// is returned when when writes get throttled on an On-Demand GSI as DynamoDB +// is returned when writes get throttled on an On-Demand GSI as DynamoDB // is automatically scaling the GSI. // // - Validation Error: Code: ValidationError Messages: One or more parameter @@ -6237,6 +6396,47 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // - TransactionInProgressException // The transaction with the given request token is already in progress. // +// Recommended Settings +// +// This is a general recommendation for handling the TransactionInProgressException. +// These settings help ensure that the client retries will trigger completion +// of the ongoing TransactWriteItems request. +// +// - Set clientExecutionTimeout to a value that allows at least one retry +// to be processed after 5 seconds have elapsed since the first attempt for +// the TransactWriteItems operation. +// +// - Set socketTimeout to a value a little lower than the requestTimeout +// setting. +// +// - requestTimeout should be set based on the time taken for the individual +// retries of a single HTTP request for your use case, but setting it to +// 1 second or higher should work well to reduce chances of retries and TransactionInProgressException +// errors. +// +// - Use exponential backoff when retrying and tune backoff if needed. +// +// Assuming default retry policy (https://github.com/aws/aws-sdk-java/blob/fd409dee8ae23fb8953e0bb4dbde65536a7e0514/aws-java-sdk-core/src/main/java/com/amazonaws/retry/PredefinedRetryPolicies.java#L97), +// example timeout settings based on the guidelines above are as follows: +// +// Example timeline: +// +// - 0-1000 first attempt +// +// - 1000-1500 first sleep/delay (default retry policy uses 500 ms as base +// delay for 4xx errors) +// +// - 1500-2500 second attempt +// +// - 2500-3500 second sleep/delay (500 * 2, exponential backoff) +// +// - 3500-4500 third attempt +// +// - 4500-6500 third sleep/delay (500 * 2^2) +// +// - 6500-7500 fourth attempt (this can trigger inline recovery since 5 seconds +// have elapsed since the first attempt reached TC) +// // - IdempotentParameterMismatchException // DynamoDB rejected the request because you retried a request with a different // payload but with an idempotent token that was already used. @@ -6380,6 +6580,12 @@ func (c *DynamoDB) UntagResourceRequest(input *UntagResourceInput) (req *request // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - ResourceNotFoundException // The operation tried to access a nonexistent table or index. The resource // might not be specified correctly, or its status might not be ACTIVE. @@ -6700,6 +6906,19 @@ func (c *DynamoDB) UpdateGlobalTableRequest(input *UpdateGlobalTableInput) (req // schema, have DynamoDB Streams enabled, and have the same provisioned and // maximum write capacity units. // +// This operation only applies to Version 2017.11.29 (Legacy) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) +// of global tables. We recommend using Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// when creating new global tables, as it provides greater flexibility, higher +// efficiency and consumes less write capacity than 2017.11.29 (Legacy). To +// determine which version you are using, see Determining the version (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.DetermineVersion.html). +// To update existing global tables from version 2017.11.29 (Legacy) to version +// 2019.11.21 (Current), see Updating global tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_upgrade.html). +// +// This operation only applies to Version 2017.11.29 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) +// of global tables. If you are using global tables Version 2019.11.21 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// you can use DescribeTable (https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeTable.html) +// instead. +// // Although you can use UpdateGlobalTable to add replicas and remove replicas // in a single request, for simplicity we recommend that you issue separate // requests for adding or removing replicas. @@ -6833,6 +7052,14 @@ func (c *DynamoDB) UpdateGlobalTableSettingsRequest(input *UpdateGlobalTableSett // // Updates settings for a global table. // +// This operation only applies to Version 2017.11.29 (Legacy) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html) +// of global tables. We recommend using Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// when creating new global tables, as it provides greater flexibility, higher +// efficiency and consumes less write capacity than 2017.11.29 (Legacy). To +// determine which version you are using, see Determining the version (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.DetermineVersion.html). +// To update existing global tables from version 2017.11.29 (Legacy) to version +// 2019.11.21 (Current), see Updating global tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_upgrade.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6868,6 +7095,12 @@ func (c *DynamoDB) UpdateGlobalTableSettingsRequest(input *UpdateGlobalTableSett // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - ResourceInUseException // The operation conflicts with the resource's availability. For example, you // attempted to recreate an existing table, or tried to delete a table currently @@ -7107,6 +7340,9 @@ func (c *DynamoDB) UpdateTableRequest(input *UpdateTableInput) (req *request.Req // Modifies the provisioned throughput settings, global secondary indexes, or // DynamoDB Streams settings for a given table. // +// This operation only applies to Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// of global tables. +// // You can only perform one of the following operations at once: // // - Modify the provisioned throughput settings of the table. @@ -7156,6 +7392,12 @@ func (c *DynamoDB) UpdateTableRequest(input *UpdateTableInput) (req *request.Req // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -7226,7 +7468,7 @@ func (c *DynamoDB) UpdateTableReplicaAutoScalingRequest(input *UpdateTableReplic // // Updates auto scaling settings on your global tables at once. // -// This operation only applies to Version 2019.11.21 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) +// This operation only applies to Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) // of global tables. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -7264,6 +7506,12 @@ func (c *DynamoDB) UpdateTableReplicaAutoScalingRequest(input *UpdateTableReplic // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -7421,6 +7669,12 @@ func (c *DynamoDB) UpdateTimeToLiveRequest(input *UpdateTimeToLiveInput) (req *r // // There is a soft account quota of 2,500 tables. // +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. +// // - InternalServerError // An error occurred on the server side. // @@ -9717,14 +9971,20 @@ type ConditionCheck struct { _ struct{} `type:"structure"` // A condition that must be satisfied in order for a conditional update to succeed. + // For more information, see Condition expressions (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.ConditionExpressions.html) + // in the Amazon DynamoDB Developer Guide. // // ConditionExpression is a required field ConditionExpression *string `type:"string" required:"true"` - // One or more substitution tokens for attribute names in an expression. + // One or more substitution tokens for attribute names in an expression. For + // more information, see Expression attribute names (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.ExpressionAttributeNames.html) + // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` - // One or more values that can be substituted in an expression. + // One or more values that can be substituted in an expression. For more information, + // see Condition expressions (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.ConditionExpressions.html) + // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` // The primary key of the item to be checked. Each element consists of an attribute @@ -10615,6 +10875,10 @@ type CreateTableInput struct { // workloads. PAY_PER_REQUEST sets the billing mode to On-Demand Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.OnDemand). BillingMode *string `type:"string" enum:"BillingMode"` + // Indicates whether deletion protection is to be enabled (true) or disabled + // (false) on the table. + DeletionProtectionEnabled *bool `type:"boolean"` + // One or more global secondary indexes (the maximum is 20) to be created on // the table. Each global secondary index in the array includes the following: // @@ -10860,6 +11124,12 @@ func (s *CreateTableInput) SetBillingMode(v string) *CreateTableInput { return s } +// SetDeletionProtectionEnabled sets the DeletionProtectionEnabled field's value. +func (s *CreateTableInput) SetDeletionProtectionEnabled(v bool) *CreateTableInput { + s.DeletionProtectionEnabled = &v + return s +} + // SetGlobalSecondaryIndexes sets the GlobalSecondaryIndexes field's value. func (s *CreateTableInput) SetGlobalSecondaryIndexes(v []*GlobalSecondaryIndex) *CreateTableInput { s.GlobalSecondaryIndexes = v @@ -11332,7 +11602,7 @@ type DeleteItemInput struct { // A map of attribute names to AttributeValue objects, representing the primary // key of the item to delete. // - // For the primary key, you must provide all of the attributes. For example, + // For the primary key, you must provide all of the key attributes. For example, // with a simple primary key, you only need to provide a value for the partition // key. For a composite primary key, you must provide values for both the partition // key and the sort key. @@ -11493,7 +11763,7 @@ type DeleteItemOutput struct { // includes the total provisioned throughput consumed, along with statistics // for the table and any indexes involved in the operation. ConsumedCapacity // is only returned if the ReturnConsumedCapacity parameter was specified. For - // more information, see Provisioned Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // more information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -14647,7 +14917,7 @@ type GetItemOutput struct { // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only // returned if the ReturnConsumedCapacity parameter was specified. For more - // information, see Read/Write Capacity Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughput.html#ItemSizeCalculations.Reads) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -16935,6 +17205,12 @@ func (s *KinesisDataStreamDestination) SetStreamArn(v string) *KinesisDataStream // are allowed per account. // // There is a soft account quota of 2,500 tables. +// +// GetRecords was called with a value of more than 1000 for the limit request +// parameter. +// +// More than 2 processes are reading from the same streams shard at the same +// time. Exceeding this limit may result in request throttling. type LimitExceededException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -18382,7 +18658,7 @@ type ProvisionedThroughput struct { // The maximum number of strongly consistent reads consumed per second before // DynamoDB returns a ThrottlingException. For more information, see Specifying - // Read and Write Requirements (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#ProvisionedThroughput) + // Read and Write Requirements (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughput.html) // in the Amazon DynamoDB Developer Guide. // // If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. @@ -18392,7 +18668,7 @@ type ProvisionedThroughput struct { // The maximum number of writes consumed per second before DynamoDB returns // a ThrottlingException. For more information, see Specifying Read and Write - // Requirements (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#ProvisionedThroughput) + // Requirements (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughput.html) // in the Amazon DynamoDB Developer Guide. // // If read/write capacity mode is PAY_PER_REQUEST the value is set to 0. @@ -19024,7 +19300,7 @@ type PutItemOutput struct { // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only // returned if the ReturnConsumedCapacity parameter was specified. For more - // information, see Read/Write Capacity Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -19382,7 +19658,8 @@ type QueryInput struct { // to specifying ALL_ATTRIBUTES. // // * COUNT - Returns the number of matching items, rather than the matching - // items themselves. + // items themselves. Note that this uses the same quantity of read capacity + // units as getting the items, and is subject to the same item size calculations. // // * SPECIFIC_ATTRIBUTES - Returns only the attributes listed in ProjectionExpression. // This return value is equivalent to specifying ProjectionExpression without @@ -21938,7 +22215,8 @@ type ScanInput struct { // to specifying ALL_ATTRIBUTES. // // * COUNT - Returns the number of matching items, rather than the matching - // items themselves. + // items themselves. Note that this uses the same quantity of read capacity + // units as getting the items, and is subject to the same item size calculations. // // * SPECIFIC_ATTRIBUTES - Returns only the attributes listed in ProjectionExpression. // This return value is equivalent to specifying ProjectionExpression without @@ -22144,7 +22422,7 @@ type ScanOutput struct { // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only // returned if the ReturnConsumedCapacity parameter was specified. For more - // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughput.html#ItemSizeCalculations.Reads) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -22844,6 +23122,10 @@ type TableDescription struct { // format. CreationDateTime *time.Time `type:"timestamp"` + // Indicates whether deletion protection is enabled (true) or disabled (false) + // on the table. + DeletionProtectionEnabled *bool `type:"boolean"` + // The global secondary indexes, if any, on the table. Each index is scoped // to a given partition key value. Each element is composed of: // @@ -23078,6 +23360,12 @@ func (s *TableDescription) SetCreationDateTime(v time.Time) *TableDescription { return s } +// SetDeletionProtectionEnabled sets the DeletionProtectionEnabled field's value. +func (s *TableDescription) SetDeletionProtectionEnabled(v bool) *TableDescription { + s.DeletionProtectionEnabled = &v + return s +} + // SetGlobalSecondaryIndexes sets the GlobalSecondaryIndexes field's value. func (s *TableDescription) SetGlobalSecondaryIndexes(v []*GlobalSecondaryIndexDescription) *TableDescription { s.GlobalSecondaryIndexes = v @@ -23870,7 +24158,7 @@ type TransactWriteItemsInput struct { // // Although multiple identical calls using the same client request token produce // the same result on the server (no side effects), the responses to the calls - // might not be the same. If the ReturnConsumedCapacity> parameter is set, then + // might not be the same. If the ReturnConsumedCapacity parameter is set, then // the initial TransactWriteItems call returns the amount of write capacity // units consumed in making the changes. Subsequent TransactWriteItems calls // with the same client token return the number of read capacity units consumed @@ -24103,7 +24391,7 @@ func (s *TransactWriteItemsOutput) SetItemCollectionMetrics(v map[string][]*Item // as DynamoDB is automatically scaling the table. Throughput exceeds the // current capacity for one or more global secondary indexes. DynamoDB is // automatically scaling your index so please try again shortly. This message -// is returned when when writes get throttled on an On-Demand GSI as DynamoDB +// is returned when writes get throttled on an On-Demand GSI as DynamoDB // is automatically scaling the GSI. // // - Validation Error: Code: ValidationError Messages: One or more parameter @@ -24248,6 +24536,47 @@ func (s *TransactionConflictException) RequestID() string { } // The transaction with the given request token is already in progress. +// +// # Recommended Settings +// +// This is a general recommendation for handling the TransactionInProgressException. +// These settings help ensure that the client retries will trigger completion +// of the ongoing TransactWriteItems request. +// +// - Set clientExecutionTimeout to a value that allows at least one retry +// to be processed after 5 seconds have elapsed since the first attempt for +// the TransactWriteItems operation. +// +// - Set socketTimeout to a value a little lower than the requestTimeout +// setting. +// +// - requestTimeout should be set based on the time taken for the individual +// retries of a single HTTP request for your use case, but setting it to +// 1 second or higher should work well to reduce chances of retries and TransactionInProgressException +// errors. +// +// - Use exponential backoff when retrying and tune backoff if needed. +// +// Assuming default retry policy (https://github.com/aws/aws-sdk-java/blob/fd409dee8ae23fb8953e0bb4dbde65536a7e0514/aws-java-sdk-core/src/main/java/com/amazonaws/retry/PredefinedRetryPolicies.java#L97), +// example timeout settings based on the guidelines above are as follows: +// +// Example timeline: +// +// - 0-1000 first attempt +// +// - 1000-1500 first sleep/delay (default retry policy uses 500 ms as base +// delay for 4xx errors) +// +// - 1500-2500 second attempt +// +// - 2500-3500 second sleep/delay (500 * 2, exponential backoff) +// +// - 3500-4500 third attempt +// +// - 4500-6500 third sleep/delay (500 * 2^2) +// +// - 6500-7500 fourth attempt (this can trigger inline recovery since 5 seconds +// have elapsed since the first attempt reached TC) type TransactionInProgressException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -25224,7 +25553,8 @@ type UpdateItemInput struct { ReturnItemCollectionMetrics *string `type:"string" enum:"ReturnItemCollectionMetrics"` // Use ReturnValues if you want to get the item attributes as they appear before - // or after they are updated. For UpdateItem, the valid values are: + // or after they are successfully updated. For UpdateItem, the valid values + // are: // // * NONE - If ReturnValues is not specified, or if its value is NONE, then // nothing is returned. (This setting is the default for ReturnValues.) @@ -25429,15 +25759,16 @@ type UpdateItemOutput struct { // A map of attribute values as they appear before or after the UpdateItem operation, // as determined by the ReturnValues parameter. // - // The Attributes map is only present if ReturnValues was specified as something - // other than NONE in the request. Each element represents one attribute. + // The Attributes map is only present if the update was successful and ReturnValues + // was specified as something other than NONE in the request. Each element represents + // one attribute. Attributes map[string]*AttributeValue `type:"map"` // The capacity units consumed by the UpdateItem operation. The data returned // includes the total provisioned throughput consumed, along with statistics // for the table and any indexes involved in the operation. ConsumedCapacity // is only returned if the ReturnConsumedCapacity parameter was specified. For - // more information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // more information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughput.html#ItemSizeCalculations.Reads) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -25626,6 +25957,10 @@ type UpdateTableInput struct { // workloads. PAY_PER_REQUEST sets the billing mode to On-Demand Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.OnDemand). BillingMode *string `type:"string" enum:"BillingMode"` + // Indicates whether deletion protection is to be enabled (true) or disabled + // (false) on the table. + DeletionProtectionEnabled *bool `type:"boolean"` + // An array of one or more global secondary indexes for the table. For each // index in the array, you can request one action: // @@ -25648,7 +25983,7 @@ type UpdateTableInput struct { // A list of replica update actions (create, delete, or update) for the table. // - // This property only applies to Version 2019.11.21 (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) + // This property only applies to Version 2019.11.21 (Current) (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) // of global tables. ReplicaUpdates []*ReplicationGroupUpdate `min:"1" type:"list"` @@ -25761,6 +26096,12 @@ func (s *UpdateTableInput) SetBillingMode(v string) *UpdateTableInput { return s } +// SetDeletionProtectionEnabled sets the DeletionProtectionEnabled field's value. +func (s *UpdateTableInput) SetDeletionProtectionEnabled(v bool) *UpdateTableInput { + s.DeletionProtectionEnabled = &v + return s +} + // SetGlobalSecondaryIndexUpdates sets the GlobalSecondaryIndexUpdates field's value. func (s *UpdateTableInput) SetGlobalSecondaryIndexUpdates(v []*GlobalSecondaryIndexUpdate) *UpdateTableInput { s.GlobalSecondaryIndexUpdates = v diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go index 9f7baf8..79b80e6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go @@ -135,6 +135,12 @@ const ( // are allowed per account. // // There is a soft account quota of 2,500 tables. + // + // GetRecords was called with a value of more than 1000 for the limit request + // parameter. + // + // More than 2 processes are reading from the same streams shard at the same + // time. Exceeding this limit may result in request throttling. ErrCodeLimitExceededException = "LimitExceededException" // ErrCodePointInTimeRecoveryUnavailableException for service response error code @@ -283,7 +289,7 @@ const ( // as DynamoDB is automatically scaling the table. Throughput exceeds the // current capacity for one or more global secondary indexes. DynamoDB is // automatically scaling your index so please try again shortly. This message - // is returned when when writes get throttled on an On-Demand GSI as DynamoDB + // is returned when writes get throttled on an On-Demand GSI as DynamoDB // is automatically scaling the GSI. // // * Validation Error: Code: ValidationError Messages: One or more parameter @@ -309,6 +315,47 @@ const ( // "TransactionInProgressException". // // The transaction with the given request token is already in progress. + // + // Recommended Settings + // + // This is a general recommendation for handling the TransactionInProgressException. + // These settings help ensure that the client retries will trigger completion + // of the ongoing TransactWriteItems request. + // + // * Set clientExecutionTimeout to a value that allows at least one retry + // to be processed after 5 seconds have elapsed since the first attempt for + // the TransactWriteItems operation. + // + // * Set socketTimeout to a value a little lower than the requestTimeout + // setting. + // + // * requestTimeout should be set based on the time taken for the individual + // retries of a single HTTP request for your use case, but setting it to + // 1 second or higher should work well to reduce chances of retries and TransactionInProgressException + // errors. + // + // * Use exponential backoff when retrying and tune backoff if needed. + // + // Assuming default retry policy (https://github.com/aws/aws-sdk-java/blob/fd409dee8ae23fb8953e0bb4dbde65536a7e0514/aws-java-sdk-core/src/main/java/com/amazonaws/retry/PredefinedRetryPolicies.java#L97), + // example timeout settings based on the guidelines above are as follows: + // + // Example timeline: + // + // * 0-1000 first attempt + // + // * 1000-1500 first sleep/delay (default retry policy uses 500 ms as base + // delay for 4xx errors) + // + // * 1500-2500 second attempt + // + // * 2500-3500 second sleep/delay (500 * 2, exponential backoff) + // + // * 3500-4500 third attempt + // + // * 4500-6500 third sleep/delay (500 * 2^2) + // + // * 6500-7500 fourth attempt (this can trigger inline recovery since 5 seconds + // have elapsed since the first attempt reached TC) ErrCodeTransactionInProgressException = "TransactionInProgressException" ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 580bc08..300c50f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -683,15 +683,10 @@ func (c *EC2) AllocateAddressRequest(input *AllocateAddressInput) (req *request. // see Bring Your Own IP Addresses (BYOIP) (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) // in the Amazon Elastic Compute Cloud User Guide. // -// [EC2-VPC] If you release an Elastic IP address, you might be able to recover -// it. You cannot recover an Elastic IP address that you released after it is -// allocated to another Amazon Web Services account. You cannot recover an Elastic -// IP address for EC2-Classic. To attempt to recover an Elastic IP address that -// you released, specify it in this operation. -// -// An Elastic IP address is for use either in the EC2-Classic platform or in -// a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic -// per Region and 5 Elastic IP addresses for EC2-VPC per Region. +// If you release an Elastic IP address, you might be able to recover it. You +// cannot recover an Elastic IP address that you released after it is allocated +// to another Amazon Web Services account. To attempt to recover an Elastic +// IP address that you released, specify it in this operation. // // For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -700,10 +695,6 @@ func (c *EC2) AllocateAddressRequest(input *AllocateAddressInput) (req *request. // telecommunication carrier, to a network interface which resides in a subnet // in a Wavelength Zone (for example an EC2 instance). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -850,11 +841,17 @@ func (c *EC2) AllocateIpamPoolCidrRequest(input *AllocateIpamPoolCidrInput) (req // AllocateIpamPoolCidr API operation for Amazon Elastic Compute Cloud. // -// Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment -// from an IPAM pool to another IPAM pool or to a resource. For more information, -// see Allocate CIDRs (https://docs.aws.amazon.com/vpc/latest/ipam/allocate-cidrs-ipam.html) +// Allocate a CIDR from an IPAM pool. The Region you use should be the IPAM +// pool locale. The locale is the Amazon Web Services Region where this IPAM +// pool is available for allocations. +// +// In IPAM, an allocation is a CIDR assignment from an IPAM pool to another +// IPAM pool or to a resource. For more information, see Allocate CIDRs (https://docs.aws.amazon.com/vpc/latest/ipam/allocate-cidrs-ipam.html) // in the Amazon VPC IPAM User Guide. // +// This action creates an allocation with strong consistency. The returned CIDR +// will not overlap with any other allocations from the same pool. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1267,23 +1264,11 @@ func (c *EC2) AssociateAddressRequest(input *AssociateAddressInput) (req *reques // are in subnets in Wavelength Zones) with an instance or a network interface. // Before you can use an Elastic IP address, you must allocate it to your account. // -// An Elastic IP address is for use in either the EC2-Classic platform or in -// a VPC. For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) -// in the Amazon Elastic Compute Cloud User Guide. -// -// [EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is -// already associated with a different instance, it is disassociated from that -// instance and associated with the specified instance. If you associate an -// Elastic IP address with an instance that has an existing Elastic IP address, -// the existing address is disassociated from the instance, but remains allocated -// to your account. -// -// [VPC in an EC2-Classic account] If you don't specify a private IP address, -// the Elastic IP address is associated with the primary IP address. If the -// Elastic IP address is already associated with a different instance or a network -// interface, you get an error unless you allow reassociation. You cannot associate -// an Elastic IP address with an instance or network interface that has an existing -// Elastic IP address. +// If the Elastic IP address is already associated with a different instance, +// it is disassociated from that instance and associated with the specified +// instance. If you associate an Elastic IP address with an instance that has +// an existing Elastic IP address, the existing address is disassociated from +// the instance, but remains allocated to your account. // // [Subnets in Wavelength Zones] You can associate an IP address from the telecommunication // carrier to the instance or network interface. @@ -1296,10 +1281,6 @@ func (c *EC2) AssociateAddressRequest(input *AssociateAddressInput) (req *reques // the Elastic IP address is remapped to the same instance. For more information, // see the Elastic IP Addresses section of Amazon EC2 Pricing (http://aws.amazon.com/ec2/pricing/). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2722,9 +2703,8 @@ func (c *EC2) AttachVerifiedAccessTrustProviderRequest(input *AttachVerifiedAcce // AttachVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. // -// A trust provider is a third-party entity that creates, maintains, and manages -// identity information for users and devices. One or more trust providers can -// be attached to an Amazon Web Services Verified Access instance. +// Attaches the specified Amazon Web Services Verified Access trust provider +// to the specified Amazon Web Services Verified Access instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3931,9 +3911,10 @@ func (c *EC2) CancelSpotFleetRequestsRequest(input *CancelSpotFleetRequestsInput // // Cancels the specified Spot Fleet requests. // -// After you cancel a Spot Fleet request, the Spot Fleet launches no new Spot -// Instances. You must specify whether the Spot Fleet should also terminate -// its Spot Instances. If you terminate the instances, the Spot Fleet request +// After you cancel a Spot Fleet request, the Spot Fleet launches no new instances. +// +// You must also specify whether a canceled Spot Fleet request should terminate +// its instances. If you choose to terminate the instances, the Spot Fleet request // enters the cancelled_terminating state. Otherwise, the Spot Fleet request // enters the cancelled_running state and the instances continue to run until // they are interrupted or you terminate them manually. @@ -5412,10 +5393,12 @@ func (c *EC2) CreateFleetRequest(input *CreateFleetInput) (req *request.Request, // CreateFleet API operation for Amazon Elastic Compute Cloud. // -// Launches an EC2 Fleet. +// Creates an EC2 Fleet that contains the configuration information for On-Demand +// Instances and Spot Instances. Instances are launched immediately if there +// is available capacity. // -// You can create a single EC2 Fleet that includes multiple launch specifications -// that vary by instance type, AMI, Availability Zone, or subnet. +// A single EC2 Fleet can include multiple launch specifications that vary by +// instance type, AMI, Availability Zone, or subnet. // // For more information, see EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html) // in the Amazon EC2 User Guide. @@ -5710,6 +5693,85 @@ func (c *EC2) CreateImageWithContext(ctx aws.Context, input *CreateImageInput, o return out, req.Send() } +const opCreateInstanceConnectEndpoint = "CreateInstanceConnectEndpoint" + +// CreateInstanceConnectEndpointRequest generates a "aws/request.Request" representing the +// client's request for the CreateInstanceConnectEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateInstanceConnectEndpoint for more information on using the CreateInstanceConnectEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateInstanceConnectEndpointRequest method. +// req, resp := client.CreateInstanceConnectEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInstanceConnectEndpoint +func (c *EC2) CreateInstanceConnectEndpointRequest(input *CreateInstanceConnectEndpointInput) (req *request.Request, output *CreateInstanceConnectEndpointOutput) { + op := &request.Operation{ + Name: opCreateInstanceConnectEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateInstanceConnectEndpointInput{} + } + + output = &CreateInstanceConnectEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateInstanceConnectEndpoint API operation for Amazon Elastic Compute Cloud. +// +// Creates an EC2 Instance Connect Endpoint. +// +// An EC2 Instance Connect Endpoint allows you to connect to a resource, without +// requiring the resource to have a public IPv4 address. For more information, +// see Connect to your resources without requiring a public IPv4 address using +// EC2 Instance Connect Endpoint (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html) +// in the Amazon EC2 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateInstanceConnectEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateInstanceConnectEndpoint +func (c *EC2) CreateInstanceConnectEndpoint(input *CreateInstanceConnectEndpointInput) (*CreateInstanceConnectEndpointOutput, error) { + req, out := c.CreateInstanceConnectEndpointRequest(input) + return out, req.Send() +} + +// CreateInstanceConnectEndpointWithContext is the same as CreateInstanceConnectEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See CreateInstanceConnectEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateInstanceConnectEndpointWithContext(ctx aws.Context, input *CreateInstanceConnectEndpointInput, opts ...request.Option) (*CreateInstanceConnectEndpointOutput, error) { + req, out := c.CreateInstanceConnectEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateInstanceEventWindow = "CreateInstanceEventWindow" // CreateInstanceEventWindowRequest generates a "aws/request.Request" representing the @@ -7285,7 +7347,7 @@ func (c *EC2) CreateNetworkInsightsPathRequest(input *CreateNetworkInsightsPathI // // Reachability Analyzer enables you to analyze and debug network reachability // between two resources in your virtual private cloud (VPC). For more information, -// see What is Reachability Analyzer (https://docs.aws.amazon.com/vpc/latest/reachability/). +// see the Reachability Analyzer Guide (https://docs.aws.amazon.com/vpc/latest/reachability/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8227,8 +8289,8 @@ func (c *EC2) CreateSnapshotRequest(input *CreateSnapshotInput) (req *request.Re // snapshot. You may remount and use your volume while the snapshot status is // pending. // -// To create a snapshot for Amazon EBS volumes that serve as root devices, you -// should stop the instance before taking the snapshot. +// When you create a snapshot for an EBS volume that serves as a root device, +// we recommend that you stop the instance before taking the snapshot. // // Snapshots that are taken from encrypted volumes are automatically encrypted. // Volumes that are created from encrypted snapshots are also automatically @@ -10066,10 +10128,9 @@ func (c *EC2) CreateVerifiedAccessGroupRequest(input *CreateVerifiedAccessGroupI // // An Amazon Web Services Verified Access group is a collection of Amazon Web // Services Verified Access endpoints who's associated applications have similar -// security requirements. Each instance within an Amazon Web Services Verified -// Access group shares an Amazon Web Services Verified Access policy. For example, -// you can group all Amazon Web Services Verified Access instances associated -// with “sales” applications together and use one common Amazon Web Services +// security requirements. Each instance within a Verified Access group shares +// an Verified Access policy. For example, you can group all Verified Access +// instances associated with "sales" applications together and use one common // Verified Access policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -10220,9 +10281,8 @@ func (c *EC2) CreateVerifiedAccessTrustProviderRequest(input *CreateVerifiedAcce // // A trust provider is a third-party entity that creates, maintains, and manages // identity information for users and devices. When an application request is -// made, the identity information sent by the trust provider will be evaluated -// by Amazon Web Services Verified Access, before allowing or denying the application -// request. +// made, the identity information sent by the trust provider is evaluated by +// Verified Access before allowing or denying the application request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11657,11 +11717,11 @@ func (c *EC2) DeleteFleetsRequest(input *DeleteFleetsInput) (req *request.Reques // DeleteFleets API operation for Amazon Elastic Compute Cloud. // -// Deletes the specified EC2 Fleet. +// Deletes the specified EC2 Fleets. // // After you delete an EC2 Fleet, it launches no new instances. // -// You must specify whether a deleted EC2 Fleet should also terminate its instances. +// You must also specify whether a deleted EC2 Fleet should terminate its instances. // If you choose to terminate the instances, the EC2 Fleet enters the deleted_terminating // state. Otherwise, the EC2 Fleet enters the deleted_running state, and the // instances continue to run until they are interrupted or you terminate them @@ -11857,6 +11917,79 @@ func (c *EC2) DeleteFpgaImageWithContext(ctx aws.Context, input *DeleteFpgaImage return out, req.Send() } +const opDeleteInstanceConnectEndpoint = "DeleteInstanceConnectEndpoint" + +// DeleteInstanceConnectEndpointRequest generates a "aws/request.Request" representing the +// client's request for the DeleteInstanceConnectEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteInstanceConnectEndpoint for more information on using the DeleteInstanceConnectEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteInstanceConnectEndpointRequest method. +// req, resp := client.DeleteInstanceConnectEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteInstanceConnectEndpoint +func (c *EC2) DeleteInstanceConnectEndpointRequest(input *DeleteInstanceConnectEndpointInput) (req *request.Request, output *DeleteInstanceConnectEndpointOutput) { + op := &request.Operation{ + Name: opDeleteInstanceConnectEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteInstanceConnectEndpointInput{} + } + + output = &DeleteInstanceConnectEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteInstanceConnectEndpoint API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified EC2 Instance Connect Endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteInstanceConnectEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteInstanceConnectEndpoint +func (c *EC2) DeleteInstanceConnectEndpoint(input *DeleteInstanceConnectEndpointInput) (*DeleteInstanceConnectEndpointOutput, error) { + req, out := c.DeleteInstanceConnectEndpointRequest(input) + return out, req.Send() +} + +// DeleteInstanceConnectEndpointWithContext is the same as DeleteInstanceConnectEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteInstanceConnectEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteInstanceConnectEndpointWithContext(ctx aws.Context, input *DeleteInstanceConnectEndpointInput, opts ...request.Option) (*DeleteInstanceConnectEndpointOutput, error) { + req, out := c.DeleteInstanceConnectEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteInstanceEventWindow = "DeleteInstanceEventWindow" // DeleteInstanceEventWindowRequest generates a "aws/request.Request" representing the @@ -17110,9 +17243,6 @@ func (c *EC2) DescribeAccountAttributesRequest(input *DescribeAccountAttributesI // Describes attributes of your Amazon Web Services account. The following are // the supported account attributes: // -// - supported-platforms: Indicates whether your account can launch instances -// into EC2-Classic and EC2-VPC, or only into EC2-VPC. -// // - default-vpc: The ID of the default VPC for your account, or none. // // - max-instances: This attribute is no longer supported. The returned value @@ -17120,19 +17250,16 @@ func (c *EC2) DescribeAccountAttributesRequest(input *DescribeAccountAttributesI // For more information, see On-Demand Instance Limits (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits) // in the Amazon Elastic Compute Cloud User Guide. // -// - vpc-max-security-groups-per-interface: The maximum number of security -// groups that you can assign to a network interface. -// // - max-elastic-ips: The maximum number of Elastic IP addresses that you -// can allocate for use with EC2-Classic. +// can allocate. +// +// - supported-platforms: This attribute is deprecated. // // - vpc-max-elastic-ips: The maximum number of Elastic IP addresses that -// you can allocate for use with EC2-VPC. +// you can allocate. // -// We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate -// from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic -// to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon EC2 User Guide. +// - vpc-max-security-groups-per-interface: The maximum number of security +// groups that you can assign to a network interface. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -17215,6 +17342,15 @@ func (c *EC2) DescribeAddressTransfersRequest(input *DescribeAddressTransfersInp // Elastic IP addresses (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro) // in the Amazon Virtual Private Cloud User Guide. // +// When you transfer an Elastic IP address, there is a two-step handshake between +// the source and transfer Amazon Web Services accounts. When the source account +// starts the transfer, the transfer account has seven days to accept the Elastic +// IP address transfer. During those seven days, the source account can view +// the pending transfer by using this action. After seven days, the transfer +// expires and ownership of the Elastic IP address returns to the source account. +// Accepted transfers are visible to the source account for three days after +// the transfers have been accepted. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -17339,14 +17475,6 @@ func (c *EC2) DescribeAddressesRequest(input *DescribeAddressesInput) (req *requ // // Describes the specified Elastic IP addresses or all of your Elastic IP addresses. // -// An Elastic IP address is for use in either the EC2-Classic platform or in -// a VPC. For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) -// in the Amazon Elastic Compute Cloud User Guide. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -22172,6 +22300,137 @@ func (c *EC2) DescribeInstanceAttributeWithContext(ctx aws.Context, input *Descr return out, req.Send() } +const opDescribeInstanceConnectEndpoints = "DescribeInstanceConnectEndpoints" + +// DescribeInstanceConnectEndpointsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeInstanceConnectEndpoints operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeInstanceConnectEndpoints for more information on using the DescribeInstanceConnectEndpoints +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeInstanceConnectEndpointsRequest method. +// req, resp := client.DescribeInstanceConnectEndpointsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceConnectEndpoints +func (c *EC2) DescribeInstanceConnectEndpointsRequest(input *DescribeInstanceConnectEndpointsInput) (req *request.Request, output *DescribeInstanceConnectEndpointsOutput) { + op := &request.Operation{ + Name: opDescribeInstanceConnectEndpoints, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeInstanceConnectEndpointsInput{} + } + + output = &DescribeInstanceConnectEndpointsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeInstanceConnectEndpoints API operation for Amazon Elastic Compute Cloud. +// +// Describes the specified EC2 Instance Connect Endpoints or all EC2 Instance +// Connect Endpoints. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeInstanceConnectEndpoints for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceConnectEndpoints +func (c *EC2) DescribeInstanceConnectEndpoints(input *DescribeInstanceConnectEndpointsInput) (*DescribeInstanceConnectEndpointsOutput, error) { + req, out := c.DescribeInstanceConnectEndpointsRequest(input) + return out, req.Send() +} + +// DescribeInstanceConnectEndpointsWithContext is the same as DescribeInstanceConnectEndpoints with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeInstanceConnectEndpoints for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceConnectEndpointsWithContext(ctx aws.Context, input *DescribeInstanceConnectEndpointsInput, opts ...request.Option) (*DescribeInstanceConnectEndpointsOutput, error) { + req, out := c.DescribeInstanceConnectEndpointsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeInstanceConnectEndpointsPages iterates over the pages of a DescribeInstanceConnectEndpoints operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeInstanceConnectEndpoints method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeInstanceConnectEndpoints operation. +// pageNum := 0 +// err := client.DescribeInstanceConnectEndpointsPages(params, +// func(page *ec2.DescribeInstanceConnectEndpointsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeInstanceConnectEndpointsPages(input *DescribeInstanceConnectEndpointsInput, fn func(*DescribeInstanceConnectEndpointsOutput, bool) bool) error { + return c.DescribeInstanceConnectEndpointsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeInstanceConnectEndpointsPagesWithContext same as DescribeInstanceConnectEndpointsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceConnectEndpointsPagesWithContext(ctx aws.Context, input *DescribeInstanceConnectEndpointsInput, fn func(*DescribeInstanceConnectEndpointsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeInstanceConnectEndpointsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeInstanceConnectEndpointsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeInstanceConnectEndpointsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeInstanceCreditSpecifications = "DescribeInstanceCreditSpecifications" // DescribeInstanceCreditSpecificationsRequest generates a "aws/request.Request" representing the @@ -25324,9 +25583,11 @@ func (c *EC2) DescribeMovingAddressesRequest(input *DescribeMovingAddressesInput // DescribeMovingAddresses API operation for Amazon Elastic Compute Cloud. // -// Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, -// or that are being restored to the EC2-Classic platform. This request does -// not return information about any other Elastic IP addresses in your account. +// This action is deprecated. +// +// Describes your Elastic IP addresses that are being moved from or being restored +// to the EC2-Classic platform. This request does not return information about +// any other Elastic IP addresses in your account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29221,11 +29482,11 @@ func (c *EC2) DescribeSpotInstanceRequestsRequest(input *DescribeSpotInstanceReq // with a filter to look for instances where the instance lifecycle is spot. // // We recommend that you set MaxResults to a value between 5 and 1000 to limit -// the number of results returned. This paginates the output, which makes the -// list more manageable and returns the results faster. If the list of results -// exceeds your MaxResults value, then that number of results is returned along -// with a NextToken value that can be passed to a subsequent DescribeSpotInstanceRequests -// request to retrieve the remaining results. +// the number of items returned. This paginates the output, which makes the +// list more manageable and returns the items faster. If the list of items exceeds +// your MaxResults value, then that number of items is returned along with a +// NextToken value that can be passed to a subsequent DescribeSpotInstanceRequests +// request to retrieve the remaining items. // // Spot Instance requests are deleted four hours after they are canceled and // their instances are terminated. @@ -31870,7 +32131,7 @@ func (c *EC2) DescribeVerifiedAccessEndpointsRequest(input *DescribeVerifiedAcce // DescribeVerifiedAccessEndpoints API operation for Amazon Elastic Compute Cloud. // -// Describe Amazon Web Services Verified Access endpoints. +// Describes the specified Amazon Web Services Verified Access endpoints. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32000,7 +32261,7 @@ func (c *EC2) DescribeVerifiedAccessGroupsRequest(input *DescribeVerifiedAccessG // DescribeVerifiedAccessGroups API operation for Amazon Elastic Compute Cloud. // -// Describe details of existing Verified Access groups. +// Describes the specified Verified Access groups. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32130,8 +32391,7 @@ func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(input * // DescribeVerifiedAccessInstanceLoggingConfigurations API operation for Amazon Elastic Compute Cloud. // -// Describes the current logging configuration for the Amazon Web Services Verified -// Access instances. +// Describes the specified Amazon Web Services Verified Access instances. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32261,7 +32521,7 @@ func (c *EC2) DescribeVerifiedAccessInstancesRequest(input *DescribeVerifiedAcce // DescribeVerifiedAccessInstances API operation for Amazon Elastic Compute Cloud. // -// Describe Verified Access instances. +// Describes the specified Amazon Web Services Verified Access instances. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32391,7 +32651,7 @@ func (c *EC2) DescribeVerifiedAccessTrustProvidersRequest(input *DescribeVerifie // DescribeVerifiedAccessTrustProviders API operation for Amazon Elastic Compute Cloud. // -// Describe details of existing Verified Access trust providers. +// Describes the specified Amazon Web Services Verified Access trust providers. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -34700,7 +34960,8 @@ func (c *EC2) DetachVerifiedAccessTrustProviderRequest(input *DetachVerifiedAcce // DetachVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. // -// Detach a trust provider from an Amazon Web Services Verified Access instance. +// Detaches the specified Amazon Web Services Verified Access trust provider +// from the specified Amazon Web Services Verified Access instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -35864,14 +36125,6 @@ func (c *EC2) DisassociateAddressRequest(input *DisassociateAddressInput) (req * // Disassociates an Elastic IP address from the instance or network interface // it's associated with. // -// An Elastic IP address is for use in either the EC2-Classic platform or in -// a VPC. For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) -// in the Amazon Elastic Compute Cloud User Guide. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // This is an idempotent operation. If you perform the operation more than once, // Amazon EC2 doesn't return an error. // @@ -40163,7 +40416,14 @@ func (c *EC2) GetIpamPoolAllocationsRequest(input *GetIpamPoolAllocationsInput) // GetIpamPoolAllocations API operation for Amazon Elastic Compute Cloud. // -// Get a list of all the CIDR allocations in an IPAM pool. +// Get a list of all the CIDR allocations in an IPAM pool. The Region you use +// should be the IPAM pool locale. The locale is the Amazon Web Services Region +// where this IPAM pool is available for allocations. +// +// If you use this action after AllocateIpamPoolCidr (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateIpamPoolCidr.html) +// or ReleaseIpamPoolAllocation (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html), +// note that all EC2 API actions follow an eventual consistency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/query-api-troubleshooting.html#eventual-consistency) +// model. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -40879,6 +41139,12 @@ func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsRequest(input *GetNet Name: opGetNetworkInsightsAccessScopeAnalysisFindings, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -40922,6 +41188,57 @@ func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsWithContext(ctx aws.C return out, req.Send() } +// GetNetworkInsightsAccessScopeAnalysisFindingsPages iterates over the pages of a GetNetworkInsightsAccessScopeAnalysisFindings operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetNetworkInsightsAccessScopeAnalysisFindings method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetNetworkInsightsAccessScopeAnalysisFindings operation. +// pageNum := 0 +// err := client.GetNetworkInsightsAccessScopeAnalysisFindingsPages(params, +// func(page *ec2.GetNetworkInsightsAccessScopeAnalysisFindingsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsPages(input *GetNetworkInsightsAccessScopeAnalysisFindingsInput, fn func(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, bool) bool) error { + return c.GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext same as GetNetworkInsightsAccessScopeAnalysisFindingsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetNetworkInsightsAccessScopeAnalysisFindingsPagesWithContext(ctx aws.Context, input *GetNetworkInsightsAccessScopeAnalysisFindingsInput, fn func(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetNetworkInsightsAccessScopeAnalysisFindingsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetNetworkInsightsAccessScopeAnalysisFindingsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetNetworkInsightsAccessScopeAnalysisFindingsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetNetworkInsightsAccessScopeContent = "GetNetworkInsightsAccessScopeContent" // GetNetworkInsightsAccessScopeContentRequest generates a "aws/request.Request" representing the @@ -42662,6 +42979,79 @@ func (c *EC2) GetVpnConnectionDeviceTypesPagesWithContext(ctx aws.Context, input return p.Err() } +const opGetVpnTunnelReplacementStatus = "GetVpnTunnelReplacementStatus" + +// GetVpnTunnelReplacementStatusRequest generates a "aws/request.Request" representing the +// client's request for the GetVpnTunnelReplacementStatus operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetVpnTunnelReplacementStatus for more information on using the GetVpnTunnelReplacementStatus +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetVpnTunnelReplacementStatusRequest method. +// req, resp := client.GetVpnTunnelReplacementStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVpnTunnelReplacementStatus +func (c *EC2) GetVpnTunnelReplacementStatusRequest(input *GetVpnTunnelReplacementStatusInput) (req *request.Request, output *GetVpnTunnelReplacementStatusOutput) { + op := &request.Operation{ + Name: opGetVpnTunnelReplacementStatus, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetVpnTunnelReplacementStatusInput{} + } + + output = &GetVpnTunnelReplacementStatusOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetVpnTunnelReplacementStatus API operation for Amazon Elastic Compute Cloud. +// +// Get details of available tunnel endpoint maintenance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetVpnTunnelReplacementStatus for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVpnTunnelReplacementStatus +func (c *EC2) GetVpnTunnelReplacementStatus(input *GetVpnTunnelReplacementStatusInput) (*GetVpnTunnelReplacementStatusOutput, error) { + req, out := c.GetVpnTunnelReplacementStatusRequest(input) + return out, req.Send() +} + +// GetVpnTunnelReplacementStatusWithContext is the same as GetVpnTunnelReplacementStatus with the addition of +// the ability to pass a context and additional request options. +// +// See GetVpnTunnelReplacementStatus for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetVpnTunnelReplacementStatusWithContext(ctx aws.Context, input *GetVpnTunnelReplacementStatusInput, opts ...request.Option) (*GetVpnTunnelReplacementStatusOutput, error) { + req, out := c.GetVpnTunnelReplacementStatusRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opImportClientVpnClientCertificateRevocationList = "ImportClientVpnClientCertificateRevocationList" // ImportClientVpnClientCertificateRevocationListRequest generates a "aws/request.Request" representing the @@ -42782,6 +43172,11 @@ func (c *EC2) ImportImageRequest(input *ImportImageInput) (req *request.Request, // ImportImage API operation for Amazon Elastic Compute Cloud. // +// To import your virtual machines (VMs) with a console-based experience, you +// can use the Import virtual machine images to Amazon Web Services template +// in the Migration Hub Orchestrator console (https://console.aws.amazon.com/migrationhub/orchestrator). +// For more information, see the Migration Hub Orchestrator User Guide (https://docs.aws.amazon.com/migrationhub-orchestrator/latest/userguide/import-vm-images.html). +// // Import single or multi-volume disk images or EBS snapshots into an Amazon // Machine Image (AMI). // @@ -44464,8 +44859,10 @@ func (c *EC2) ModifyImageAttributeRequest(input *ModifyImageAttributeInput) (req // ModifyImageAttribute API operation for Amazon Elastic Compute Cloud. // // Modifies the specified attribute of the specified AMI. You can specify only -// one attribute at a time. You can use the Attribute parameter to specify the -// attribute or one of the following parameters: Description or LaunchPermission. +// one attribute at a time. +// +// To specify the attribute, you can use the Attribute parameter, or one of +// the following parameters: Description, ImdsSupport, or LaunchPermission. // // Images with an Amazon Web Services Marketplace product code cannot be made // public. @@ -44549,10 +44946,10 @@ func (c *EC2) ModifyInstanceAttributeRequest(input *ModifyInstanceAttributeInput // only one attribute at a time. // // Note: Using this action to change the security groups associated with an -// elastic network interface (ENI) attached to an instance in a VPC can result -// in an error if the instance has more than one ENI. To change the security -// groups associated with an ENI attached to an instance that has multiple ENIs, -// we recommend that you use the ModifyNetworkInterfaceAttribute action. +// elastic network interface (ENI) attached to an instance can result in an +// error if the instance has more than one ENI. To change the security groups +// associated with an ENI attached to an instance that has multiple ENIs, we +// recommend that you use the ModifyNetworkInterfaceAttribute action. // // To modify some attributes, the instance must be stopped. For more information, // see Modify a stopped instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html) @@ -45951,10 +46348,6 @@ func (c *EC2) ModifyReservedInstancesRequest(input *ModifyReservedInstancesInput // For more information, see Modifying Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) // in the Amazon EC2 User Guide. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -46905,7 +47298,8 @@ func (c *EC2) ModifyVerifiedAccessEndpointRequest(input *ModifyVerifiedAccessEnd // ModifyVerifiedAccessEndpoint API operation for Amazon Elastic Compute Cloud. // -// Modifies the configuration of an Amazon Web Services Verified Access endpoint. +// Modifies the configuration of the specified Amazon Web Services Verified +// Access endpoint. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -46978,7 +47372,7 @@ func (c *EC2) ModifyVerifiedAccessEndpointPolicyRequest(input *ModifyVerifiedAcc // ModifyVerifiedAccessEndpointPolicy API operation for Amazon Elastic Compute Cloud. // -// Modifies the specified Verified Access endpoint policy. +// Modifies the specified Amazon Web Services Verified Access endpoint policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -47051,7 +47445,7 @@ func (c *EC2) ModifyVerifiedAccessGroupRequest(input *ModifyVerifiedAccessGroupI // ModifyVerifiedAccessGroup API operation for Amazon Elastic Compute Cloud. // -// Modifies the specified Verified Access group configuration. +// Modifies the specified Amazon Web Services Verified Access group configuration. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -47124,7 +47518,7 @@ func (c *EC2) ModifyVerifiedAccessGroupPolicyRequest(input *ModifyVerifiedAccess // ModifyVerifiedAccessGroupPolicy API operation for Amazon Elastic Compute Cloud. // -// Modifies the specified Verified Access group policy. +// Modifies the specified Amazon Web Services Verified Access group policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -47197,7 +47591,8 @@ func (c *EC2) ModifyVerifiedAccessInstanceRequest(input *ModifyVerifiedAccessIns // ModifyVerifiedAccessInstance API operation for Amazon Elastic Compute Cloud. // -// Modifies the configuration of the specified Verified Access instance. +// Modifies the configuration of the specified Amazon Web Services Verified +// Access instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -48076,14 +48471,14 @@ func (c *EC2) ModifyVpcPeeringConnectionOptionsRequest(input *ModifyVpcPeeringCo // If the peered VPCs are in the same Amazon Web Services account, you can enable // DNS resolution for queries from the local VPC. This ensures that queries // from the local VPC resolve to private IP addresses in the peer VPC. This -// option is not available if the peered VPCs are in different different Amazon -// Web Services accounts or different Regions. For peered VPCs in different -// Amazon Web Services accounts, each Amazon Web Services account owner must -// initiate a separate request to modify the peering connection options. For -// inter-region peering connections, you must use the Region for the requester -// VPC to modify the requester VPC peering options and the Region for the accepter -// VPC to modify the accepter VPC peering options. To verify which VPCs are -// the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections +// option is not available if the peered VPCs are in different Amazon Web Services +// accounts or different Regions. For peered VPCs in different Amazon Web Services +// accounts, each Amazon Web Services account owner must initiate a separate +// request to modify the peering connection options. For inter-region peering +// connections, you must use the Region for the requester VPC to modify the +// requester VPC peering options and the Region for the accepter VPC to modify +// the accepter VPC peering options. To verify which VPCs are the accepter and +// the requester for a VPC peering connection, use the DescribeVpcPeeringConnections // command. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -48659,6 +49054,8 @@ func (c *EC2) MoveAddressToVpcRequest(input *MoveAddressToVpcInput) (req *reques // MoveAddressToVpc API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC // platform. The Elastic IP address must be allocated to your account for more // than 24 hours, and it must not be associated with an instance. After the @@ -48667,10 +49064,6 @@ func (c *EC2) MoveAddressToVpcRequest(input *MoveAddressToVpcInput) (req *reques // You cannot move an Elastic IP address that was originally allocated for use // in the EC2-VPC platform to the EC2-Classic platform. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -49154,10 +49547,6 @@ func (c *EC2) PurchaseReservedInstancesOfferingRequest(input *PurchaseReservedIn // and Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) // in the Amazon EC2 User Guide. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -50137,13 +50526,9 @@ func (c *EC2) ReleaseAddressRequest(input *ReleaseAddressInput) (req *request.Re // // Releases the specified Elastic IP address. // -// [EC2-Classic, default VPC] Releasing an Elastic IP address automatically -// disassociates it from any instance that it's associated with. To disassociate -// an Elastic IP address without releasing it, use DisassociateAddress. -// -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// [Default VPC] Releasing an Elastic IP address automatically disassociates +// it from any instance that it's associated with. To disassociate an Elastic +// IP address without releasing it, use DisassociateAddress. // // [Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic // IP address before you can release it. Otherwise, Amazon EC2 returns an error @@ -50155,11 +50540,8 @@ func (c *EC2) ReleaseAddressRequest(input *ReleaseAddressInput) (req *request.Re // already released, you'll get an AuthFailure error if the address is already // allocated to another Amazon Web Services account. // -// [EC2-VPC] After you release an Elastic IP address for use in a VPC, you might -// be able to recover it. For more information, see AllocateAddress. -// -// For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) -// in the Amazon Elastic Compute Cloud User Guide. +// After you release an Elastic IP address, you might be able to recover it. +// For more information, see AllocateAddress. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -50315,13 +50697,18 @@ func (c *EC2) ReleaseIpamPoolAllocationRequest(input *ReleaseIpamPoolAllocationI // ReleaseIpamPoolAllocation API operation for Amazon Elastic Compute Cloud. // -// Release an allocation within an IPAM pool. You can only use this action to -// release manual allocations. To remove an allocation for a resource without -// deleting the resource, set its monitored state to false using ModifyIpamResourceCidr +// Release an allocation within an IPAM pool. The Region you use should be the +// IPAM pool locale. The locale is the Amazon Web Services Region where this +// IPAM pool is available for allocations. You can only use this action to release +// manual allocations. To remove an allocation for a resource without deleting +// the resource, set its monitored state to false using ModifyIpamResourceCidr // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html). // For more information, see Release an allocation (https://docs.aws.amazon.com/vpc/latest/ipam/release-pool-alloc-ipam.html) // in the Amazon VPC IPAM User Guide. // +// All EC2 API actions follow an eventual consistency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/query-api-troubleshooting.html#eventual-consistency) +// model. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -50817,6 +51204,79 @@ func (c *EC2) ReplaceTransitGatewayRouteWithContext(ctx aws.Context, input *Repl return out, req.Send() } +const opReplaceVpnTunnel = "ReplaceVpnTunnel" + +// ReplaceVpnTunnelRequest generates a "aws/request.Request" representing the +// client's request for the ReplaceVpnTunnel operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ReplaceVpnTunnel for more information on using the ReplaceVpnTunnel +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ReplaceVpnTunnelRequest method. +// req, resp := client.ReplaceVpnTunnelRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceVpnTunnel +func (c *EC2) ReplaceVpnTunnelRequest(input *ReplaceVpnTunnelInput) (req *request.Request, output *ReplaceVpnTunnelOutput) { + op := &request.Operation{ + Name: opReplaceVpnTunnel, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ReplaceVpnTunnelInput{} + } + + output = &ReplaceVpnTunnelOutput{} + req = c.newRequest(op, input, output) + return +} + +// ReplaceVpnTunnel API operation for Amazon Elastic Compute Cloud. +// +// Trigger replacement of specified VPN tunnel. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ReplaceVpnTunnel for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReplaceVpnTunnel +func (c *EC2) ReplaceVpnTunnel(input *ReplaceVpnTunnelInput) (*ReplaceVpnTunnelOutput, error) { + req, out := c.ReplaceVpnTunnelRequest(input) + return out, req.Send() +} + +// ReplaceVpnTunnelWithContext is the same as ReplaceVpnTunnel with the addition of +// the ability to pass a context and additional request options. +// +// See ReplaceVpnTunnel for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ReplaceVpnTunnelWithContext(ctx aws.Context, input *ReplaceVpnTunnelInput, opts ...request.Option) (*ReplaceVpnTunnelOutput, error) { + req, out := c.ReplaceVpnTunnelRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opReportInstanceStatus = "ReportInstanceStatus" // ReportInstanceStatusRequest generates a "aws/request.Request" representing the @@ -51052,10 +51512,6 @@ func (c *EC2) RequestSpotInstancesRequest(input *RequestSpotInstancesInput) (req // see Which is the best Spot request method to use? (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) // in the Amazon EC2 User Guide for Linux Instances. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon EC2 User Guide for Linux Instances. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -51664,15 +52120,13 @@ func (c *EC2) RestoreAddressToClassicRequest(input *RestoreAddressToClassicInput // RestoreAddressToClassic API operation for Amazon Elastic Compute Cloud. // +// This action is deprecated. +// // Restores an Elastic IP address that was previously moved to the EC2-VPC platform // back to the EC2-Classic platform. You cannot move an Elastic IP address that // was originally allocated for use in EC2-VPC. The Elastic IP address must // not be associated with an instance or network interface. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -52317,20 +52771,13 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques // You can specify a number of options, or leave the default options. The following // rules apply: // -// - [EC2-VPC] If you don't specify a subnet ID, we choose a default subnet -// from your default VPC for you. If you don't have a default VPC, you must -// specify a subnet ID in the request. -// -// - [EC2-Classic] If don't specify an Availability Zone, we choose one for -// you. +// - If you don't specify a subnet ID, we choose a default subnet from your +// default VPC for you. If you don't have a default VPC, you must specify +// a subnet ID in the request. // -// - Some instance types must be launched into a VPC. If you do not have -// a default VPC, or if you do not specify a subnet ID, the request fails. -// For more information, see Instance types available only in a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html#vpc-only-instance-types). -// -// - [EC2-VPC] All instances have a network interface with a primary private -// IPv4 address. If you don't specify this address, we choose one from the -// IPv4 range of your subnet. +// - All instances have a network interface with a primary private IPv4 address. +// If you don't specify this address, we choose one from the IPv4 range of +// your subnet. // // - Not all instance types support IPv6 addresses. For more information, // see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html). @@ -52364,10 +52811,6 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html), // and Troubleshooting connecting to your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html). // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon EC2 User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -55385,15 +55828,34 @@ func (s *AddedPrincipal) SetServicePermissionId(v string) *AddedPrincipal { return s } -// Describes an additional detail for a path analysis. +// Describes an additional detail for a path analysis. For more information, +// see Reachability Analyzer additional detail codes (https://docs.aws.amazon.com/vpc/latest/reachability/additional-detail-codes.html). type AdditionalDetail struct { _ struct{} `type:"structure"` - // The information type. + // The additional detail code. AdditionalDetailType *string `locationName:"additionalDetailType" type:"string"` // The path component. Component *AnalysisComponent `locationName:"component" type:"structure"` + + // The load balancers. + LoadBalancers []*AnalysisComponent `locationName:"loadBalancerSet" locationNameList:"item" type:"list"` + + // The rule options. + RuleGroupRuleOptionsPairs []*RuleGroupRuleOptionsPair `locationName:"ruleGroupRuleOptionsPairSet" locationNameList:"item" type:"list"` + + // The rule group type. + RuleGroupTypePairs []*RuleGroupTypePair `locationName:"ruleGroupTypePairSet" locationNameList:"item" type:"list"` + + // The rule options. + RuleOptions []*RuleOption `locationName:"ruleOptionSet" locationNameList:"item" type:"list"` + + // The name of the VPC endpoint service. + ServiceName *string `locationName:"serviceName" type:"string"` + + // The VPC endpoint service. + VpcEndpointService *AnalysisComponent `locationName:"vpcEndpointService" type:"structure"` } // String returns the string representation. @@ -55426,15 +55888,50 @@ func (s *AdditionalDetail) SetComponent(v *AnalysisComponent) *AdditionalDetail return s } +// SetLoadBalancers sets the LoadBalancers field's value. +func (s *AdditionalDetail) SetLoadBalancers(v []*AnalysisComponent) *AdditionalDetail { + s.LoadBalancers = v + return s +} + +// SetRuleGroupRuleOptionsPairs sets the RuleGroupRuleOptionsPairs field's value. +func (s *AdditionalDetail) SetRuleGroupRuleOptionsPairs(v []*RuleGroupRuleOptionsPair) *AdditionalDetail { + s.RuleGroupRuleOptionsPairs = v + return s +} + +// SetRuleGroupTypePairs sets the RuleGroupTypePairs field's value. +func (s *AdditionalDetail) SetRuleGroupTypePairs(v []*RuleGroupTypePair) *AdditionalDetail { + s.RuleGroupTypePairs = v + return s +} + +// SetRuleOptions sets the RuleOptions field's value. +func (s *AdditionalDetail) SetRuleOptions(v []*RuleOption) *AdditionalDetail { + s.RuleOptions = v + return s +} + +// SetServiceName sets the ServiceName field's value. +func (s *AdditionalDetail) SetServiceName(v string) *AdditionalDetail { + s.ServiceName = &v + return s +} + +// SetVpcEndpointService sets the VpcEndpointService field's value. +func (s *AdditionalDetail) SetVpcEndpointService(v *AnalysisComponent) *AdditionalDetail { + s.VpcEndpointService = v + return s +} + // Describes an Elastic IP address, or a carrier IP address. type Address struct { _ struct{} `type:"structure"` - // The ID representing the allocation of the address for use with EC2-VPC. + // The ID representing the allocation of the address. AllocationId *string `locationName:"allocationId" type:"string"` - // The ID representing the association of the address with an instance in a - // VPC. + // The ID representing the association of the address with an instance. AssociationId *string `locationName:"associationId" type:"string"` // The carrier IP address associated. This option is only available for network @@ -55448,8 +55945,7 @@ type Address struct { // The ID of the customer-owned address pool. CustomerOwnedIpv4Pool *string `locationName:"customerOwnedIpv4Pool" type:"string"` - // Indicates whether this Elastic IP address is for use with instances in EC2-Classic - // (standard) or instances in a VPC (vpc). + // The network (vpc). Domain *string `locationName:"domain" type:"string" enum:"DomainType"` // The ID of the instance that the address is associated with (if any). @@ -55814,8 +56310,7 @@ func (s *AdvertiseByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *AdvertiseByoipCid type AllocateAddressInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address - // pool. + // The Elastic IP address to recover or an IPv4 address from an address pool. Address *string `type:"string"` // The ID of a customer-owned address pool. Use this parameter to let Amazon @@ -55823,11 +56318,7 @@ type AllocateAddressInput struct { // address from the address pool. CustomerOwnedIpv4Pool *string `type:"string"` - // Indicates whether the Elastic IP address is for use with instances in a VPC - // or instances in EC2-Classic. - // - // Default: If the Region supports EC2-Classic, the default is standard. Otherwise, - // the default is vpc. + // The network (vpc). Domain *string `type:"string" enum:"DomainType"` // Checks whether you have the required permissions for the action, without @@ -55920,12 +56411,11 @@ func (s *AllocateAddressInput) SetTagSpecifications(v []*TagSpecification) *Allo type AllocateAddressOutput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation - // of the Elastic IP address for use with instances in a VPC. + // The ID that represents the allocation of the Elastic IP address. AllocationId *string `locationName:"allocationId" type:"string"` // The carrier IP address. This option is only available for network interfaces - // which reside in a subnet in a Wavelength Zone (for example an EC2 instance). + // that reside in a subnet in a Wavelength Zone. CarrierIp *string `locationName:"carrierIp" type:"string"` // The customer-owned IP address. @@ -55934,8 +56424,7 @@ type AllocateAddressOutput struct { // The ID of the customer-owned address pool. CustomerOwnedIpv4Pool *string `locationName:"customerOwnedIpv4Pool" type:"string"` - // Indicates whether the Elastic IP address is for use with instances in a VPC - // (vpc) or instances in EC2-Classic (standard). + // The network (vpc). Domain *string `locationName:"domain" type:"string" enum:"DomainType"` // The set of Availability Zones, Local Zones, or Wavelength Zones from which @@ -56018,6 +56507,19 @@ func (s *AllocateAddressOutput) SetPublicIpv4Pool(v string) *AllocateAddressOutp type AllocateHostsInput struct { _ struct{} `type:"structure"` + // The IDs of the Outpost hardware assets on which to allocate the Dedicated + // Hosts. Targeting specific hardware assets on an Outpost can help to minimize + // latency between your workloads. This parameter is supported only if you specify + // OutpostArn. If you are allocating the Dedicated Hosts in a Region, omit this + // parameter. + // + // * If you specify this parameter, you can omit Quantity. In this case, + // Amazon EC2 allocates a Dedicated Host on each specified hardware asset. + // + // * If you specify both AssetIds and Quantity, then the value for Quantity + // must be equal to the number of asset IDs specified. + AssetIds []*string `locationName:"AssetId" type:"list"` + // Indicates whether the host accepts any untargeted instance launches that // match its instance type configuration, or if it only accepts Host tenancy // instance launches that specify its unique host ID. For more information, @@ -56036,6 +56538,11 @@ type AllocateHostsInput struct { // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` + // Indicates whether to enable or disable host maintenance for the Dedicated + // Host. For more information, see Host maintenance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-maintenance.html) + // in the Amazon EC2 User Guide. + HostMaintenance *string `type:"string" enum:"HostMaintenance"` + // Indicates whether to enable or disable host recovery for the Dedicated Host. // Host recovery is disabled by default. For more information, see Host recovery // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html) @@ -56063,13 +56570,19 @@ type AllocateHostsInput struct { InstanceType *string `locationName:"instanceType" type:"string"` // The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which - // to allocate the Dedicated Host. + // to allocate the Dedicated Host. If you specify OutpostArn, you can optionally + // specify AssetIds. + // + // If you are allocating the Dedicated Host in a Region, omit this parameter. OutpostArn *string `type:"string"` // The number of Dedicated Hosts to allocate to your account with these parameters. - // - // Quantity is a required field - Quantity *int64 `locationName:"quantity" type:"integer" required:"true"` + // If you are allocating the Dedicated Hosts on an Outpost, and you specify + // AssetIds, you can omit this parameter. In this case, Amazon EC2 allocates + // a Dedicated Host on each specified hardware asset. If you specify both AssetIds + // and Quantity, then the value that you specify for Quantity must be equal + // to the number of asset IDs specified. + Quantity *int64 `locationName:"quantity" type:"integer"` // The tags to apply to the Dedicated Host during creation. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` @@ -56099,9 +56612,6 @@ func (s *AllocateHostsInput) Validate() error { if s.AvailabilityZone == nil { invalidParams.Add(request.NewErrParamRequired("AvailabilityZone")) } - if s.Quantity == nil { - invalidParams.Add(request.NewErrParamRequired("Quantity")) - } if invalidParams.Len() > 0 { return invalidParams @@ -56109,6 +56619,12 @@ func (s *AllocateHostsInput) Validate() error { return nil } +// SetAssetIds sets the AssetIds field's value. +func (s *AllocateHostsInput) SetAssetIds(v []*string) *AllocateHostsInput { + s.AssetIds = v + return s +} + // SetAutoPlacement sets the AutoPlacement field's value. func (s *AllocateHostsInput) SetAutoPlacement(v string) *AllocateHostsInput { s.AutoPlacement = &v @@ -56127,6 +56643,12 @@ func (s *AllocateHostsInput) SetClientToken(v string) *AllocateHostsInput { return s } +// SetHostMaintenance sets the HostMaintenance field's value. +func (s *AllocateHostsInput) SetHostMaintenance(v string) *AllocateHostsInput { + s.HostMaintenance = &v + return s +} + // SetHostRecovery sets the HostRecovery field's value. func (s *AllocateHostsInput) SetHostRecovery(v string) *AllocateHostsInput { s.HostRecovery = &v @@ -56771,6 +57293,12 @@ func (s *AnalysisPacketHeader) SetSourcePortRanges(v []*PortRange) *AnalysisPack type AnalysisRouteTableRoute struct { _ struct{} `type:"structure"` + // The ID of a carrier gateway. + CarrierGatewayId *string `locationName:"carrierGatewayId" type:"string"` + + // The Amazon Resource Name (ARN) of a core network. + CoreNetworkArn *string `locationName:"coreNetworkArn" min:"1" type:"string"` + // The destination IPv4 address, in CIDR notation. DestinationCidr *string `locationName:"destinationCidr" type:"string"` @@ -56786,6 +57314,9 @@ type AnalysisRouteTableRoute struct { // The ID of the instance, such as a NAT instance. InstanceId *string `locationName:"instanceId" type:"string"` + // The ID of a local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + // The ID of a NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` @@ -56834,6 +57365,18 @@ func (s AnalysisRouteTableRoute) GoString() string { return s.String() } +// SetCarrierGatewayId sets the CarrierGatewayId field's value. +func (s *AnalysisRouteTableRoute) SetCarrierGatewayId(v string) *AnalysisRouteTableRoute { + s.CarrierGatewayId = &v + return s +} + +// SetCoreNetworkArn sets the CoreNetworkArn field's value. +func (s *AnalysisRouteTableRoute) SetCoreNetworkArn(v string) *AnalysisRouteTableRoute { + s.CoreNetworkArn = &v + return s +} + // SetDestinationCidr sets the DestinationCidr field's value. func (s *AnalysisRouteTableRoute) SetDestinationCidr(v string) *AnalysisRouteTableRoute { s.DestinationCidr = &v @@ -56864,6 +57407,12 @@ func (s *AnalysisRouteTableRoute) SetInstanceId(v string) *AnalysisRouteTableRou return s } +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *AnalysisRouteTableRoute) SetLocalGatewayId(v string) *AnalysisRouteTableRoute { + s.LocalGatewayId = &v + return s +} + // SetNatGatewayId sets the NatGatewayId field's value. func (s *AnalysisRouteTableRoute) SetNatGatewayId(v string) *AnalysisRouteTableRoute { s.NatGatewayId = &v @@ -57545,15 +58094,11 @@ func (s *AssignedPrivateIpAddress) SetPrivateIpAddress(v string) *AssignedPrivat type AssociateAddressInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The allocation ID. This is required for EC2-VPC. + // The allocation ID. This is required. AllocationId *string `type:"string"` - // [EC2-VPC] For a VPC in an EC2-Classic account, specify true to allow an Elastic - // IP address that is already associated with an instance or network interface - // to be reassociated with the specified instance or network interface. Otherwise, - // the operation fails. In a VPC in an EC2-VPC-only account, reassociation is - // automatic, therefore you can specify false to ensure the operation fails - // if the Elastic IP address is already associated with another resource. + // Reassociation is automatic, but you can specify false to ensure the operation + // fails if the Elastic IP address is already associated with another resource. AllowReassociation *bool `locationName:"allowReassociation" type:"boolean"` // Checks whether you have the required permissions for the action, without @@ -57563,25 +58108,23 @@ type AssociateAddressInput struct { DryRun *bool `locationName:"dryRun" type:"boolean"` // The ID of the instance. The instance must have exactly one attached network - // interface. For EC2-VPC, you can specify either the instance ID or the network - // interface ID, but not both. For EC2-Classic, you must specify an instance - // ID and the instance must be in the running state. + // interface. You can specify either the instance ID or the network interface + // ID, but not both. InstanceId *string `type:"string"` - // [EC2-VPC] The ID of the network interface. If the instance has more than - // one network interface, you must specify a network interface ID. + // The ID of the network interface. If the instance has more than one network + // interface, you must specify a network interface ID. // - // For EC2-VPC, you can specify either the instance ID or the network interface - // ID, but not both. + // You can specify either the instance ID or the network interface ID, but not + // both. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` - // [EC2-VPC] The primary or secondary private IP address to associate with the - // Elastic IP address. If no private IP address is specified, the Elastic IP - // address is associated with the primary private IP address. + // The primary or secondary private IP address to associate with the Elastic + // IP address. If no private IP address is specified, the Elastic IP address + // is associated with the primary private IP address. PrivateIpAddress *string `locationName:"privateIpAddress" type:"string"` - // [EC2-Classic] The Elastic IP address to associate with the instance. This - // is required for EC2-Classic. + // Deprecated. PublicIp *string `type:"string"` } @@ -57648,8 +58191,8 @@ func (s *AssociateAddressInput) SetPublicIp(v string) *AssociateAddressInput { type AssociateAddressOutput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The ID that represents the association of the Elastic IP address - // with an instance. + // The ID that represents the association of the Elastic IP address with an + // instance. AssociationId *string `locationName:"associationId" type:"string"` } @@ -59933,12 +60476,12 @@ type AttachVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field VerifiedAccessTrustProviderId *string `type:"string" required:"true"` @@ -60005,10 +60548,10 @@ func (s *AttachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type AttachVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -62538,8 +63081,11 @@ type CancelSpotFleetRequestsInput struct { // SpotFleetRequestIds is a required field SpotFleetRequestIds []*string `locationName:"spotFleetRequestId" locationNameList:"item" type:"list" required:"true"` - // Indicates whether to terminate instances for a Spot Fleet request if it is - // canceled successfully. + // Indicates whether to terminate the associated instances when the Spot Fleet + // request is canceled. The default is to terminate the instances. + // + // To let the instances continue to run after the Spot Fleet request is canceled, + // specify no-terminate-instances. // // TerminateInstances is a required field TerminateInstances *bool `locationName:"terminateInstances" type:"boolean" required:"true"` @@ -62698,7 +63244,7 @@ type CancelSpotInstanceRequestsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more Spot Instance request IDs. + // The IDs of the Spot Instance requests. // // SpotInstanceRequestIds is a required field SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list" required:"true"` @@ -62751,7 +63297,7 @@ func (s *CancelSpotInstanceRequestsInput) SetSpotInstanceRequestIds(v []*string) type CancelSpotInstanceRequestsOutput struct { _ struct{} `type:"structure"` - // One or more Spot Instance requests. + // The Spot Instance requests. CancelledSpotInstanceRequests []*CancelledSpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -66520,6 +67066,10 @@ func (s *CopySnapshotOutput) SetTags(v []*Tag) *CopySnapshotOutput { type CpuOptions struct { _ struct{} `type:"structure"` + // Indicates whether the instance is enabled for AMD SEV-SNP. For more information, + // see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `locationName:"coreCount" type:"integer"` @@ -66545,6 +67095,12 @@ func (s CpuOptions) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *CpuOptions) SetAmdSevSnp(v string) *CpuOptions { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *CpuOptions) SetCoreCount(v int64) *CpuOptions { s.CoreCount = &v @@ -66562,6 +67118,11 @@ func (s *CpuOptions) SetThreadsPerCore(v int64) *CpuOptions { type CpuOptionsRequest struct { _ struct{} `type:"structure"` + // Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is + // supported with M6a, R6a, and C6a instance types only. For more information, + // see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `type:"integer"` @@ -66588,6 +67149,12 @@ func (s CpuOptionsRequest) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *CpuOptionsRequest) SetAmdSevSnp(v string) *CpuOptionsRequest { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *CpuOptionsRequest) SetCoreCount(v int64) *CpuOptionsRequest { s.CoreCount = &v @@ -67943,9 +68510,7 @@ type CreateCustomerGatewayInput struct { // For devices that support BGP, the customer gateway's BGP ASN. // // Default: 65000 - // - // BgpAsn is a required field - BgpAsn *int64 `type:"integer" required:"true"` + BgpAsn *int64 `type:"integer"` // The Amazon Resource Name (ARN) for the customer gateway certificate. CertificateArn *string `type:"string"` @@ -67999,9 +68564,6 @@ func (s CreateCustomerGatewayInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateCustomerGatewayInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateCustomerGatewayInput"} - if s.BgpAsn == nil { - invalidParams.Add(request.NewErrParamRequired("BgpAsn")) - } if s.Type == nil { invalidParams.Add(request.NewErrParamRequired("Type")) } @@ -69462,6 +70024,152 @@ func (s *CreateImageOutput) SetImageId(v string) *CreateImageOutput { return s } +type CreateInstanceConnectEndpointInput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // Indicates whether your client's IP address is preserved as the source. The + // value is true or false. + // + // * If true, your client's IP address is used when you connect to a resource. + // + // * If false, the elastic network interface IP address is used when you + // connect to a resource. + // + // Default: true + PreserveClientIp *bool `type:"boolean"` + + // One or more security groups to associate with the endpoint. If you don't + // specify a security group, the default security group for your VPC will be + // associated with the endpoint. + SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` + + // The ID of the subnet in which to create the EC2 Instance Connect Endpoint. + // + // SubnetId is a required field + SubnetId *string `type:"string" required:"true"` + + // The tags to apply to the EC2 Instance Connect Endpoint during creation. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateInstanceConnectEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateInstanceConnectEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateInstanceConnectEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateInstanceConnectEndpointInput"} + if s.SubnetId == nil { + invalidParams.Add(request.NewErrParamRequired("SubnetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateInstanceConnectEndpointInput) SetClientToken(v string) *CreateInstanceConnectEndpointInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateInstanceConnectEndpointInput) SetDryRun(v bool) *CreateInstanceConnectEndpointInput { + s.DryRun = &v + return s +} + +// SetPreserveClientIp sets the PreserveClientIp field's value. +func (s *CreateInstanceConnectEndpointInput) SetPreserveClientIp(v bool) *CreateInstanceConnectEndpointInput { + s.PreserveClientIp = &v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *CreateInstanceConnectEndpointInput) SetSecurityGroupIds(v []*string) *CreateInstanceConnectEndpointInput { + s.SecurityGroupIds = v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *CreateInstanceConnectEndpointInput) SetSubnetId(v string) *CreateInstanceConnectEndpointInput { + s.SubnetId = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateInstanceConnectEndpointInput) SetTagSpecifications(v []*TagSpecification) *CreateInstanceConnectEndpointInput { + s.TagSpecifications = v + return s +} + +type CreateInstanceConnectEndpointOutput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive idempotency token provided by the client in the the + // request. + ClientToken *string `locationName:"clientToken" type:"string"` + + // Information about the EC2 Instance Connect Endpoint. + InstanceConnectEndpoint *Ec2InstanceConnectEndpoint `locationName:"instanceConnectEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateInstanceConnectEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateInstanceConnectEndpointOutput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateInstanceConnectEndpointOutput) SetClientToken(v string) *CreateInstanceConnectEndpointOutput { + s.ClientToken = &v + return s +} + +// SetInstanceConnectEndpoint sets the InstanceConnectEndpoint field's value. +func (s *CreateInstanceConnectEndpointOutput) SetInstanceConnectEndpoint(v *Ec2InstanceConnectEndpoint) *CreateInstanceConnectEndpointOutput { + s.InstanceConnectEndpoint = v + return s +} + type CreateInstanceEventWindowInput struct { _ struct{} `type:"structure"` @@ -70569,12 +71277,8 @@ type CreateLaunchTemplateInput struct { // The information for the launch template. // - // LaunchTemplateData is a sensitive parameter and its value will be - // replaced with "sensitive" in string returned by CreateLaunchTemplateInput's - // String and GoString methods. - // // LaunchTemplateData is a required field - LaunchTemplateData *RequestLaunchTemplateData `type:"structure" required:"true" sensitive:"true"` + LaunchTemplateData *RequestLaunchTemplateData `type:"structure" required:"true"` // A name for the launch template. // @@ -70731,12 +71435,8 @@ type CreateLaunchTemplateVersionInput struct { // The information for the launch template. // - // LaunchTemplateData is a sensitive parameter and its value will be - // replaced with "sensitive" in string returned by CreateLaunchTemplateVersionInput's - // String and GoString methods. - // // LaunchTemplateData is a required field - LaunchTemplateData *RequestLaunchTemplateData `type:"structure" required:"true" sensitive:"true"` + LaunchTemplateData *RequestLaunchTemplateData `type:"structure" required:"true"` // The ID of the launch template. // @@ -72111,13 +72811,11 @@ type CreateNetworkInsightsPathInput struct { // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // The Amazon Web Services resource that is the destination of the path. - // - // Destination is a required field - Destination *string `type:"string" required:"true"` + // The ID or ARN of the destination. If the resource is in another account, + // you must specify an ARN. + Destination *string `type:"string"` - // The IP address of the Amazon Web Services resource that is the destination - // of the path. + // The IP address of the destination. DestinationIp *string `type:"string"` // The destination port. @@ -72129,18 +72827,28 @@ type CreateNetworkInsightsPathInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // Scopes the analysis to network paths that match specific filters at the destination. + // If you specify this parameter, you can't specify the parameter for the destination + // IP address. + FilterAtDestination *PathRequestFilter `type:"structure"` + + // Scopes the analysis to network paths that match specific filters at the source. + // If you specify this parameter, you can't specify the parameters for the source + // IP address or the destination port. + FilterAtSource *PathRequestFilter `type:"structure"` + // The protocol. // // Protocol is a required field Protocol *string `type:"string" required:"true" enum:"Protocol"` - // The Amazon Web Services resource that is the source of the path. + // The ID or ARN of the source. If the resource is in another account, you must + // specify an ARN. // // Source is a required field Source *string `type:"string" required:"true"` - // The IP address of the Amazon Web Services resource that is the source of - // the path. + // The IP address of the source. SourceIp *string `type:"string"` // The tags to add to the path. @@ -72168,9 +72876,6 @@ func (s CreateNetworkInsightsPathInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateNetworkInsightsPathInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateNetworkInsightsPathInput"} - if s.Destination == nil { - invalidParams.Add(request.NewErrParamRequired("Destination")) - } if s.Protocol == nil { invalidParams.Add(request.NewErrParamRequired("Protocol")) } @@ -72214,6 +72919,18 @@ func (s *CreateNetworkInsightsPathInput) SetDryRun(v bool) *CreateNetworkInsight return s } +// SetFilterAtDestination sets the FilterAtDestination field's value. +func (s *CreateNetworkInsightsPathInput) SetFilterAtDestination(v *PathRequestFilter) *CreateNetworkInsightsPathInput { + s.FilterAtDestination = v + return s +} + +// SetFilterAtSource sets the FilterAtSource field's value. +func (s *CreateNetworkInsightsPathInput) SetFilterAtSource(v *PathRequestFilter) *CreateNetworkInsightsPathInput { + s.FilterAtSource = v + return s +} + // SetProtocol sets the Protocol field's value. func (s *CreateNetworkInsightsPathInput) SetProtocol(v string) *CreateNetworkInsightsPathInput { s.Protocol = &v @@ -72290,7 +73007,7 @@ type CreateNetworkInterfaceInput struct { // The type of network interface. The default is interface. // - // The only supported values are efa and trunk. + // The only supported values are interface, efa, and trunk. InterfaceType *string `type:"string" enum:"NetworkInterfaceCreationType"` // The number of IPv4 prefixes that Amazon Web Services automatically assigns @@ -73590,7 +74307,7 @@ func (s *CreateRouteTableOutput) SetRouteTable(v *RouteTable) *CreateRouteTableO type CreateSecurityGroupInput struct { _ struct{} `type:"structure"` - // A description for the security group. This is informational only. + // A description for the security group. // // Constraints: Up to 255 characters in length // @@ -76759,7 +77476,8 @@ func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } -// Options for a network interface-type endpoint. +// Describes the network interface options when creating an Amazon Web Services +// Verified Access endpoint using the network-interface type. type CreateVerifiedAccessEndpointEniOptions struct { _ struct{} `type:"structure"` @@ -76830,7 +77548,7 @@ type CreateVerifiedAccessEndpointInput struct { // ApplicationDomain is a required field ApplicationDomain *string `type:"string" required:"true"` - // The Amazon Web Services network component Verified Access attaches to. + // The type of attachment. // // AttachmentType is a required field AttachmentType *string `type:"string" required:"true" enum:"VerifiedAccessEndpointAttachmentType"` @@ -76840,7 +77558,7 @@ type CreateVerifiedAccessEndpointInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access endpoint. + // A description for the Verified Access endpoint. Description *string `type:"string"` // The ARN of the public TLS/SSL certificate in Amazon Web Services Certificate @@ -76856,33 +77574,32 @@ type CreateVerifiedAccessEndpointInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // A custom identifier that gets prepended to a DNS name that is generated for + // A custom identifier that is prepended to the DNS name that is generated for // the endpoint. // // EndpointDomainPrefix is a required field EndpointDomainPrefix *string `type:"string" required:"true"` - // The type of Amazon Web Services Verified Access endpoint to create. + // The type of Verified Access endpoint to create. // // EndpointType is a required field EndpointType *string `type:"string" required:"true" enum:"VerifiedAccessEndpointType"` - // The load balancer details if creating the Amazon Web Services Verified Access - // endpoint as load-balancertype. + // The load balancer details. This parameter is required if the endpoint type + // is load-balancer. LoadBalancerOptions *CreateVerifiedAccessEndpointLoadBalancerOptions `type:"structure"` - // The network interface details if creating the Amazon Web Services Verified - // Access endpoint as network-interfacetype. + // The network interface details. This parameter is required if the endpoint + // type is network-interface. NetworkInterfaceOptions *CreateVerifiedAccessEndpointEniOptions `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `type:"string"` - // The Amazon EC2 security groups to associate with the Amazon Web Services - // Verified Access endpoint. + // The IDs of the security groups to associate with the Verified Access endpoint. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` - // The tags to assign to the Amazon Web Services Verified Access endpoint. + // The tags to assign to the Verified Access endpoint. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` // The ID of the Verified Access group to associate the endpoint with. @@ -77031,8 +77748,8 @@ func (s *CreateVerifiedAccessEndpointInput) SetVerifiedAccessGroupId(v string) * return s } -// Describes a load balancer when creating an Amazon Web Services Verified Access -// endpoint using the load-balancer type. +// Describes the load balancer options when creating an Amazon Web Services +// Verified Access endpoint using the load-balancer type. type CreateVerifiedAccessEndpointLoadBalancerOptions struct { _ struct{} `type:"structure"` @@ -77107,7 +77824,7 @@ func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*stri type CreateVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -77143,7 +77860,7 @@ type CreateVerifiedAccessGroupInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access group. + // A description for the Verified Access group. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -77152,13 +77869,13 @@ type CreateVerifiedAccessGroupInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `type:"string"` - // The tags to assign to the Amazon Web Services Verified Access group. + // The tags to assign to the Verified Access group. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` @@ -77270,7 +77987,7 @@ type CreateVerifiedAccessInstanceInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access instance. + // A description for the Verified Access instance. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -77279,7 +77996,7 @@ type CreateVerifiedAccessInstanceInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The tags to assign to the Amazon Web Services Verified Access instance. + // The tags to assign to the Verified Access instance. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } @@ -77328,7 +78045,7 @@ func (s *CreateVerifiedAccessInstanceInput) SetTagSpecifications(v []*TagSpecifi type CreateVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -77356,7 +78073,8 @@ func (s *CreateVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *Verifi return s } -// Options for a device-identity type trust provider. +// Describes the options when creating an Amazon Web Services Verified Access +// trust provider using the device type. type CreateVerifiedAccessTrustProviderDeviceOptions struct { _ struct{} `type:"structure"` @@ -77396,13 +78114,15 @@ type CreateVerifiedAccessTrustProviderInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access trust provider. + // A description for the Verified Access trust provider. Description *string `type:"string"` - // The options for device identity based trust providers. + // The options for a device-based trust provider. This parameter is required + // when the provider type is device. DeviceOptions *CreateVerifiedAccessTrustProviderDeviceOptions `type:"structure"` - // The type of device-based trust provider. + // The type of device-based trust provider. This parameter is required when + // the provider type is device. DeviceTrustProviderType *string `type:"string" enum:"DeviceTrustProviderType"` // Checks whether you have the required permissions for the action, without @@ -77411,7 +78131,8 @@ type CreateVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The OpenID Connect details for an oidc-type, user-identity based trust provider. + // The options for a OpenID Connect-compatible user-identity trust provider. + // This parameter is required when the provider type is user. OidcOptions *CreateVerifiedAccessTrustProviderOidcOptions `type:"structure"` // The identifier to be used when working with policy rules. @@ -77419,15 +78140,16 @@ type CreateVerifiedAccessTrustProviderInput struct { // PolicyReferenceName is a required field PolicyReferenceName *string `type:"string" required:"true"` - // The tags to assign to the Amazon Web Services Verified Access trust provider. + // The tags to assign to the Verified Access trust provider. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` - // The type of trust provider can be either user or device-based. + // The type of trust provider. // // TrustProviderType is a required field TrustProviderType *string `type:"string" required:"true" enum:"TrustProviderType"` - // The type of user-based trust provider. + // The type of user-based trust provider. This parameter is required when the + // provider type is user. UserTrustProviderType *string `type:"string" enum:"UserTrustProviderType"` } @@ -77525,7 +78247,8 @@ func (s *CreateVerifiedAccessTrustProviderInput) SetUserTrustProviderType(v stri return s } -// Options for an OIDC-based, user-identity type trust provider. +// Describes the options when creating an Amazon Web Services Verified Access +// trust provider using the user type. type CreateVerifiedAccessTrustProviderOidcOptions struct { _ struct{} `type:"structure"` @@ -77536,7 +78259,11 @@ type CreateVerifiedAccessTrustProviderOidcOptions struct { ClientId *string `type:"string"` // The client secret. - ClientSecret *string `type:"string"` + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateVerifiedAccessTrustProviderOidcOptions's + // String and GoString methods. + ClientSecret *string `type:"string" sensitive:"true"` // The OIDC issuer. Issuer *string `type:"string"` @@ -77616,7 +78343,7 @@ func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetUserInfoEndpoint(v str type CreateVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -80384,11 +81111,11 @@ type DeleteFleetsInput struct { // FleetIds is a required field FleetIds []*string `locationName:"FleetId" type:"list" required:"true"` - // Indicates whether to terminate the instances when the EC2 Fleet is deleted. - // The default is to terminate the instances. + // Indicates whether to terminate the associated instances when the EC2 Fleet + // is deleted. The default is to terminate the instances. // // To let the instances continue to run after the EC2 Fleet is deleted, specify - // NoTerminateInstances. Supported only for fleets of type maintain and request. + // no-terminate-instances. Supported only for fleets of type maintain and request. // // For instant fleets, you cannot specify NoTerminateInstances. A deleted instant // fleet with running instances is not supported. @@ -80669,6 +81396,95 @@ func (s *DeleteFpgaImageOutput) SetReturn(v bool) *DeleteFpgaImageOutput { return s } +type DeleteInstanceConnectEndpointInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the EC2 Instance Connect Endpoint to delete. + // + // InstanceConnectEndpointId is a required field + InstanceConnectEndpointId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteInstanceConnectEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteInstanceConnectEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteInstanceConnectEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteInstanceConnectEndpointInput"} + if s.InstanceConnectEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceConnectEndpointId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteInstanceConnectEndpointInput) SetDryRun(v bool) *DeleteInstanceConnectEndpointInput { + s.DryRun = &v + return s +} + +// SetInstanceConnectEndpointId sets the InstanceConnectEndpointId field's value. +func (s *DeleteInstanceConnectEndpointInput) SetInstanceConnectEndpointId(v string) *DeleteInstanceConnectEndpointInput { + s.InstanceConnectEndpointId = &v + return s +} + +type DeleteInstanceConnectEndpointOutput struct { + _ struct{} `type:"structure"` + + // Information about the EC2 Instance Connect Endpoint. + InstanceConnectEndpoint *Ec2InstanceConnectEndpoint `locationName:"instanceConnectEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteInstanceConnectEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteInstanceConnectEndpointOutput) GoString() string { + return s.String() +} + +// SetInstanceConnectEndpoint sets the InstanceConnectEndpoint field's value. +func (s *DeleteInstanceConnectEndpointOutput) SetInstanceConnectEndpoint(v *Ec2InstanceConnectEndpoint) *DeleteInstanceConnectEndpointOutput { + s.InstanceConnectEndpoint = v + return s +} + type DeleteInstanceEventWindowInput struct { _ struct{} `type:"structure"` @@ -85280,7 +86096,7 @@ type DeleteVerifiedAccessEndpointInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. // // VerifiedAccessEndpointId is a required field VerifiedAccessEndpointId *string `type:"string" required:"true"` @@ -85338,7 +86154,7 @@ func (s *DeleteVerifiedAccessEndpointInput) SetVerifiedAccessEndpointId(v string type DeleteVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -85380,7 +86196,7 @@ type DeleteVerifiedAccessGroupInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. // // VerifiedAccessGroupId is a required field VerifiedAccessGroupId *string `type:"string" required:"true"` @@ -85438,7 +86254,7 @@ func (s *DeleteVerifiedAccessGroupInput) SetVerifiedAccessGroupId(v string) *Del type DeleteVerifiedAccessGroupOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` } @@ -85480,7 +86296,7 @@ type DeleteVerifiedAccessInstanceInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` @@ -85538,7 +86354,7 @@ func (s *DeleteVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string type DeleteVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -85580,7 +86396,7 @@ type DeleteVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field VerifiedAccessTrustProviderId *string `type:"string" required:"true"` @@ -85638,7 +86454,7 @@ func (s *DeleteVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type DeleteVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -86618,7 +87434,10 @@ func (s *DeprovisionIpamPoolCidrOutput) SetIpamPoolCidr(v *IpamPoolCidr) *Deprov type DeprovisionPublicIpv4PoolCidrInput struct { _ struct{} `type:"structure"` - // The CIDR you want to deprovision from the pool. + // The CIDR you want to deprovision from the pool. Enter the CIDR you want to + // deprovision with a netmask of /32. You must rerun this command for each IP + // address in the CIDR range. If your CIDR is a /24, you will have to run this + // command to deprovision each of the 256 IP addresses in the /24 CIDR. // // Cidr is a required field Cidr *string `type:"string" required:"true"` @@ -86818,7 +87637,9 @@ type DeregisterInstanceEventNotificationAttributesInput struct { DryRun *bool `type:"boolean"` // Information about the tag keys to deregister. - InstanceTagAttribute *DeregisterInstanceTagAttributeRequest `type:"structure"` + // + // InstanceTagAttribute is a required field + InstanceTagAttribute *DeregisterInstanceTagAttributeRequest `type:"structure" required:"true"` } // String returns the string representation. @@ -86839,6 +87660,19 @@ func (s DeregisterInstanceEventNotificationAttributesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeregisterInstanceEventNotificationAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeregisterInstanceEventNotificationAttributesInput"} + if s.InstanceTagAttribute == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceTagAttribute")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DeregisterInstanceEventNotificationAttributesInput) SetDryRun(v bool) *DeregisterInstanceEventNotificationAttributesInput { s.DryRun = &v @@ -87429,7 +88263,7 @@ func (s *DescribeAddressesAttributeOutput) SetNextToken(v string) *DescribeAddre type DescribeAddressesInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] Information about the allocation IDs. + // Information about the allocation IDs. AllocationIds []*string `locationName:"AllocationId" locationNameList:"AllocationId" type:"list"` // Checks whether you have the required permissions for the action, without @@ -87440,12 +88274,9 @@ type DescribeAddressesInput struct { // One or more filters. Filter names and values are case-sensitive. // - // * allocation-id - [EC2-VPC] The allocation ID for the address. - // - // * association-id - [EC2-VPC] The association ID for the address. + // * allocation-id - The allocation ID for the address. // - // * domain - Indicates whether the address is for use in EC2-Classic (standard) - // or in a VPC (vpc). + // * association-id - The association ID for the address. // // * instance-id - The ID of the instance the address is associated with, // if any. @@ -87453,14 +88284,14 @@ type DescribeAddressesInput struct { // * network-border-group - A unique set of Availability Zones, Local Zones, // or Wavelength Zones from where Amazon Web Services advertises IP addresses. // - // * network-interface-id - [EC2-VPC] The ID of the network interface that - // the address is associated with, if any. + // * network-interface-id - The ID of the network interface that the address + // is associated with, if any. // // * network-interface-owner-id - The Amazon Web Services account ID of the // owner. // - // * private-ip-address - [EC2-VPC] The private IP address associated with - // the Elastic IP address. + // * private-ip-address - The private IP address associated with the Elastic + // IP address. // // * public-ip - The Elastic IP address, or the carrier IP address. // @@ -90364,12 +91195,13 @@ type DescribeFastLaunchImagesInput struct { // Details for one or more Windows AMI image IDs. ImageIds []*string `locationName:"ImageId" locationNameList:"ImageId" type:"list"` - // The maximum number of results to return in a single call. To retrieve the - // remaining results, make another request with the returned NextToken value. - // If this parameter is not specified, then all results are returned. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `type:"integer"` - // The token for the next set of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` } @@ -90428,8 +91260,8 @@ type DescribeFastLaunchImagesOutput struct { // meet the requested criteria. FastLaunchImages []*DescribeFastLaunchImagesSuccessItem `locationName:"fastLaunchImageSet" locationNameList:"item" type:"list"` - // The token to use for the next set of results. This value is null when there - // are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` } @@ -90476,7 +91308,8 @@ type DescribeFastLaunchImagesSuccessItem struct { // launches Windows instances from pre-provisioned snapshots. LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` - // The maximum number of parallel instances that are launched for creating resources. + // The maximum number of instances that Amazon EC2 can launch at the same time + // to create pre-provisioned snapshots for Windows faster launching. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` // The owner ID for the fast-launch enabled Windows AMI. @@ -90900,12 +91733,13 @@ type DescribeFleetHistoryInput struct { // FleetId is a required field FleetId *string `type:"string" required:"true"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `type:"integer"` - // The token for the next set of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` // The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). @@ -90996,10 +91830,11 @@ type DescribeFleetHistoryOutput struct { // The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). // All records up to this time were retrieved. // - // If nextToken indicates that there are more results, this value is not present. + // If nextToken indicates that there are more items, this value is not present. LastEvaluatedTime *time.Time `locationName:"lastEvaluatedTime" type:"timestamp"` - // The token for the next set of results. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). @@ -91073,12 +91908,13 @@ type DescribeFleetInstancesInput struct { // FleetId is a required field FleetId *string `type:"string" required:"true"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `type:"integer"` - // The token for the next set of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` } @@ -91153,7 +91989,8 @@ type DescribeFleetInstancesOutput struct { // The ID of the EC2 Fleet. FleetId *string `locationName:"fleetId" type:"string"` - // The token for the next set of results. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` } @@ -91226,12 +92063,13 @@ type DescribeFleetsInput struct { // does not appear in the response. FleetIds []*string `locationName:"FleetId" type:"list"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `type:"integer"` - // The token for the next set of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` } @@ -91360,7 +92198,8 @@ type DescribeFleetsOutput struct { // Information about the EC2 Fleets. Fleets []*FleetData `locationName:"fleetSet" locationNameList:"item" type:"list"` - // The token for the next set of results. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` } @@ -92829,11 +93668,13 @@ type DescribeImagesInput struct { // of what you specify for this parameter. IncludeDeprecated *bool `type:"boolean"` - // The maximum number of results to return with a single call. To retrieve the - // remaining results, make another call with the returned nextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `type:"integer"` - // The token for the next page of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` // Scopes the results to images with the specified owners. You can specify a @@ -92915,8 +93756,8 @@ type DescribeImagesOutput struct { // Information about the images. Images []*Image `locationName:"imagesSet" locationNameList:"item" type:"list"` - // The token to use to retrieve the next page of results. This value is null - // when there are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` } @@ -93436,6 +94277,159 @@ func (s *DescribeInstanceAttributeOutput) SetUserData(v *AttributeValue) *Descri return s } +type DescribeInstanceConnectEndpointsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * instance-connect-endpoint-id - The ID of the EC2 Instance Connect Endpoint. + // + // * state - The state of the EC2 Instance Connect Endpoint (create-in-progress + // | create-complete | create-failed | delete-in-progress | delete-complete + // | delete-failed). + // + // * subnet-id - The ID of the subnet in which the EC2 Instance Connect Endpoint + // was created. + // + // * tag: - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. + // + // * tag-value - The value of a tag assigned to the resource. Use this filter + // to find all resources that have a tag with a specific value, regardless + // of tag key. + // + // * vpc-id - The ID of the VPC in which the EC2 Instance Connect Endpoint + // was created. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // One or more EC2 Instance Connect Endpoint IDs. + InstanceConnectEndpointIds []*string `locationName:"InstanceConnectEndpointId" locationNameList:"item" type:"list"` + + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + MaxResults *int64 `min:"1" type:"integer"` + + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceConnectEndpointsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceConnectEndpointsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeInstanceConnectEndpointsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeInstanceConnectEndpointsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetDryRun(v bool) *DescribeInstanceConnectEndpointsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetFilters(v []*Filter) *DescribeInstanceConnectEndpointsInput { + s.Filters = v + return s +} + +// SetInstanceConnectEndpointIds sets the InstanceConnectEndpointIds field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetInstanceConnectEndpointIds(v []*string) *DescribeInstanceConnectEndpointsInput { + s.InstanceConnectEndpointIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetMaxResults(v int64) *DescribeInstanceConnectEndpointsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceConnectEndpointsInput) SetNextToken(v string) *DescribeInstanceConnectEndpointsInput { + s.NextToken = &v + return s +} + +type DescribeInstanceConnectEndpointsOutput struct { + _ struct{} `type:"structure"` + + // Information about the EC2 Instance Connect Endpoints. + InstanceConnectEndpoints []*Ec2InstanceConnectEndpoint `locationName:"instanceConnectEndpointSet" locationNameList:"item" type:"list"` + + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceConnectEndpointsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeInstanceConnectEndpointsOutput) GoString() string { + return s.String() +} + +// SetInstanceConnectEndpoints sets the InstanceConnectEndpoints field's value. +func (s *DescribeInstanceConnectEndpointsOutput) SetInstanceConnectEndpoints(v []*Ec2InstanceConnectEndpoint) *DescribeInstanceConnectEndpointsOutput { + s.InstanceConnectEndpoints = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceConnectEndpointsOutput) SetNextToken(v string) *DescribeInstanceConnectEndpointsOutput { + s.NextToken = &v + return s +} + type DescribeInstanceCreditSpecificationsInput struct { _ struct{} `type:"structure"` @@ -93458,10 +94452,11 @@ type DescribeInstanceCreditSpecificationsInput struct { InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list"` // The maximum number of items to return for this request. To get the next page - // of items, make another request with the token returned in the output. This - // value can be between 5 and 1000. You cannot specify this parameter and the - // instance IDs parameter in the same call. For more information, see Pagination - // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // + // You cannot specify this parameter and the instance IDs parameter in the same + // call. MaxResults *int64 `min:"5" type:"integer"` // The token returned from a previous paginated request. Pagination continues @@ -93861,11 +94856,12 @@ type DescribeInstanceStatusInput struct { // Constraints: Maximum 100 explicitly specified instance IDs. InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list"` - // The maximum number of items to return for this request. To retrieve the next - // page of items, make another request with the token returned in the output. - // This value can be between 5 and 1000. You cannot specify this parameter and - // the instance IDs parameter in the same call. For more information, see Pagination - // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // + // You cannot specify this parameter and the instance IDs parameter in the same + // request. MaxResults *int64 `type:"integer"` // The token returned from a previous paginated request. Pagination continues @@ -94112,8 +95108,8 @@ type DescribeInstanceTypesInput struct { // One or more filters. Filter names and values are case-sensitive. // - // * auto-recovery-supported - Indicates whether auto recovery is supported - // (true | false). + // * auto-recovery-supported - Indicates whether Amazon CloudWatch action + // based recovery is supported (true | false). // // * bare-metal - Indicates whether it is a bare metal instance type (true // | false). @@ -94221,6 +95217,8 @@ type DescribeInstanceTypesInput struct { // * processor-info.sustained-clock-speed-in-ghz - The CPU clock speed, in // GHz. // + // * processor-info.supported-features - The supported CPU features (amd-sev-snp). + // // * supported-boot-mode - The boot mode (legacy-bios | uefi). // // * supported-root-device-type - The root device type (ebs | instance-store). @@ -94325,6 +95323,12 @@ type DescribeInstanceTypesOutput struct { // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) // in the Amazon EC2 User Guide. + // + // When you change your EBS-backed instance type, instance restart or replacement + // behavior depends on the instance type compatibility between the old and new + // types. An instance that's backed by an instance store volume is always replaced. + // For more information, see Change the instance type (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html) + // in the Amazon EC2 User Guide. InstanceTypes []*InstanceTypeInfo `locationName:"instanceTypeSet" locationNameList:"item" type:"list"` // The token to include in another request to get the next page of items. This @@ -94402,12 +95406,6 @@ type DescribeInstancesInput struct { // // * dns-name - The public DNS name of the instance. // - // * group-id - The ID of the security group for the instance. EC2-Classic - // only. - // - // * group-name - The name of the security group for the instance. EC2-Classic - // only. - // // * hibernation-options.configured - A Boolean that indicates whether the // instance is enabled for hibernation. A value of true means that the instance // is enabled for hibernation. @@ -94638,10 +95636,11 @@ type DescribeInstancesInput struct { InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list"` // The maximum number of items to return for this request. To get the next page - // of items, make another request with the token returned in the output. This - // value can be between 5 and 1000. You cannot specify this parameter and the - // instance IDs parameter in the same request. For more information, see Pagination - // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // + // You cannot specify this parameter and the instance IDs parameter in the same + // request. MaxResults *int64 `locationName:"maxResults" type:"integer"` // The token returned from a previous paginated request. Pagination continues @@ -98030,7 +99029,27 @@ type DescribeNetworkInsightsPathsInput struct { // // * destination - The ID of the resource. // - // * destination-port - The destination port. + // * filter-at-source.source-address - The source IPv4 address at the source. + // + // * filter-at-source.source-port-range - The source port range at the source. + // + // * filter-at-source.destination-address - The destination IPv4 address + // at the source. + // + // * filter-at-source.destination-port-range - The destination port range + // at the source. + // + // * filter-at-destination.source-address - The source IPv4 address at the + // destination. + // + // * filter-at-destination.source-port-range - The source port range at the + // destination. + // + // * filter-at-destination.destination-address - The destination IPv4 address + // at the destination. + // + // * filter-at-destination.destination-port-range - The destination port + // range at the destination. // // * protocol - The protocol. // @@ -99391,16 +100410,11 @@ type DescribeReservedInstancesInput struct { // // * scope - The scope of the Reserved Instance (Region or Availability Zone). // - // * product-description - The Reserved Instance product platform description. - // Instances that include (Amazon VPC) in the product platform description - // will only be displayed to EC2-Classic account holders and are for use - // with Amazon VPC (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | SUSE - // Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise Linux - // (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows - // | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with - // SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows - // with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise - // | Windows with SQL Server Enterprise (Amazon VPC)). + // * product-description - The Reserved Instance product platform description + // (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web + // | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux + // | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server + // Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise). // // * reserved-instances-id - The ID of the Reserved Instance. // @@ -99602,9 +100616,6 @@ type DescribeReservedInstancesModificationsInput struct { // * modification-result.target-configuration.instance-type - The instance // type of the new Reserved Instances. // - // * modification-result.target-configuration.platform - The network platform - // of the new Reserved Instances (EC2-Classic | EC2-VPC). - // // * reserved-instances-id - The ID of the Reserved Instances modified. // // * reserved-instances-modification-id - The ID of the modification request. @@ -99733,16 +100744,11 @@ type DescribeReservedInstancesOfferingsInput struct { // all offerings from both Amazon Web Services and the Reserved Instance // Marketplace are listed. // - // * product-description - The Reserved Instance product platform description. - // Instances that include (Amazon VPC) in the product platform description - // will only be displayed to EC2-Classic account holders and are for use - // with Amazon VPC. (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | - // SUSE Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise - // Linux (Amazon VPC) | Red Hat Enterprise Linux with HA (Amazon VPC) | Windows - // | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows with - // SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows - // with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise - // | Windows with SQL Server Enterprise (Amazon VPC)) + // * product-description - The Reserved Instance product platform description + // (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web + // | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux + // | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server + // Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise). // // * reserved-instances-offering-id - The Reserved Instances offering ID. // @@ -100203,8 +101209,6 @@ type DescribeScheduledInstanceAvailabilityInput struct { // // * instance-type - The instance type (for example, c4.large). // - // * network-platform - The network platform (EC2-Classic or EC2-VPC). - // // * platform - The platform (Linux/UNIX or Windows). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -100385,8 +101389,6 @@ type DescribeScheduledInstancesInput struct { // // * instance-type - The instance type (for example, c4.large). // - // * network-platform - The network platform (EC2-Classic or EC2-VPC). - // // * platform - The platform (Linux/UNIX or Windows). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -101438,12 +102440,13 @@ type DescribeSpotFleetInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` - // The token for the next set of results. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The ID of the Spot Fleet request. @@ -101518,8 +102521,8 @@ type DescribeSpotFleetInstancesOutput struct { // of date. ActiveInstances []*ActiveInstance `locationName:"activeInstanceSet" locationNameList:"item" type:"list"` - // The token required to retrieve the next set of results. This value is null - // when there are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The ID of the Spot Fleet request. @@ -101575,12 +102578,13 @@ type DescribeSpotFleetRequestHistoryInput struct { // The type of events to describe. By default, all events are described. EventType *string `locationName:"eventType" type:"string" enum:"EventType"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` - // The token for the next set of results. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The ID of the Spot Fleet request. @@ -101677,11 +102681,11 @@ type DescribeSpotFleetRequestHistoryOutput struct { // The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). // All records up to this time were retrieved. // - // If nextToken indicates that there are more results, this value is not present. + // If nextToken indicates that there are more items, this value is not present. LastEvaluatedTime *time.Time `locationName:"lastEvaluatedTime" type:"timestamp"` - // The token required to retrieve the next set of results. This value is null - // when there are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The ID of the Spot Fleet request. @@ -101749,12 +102753,13 @@ type DescribeSpotFleetRequestsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `locationName:"maxResults" type:"integer"` - // The token for the next set of results. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The IDs of the Spot Fleet requests. @@ -101807,8 +102812,8 @@ func (s *DescribeSpotFleetRequestsInput) SetSpotFleetRequestIds(v []*string) *De type DescribeSpotFleetRequestsOutput struct { _ struct{} `type:"structure"` - // The token required to retrieve the next set of results. This value is null - // when there are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // Information about the configuration of your Spot Fleet. @@ -101855,7 +102860,7 @@ type DescribeSpotInstanceRequestsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * availability-zone-group - The Availability Zone group. // @@ -101963,16 +102968,16 @@ type DescribeSpotInstanceRequestsInput struct { // * valid-until - The end date of the request. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // The maximum number of results to return in a single call. Specify a value - // between 5 and 1000. To retrieve the remaining results, make another call - // with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `type:"integer"` - // The token to request the next set of results. This value is null when there - // are no more results to return. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` - // One or more Spot Instance request IDs. + // The IDs of the Spot Instance requests. SpotInstanceRequestIds []*string `locationName:"SpotInstanceRequestId" locationNameList:"SpotInstanceRequestId" type:"list"` } @@ -102028,11 +103033,11 @@ func (s *DescribeSpotInstanceRequestsInput) SetSpotInstanceRequestIds(v []*strin type DescribeSpotInstanceRequestsOutput struct { _ struct{} `type:"structure"` - // The token to use to retrieve the next set of results. This value is null - // when there are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` - // One or more Spot Instance requests. + // The Spot Instance requests. SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -102083,7 +103088,7 @@ type DescribeSpotPriceHistoryInput struct { // the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). EndTime *time.Time `locationName:"endTime" type:"timestamp"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone for which prices should be // returned. @@ -102106,12 +103111,13 @@ type DescribeSpotPriceHistoryInput struct { // Filters the results by the specified instance types. InstanceTypes []*string `locationName:"InstanceType" type:"list" enum:"InstanceType"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `locationName:"maxResults" type:"integer"` - // The token for the next set of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `locationName:"nextToken" type:"string"` // Filters the results by the specified basic product descriptions. @@ -102198,8 +103204,8 @@ func (s *DescribeSpotPriceHistoryInput) SetStartTime(v time.Time) *DescribeSpotP type DescribeSpotPriceHistoryOutput struct { _ struct{} `type:"structure"` - // The token required to retrieve the next set of results. This value is null - // or an empty string when there are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The historical Spot prices. @@ -102384,13 +103390,16 @@ type DescribeStoreImageTasksInput struct { // in a request. ImageIds []*string `locationName:"ImageId" locationNameList:"item" type:"list"` - // The maximum number of results to return in a single call. To retrieve the - // remaining results, make another call with the returned NextToken value. This - // value can be between 1 and 200. You cannot specify this parameter and the - // ImageIDs parameter in the same call. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // + // You cannot specify this parameter and the ImageIDs parameter in the same + // call. MaxResults *int64 `min:"1" type:"integer"` - // The token for the next page of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` } @@ -102458,8 +103467,8 @@ func (s *DescribeStoreImageTasksInput) SetNextToken(v string) *DescribeStoreImag type DescribeStoreImageTasksOutput struct { _ struct{} `type:"structure"` - // The token to use to retrieve the next page of results. This value is null - // when there are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The information about the AMI store tasks. @@ -104771,13 +105780,13 @@ type DescribeVerifiedAccessEndpointsInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. VerifiedAccessEndpointIds []*string `locationName:"VerifiedAccessEndpointId" locationNameList:"item" type:"list"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. VerifiedAccessGroupId *string `type:"string"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstanceId *string `type:"string"` } @@ -104861,7 +105870,7 @@ type DescribeVerifiedAccessEndpointsOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. VerifiedAccessEndpoints []*VerifiedAccessEndpoint `locationName:"verifiedAccessEndpointSet" locationNameList:"item" type:"list"` } @@ -104914,10 +105923,10 @@ type DescribeVerifiedAccessGroupsInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The ID of the Amazon Web Services Verified Access groups. + // The ID of the Verified Access groups. VerifiedAccessGroupIds []*string `locationName:"VerifiedAccessGroupId" locationNameList:"item" type:"list"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstanceId *string `type:"string"` } @@ -105048,7 +106057,7 @@ type DescribeVerifiedAccessInstanceLoggingConfigurationsInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The IDs of the Amazon Web Services Verified Access instances. + // The IDs of the Verified Access instances. VerifiedAccessInstanceIds []*string `locationName:"VerifiedAccessInstanceId" locationNameList:"item" type:"list"` } @@ -105116,8 +106125,7 @@ func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetVerifiedAc type DescribeVerifiedAccessInstanceLoggingConfigurationsOutput struct { _ struct{} `type:"structure"` - // The current logging configuration for the Amazon Web Services Verified Access - // instances. + // The current logging configuration for the Verified Access instances. LoggingConfigurations []*VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfigurationSet" locationNameList:"item" type:"list"` // The token to use to retrieve the next page of results. This value is null @@ -105174,7 +106182,7 @@ type DescribeVerifiedAccessInstancesInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The IDs of the Amazon Web Services Verified Access instances. + // The IDs of the Verified Access instances. VerifiedAccessInstanceIds []*string `locationName:"VerifiedAccessInstanceId" locationNameList:"item" type:"list"` } @@ -105246,7 +106254,7 @@ type DescribeVerifiedAccessInstancesOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The IDs of the Amazon Web Services Verified Access instances. + // The IDs of the Verified Access instances. VerifiedAccessInstances []*VerifiedAccessInstance `locationName:"verifiedAccessInstanceSet" locationNameList:"item" type:"list"` } @@ -105299,7 +106307,7 @@ type DescribeVerifiedAccessTrustProvidersInput struct { // The token for the next page of results. NextToken *string `type:"string"` - // The IDs of the Amazon Web Services Verified Access trust providers. + // The IDs of the Verified Access trust providers. VerifiedAccessTrustProviderIds []*string `locationName:"VerifiedAccessTrustProviderId" locationNameList:"item" type:"list"` } @@ -105371,7 +106379,7 @@ type DescribeVerifiedAccessTrustProvidersOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // The IDs of the Amazon Web Services Verified Access trust providers. + // The IDs of the Verified Access trust providers. VerifiedAccessTrustProviders []*VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProviderSet" locationNameList:"item" type:"list"` } @@ -108112,12 +109120,12 @@ type DetachVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field VerifiedAccessTrustProviderId *string `type:"string" required:"true"` @@ -108184,10 +109192,10 @@ func (s *DetachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI type DetachVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -108408,8 +109416,8 @@ func (s DetachVpnGatewayOutput) GoString() string { return s.String() } -// Options for an Amazon Web Services Verified Access device-identity based -// trust provider. +// Describes the options for an Amazon Web Services Verified Access device-identity +// based trust provider. type DeviceOptions struct { _ struct{} `type:"structure"` @@ -108942,7 +109950,8 @@ type DisableFastLaunchOutput struct { // snapshots. LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` - // The maximum number of parallel instances to launch for creating resources. + // The maximum number of instances that Amazon EC2 can launch at the same time + // to create pre-provisioned snapshots for Windows faster launching. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` // The owner of the Windows AMI for which faster launching was turned off. @@ -110008,7 +111017,7 @@ func (s *DisableVpcClassicLinkOutput) SetReturn(v bool) *DisableVpcClassicLinkOu type DisassociateAddressInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The association ID. Required for EC2-VPC. + // The association ID. This parameter is required. AssociationId *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -110017,7 +111026,7 @@ type DisassociateAddressInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // [EC2-Classic] The Elastic IP address. Required for EC2-Classic. + // Deprecated. PublicIp *string `type:"string"` } @@ -111472,7 +112481,11 @@ type DiskImageDescription struct { // // For information about the import manifest referenced by this API action, // see VM Import Manifest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). - ImportManifestUrl *string `locationName:"importManifestUrl" type:"string"` + // + // ImportManifestUrl is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DiskImageDescription's + // String and GoString methods. + ImportManifestUrl *string `locationName:"importManifestUrl" type:"string" sensitive:"true"` // The size of the disk image, in GiB. Size *int64 `locationName:"size" type:"long"` @@ -111543,8 +112556,12 @@ type DiskImageDetail struct { // For information about the import manifest referenced by this API action, // see VM Import Manifest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). // + // ImportManifestUrl is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DiskImageDetail's + // String and GoString methods. + // // ImportManifestUrl is a required field - ImportManifestUrl *string `locationName:"importManifestUrl" type:"string" required:"true"` + ImportManifestUrl *string `locationName:"importManifestUrl" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -111740,6 +112757,9 @@ type DnsOptions struct { // The DNS records created for the endpoint. DnsRecordIpType *string `locationName:"dnsRecordIpType" type:"string" enum:"DnsRecordIpType"` + + // Indicates whether to enable private DNS only for inbound endpoints. + PrivateDnsOnlyForInboundResolverEndpoint *bool `locationName:"privateDnsOnlyForInboundResolverEndpoint" type:"boolean"` } // String returns the string representation. @@ -111766,12 +112786,24 @@ func (s *DnsOptions) SetDnsRecordIpType(v string) *DnsOptions { return s } +// SetPrivateDnsOnlyForInboundResolverEndpoint sets the PrivateDnsOnlyForInboundResolverEndpoint field's value. +func (s *DnsOptions) SetPrivateDnsOnlyForInboundResolverEndpoint(v bool) *DnsOptions { + s.PrivateDnsOnlyForInboundResolverEndpoint = &v + return s +} + // Describes the DNS options for an endpoint. type DnsOptionsSpecification struct { _ struct{} `type:"structure"` // The DNS records created for the endpoint. DnsRecordIpType *string `type:"string" enum:"DnsRecordIpType"` + + // Indicates whether to enable private DNS only for inbound endpoints. This + // option is available only for services that support both gateway and interface + // endpoints. It routes traffic that originates from the VPC to the gateway + // endpoint and traffic that originates from on-premises to the interface endpoint. + PrivateDnsOnlyForInboundResolverEndpoint *bool `type:"boolean"` } // String returns the string representation. @@ -111798,6 +112830,12 @@ func (s *DnsOptionsSpecification) SetDnsRecordIpType(v string) *DnsOptionsSpecif return s } +// SetPrivateDnsOnlyForInboundResolverEndpoint sets the PrivateDnsOnlyForInboundResolverEndpoint field's value. +func (s *DnsOptionsSpecification) SetPrivateDnsOnlyForInboundResolverEndpoint(v bool) *DnsOptionsSpecification { + s.PrivateDnsOnlyForInboundResolverEndpoint = &v + return s +} + // Information about the DNS server to be used. type DnsServersOptionsModifyStructure struct { _ struct{} `type:"structure"` @@ -112278,6 +113316,176 @@ func (s *EbsOptimizedInfo) SetMaximumThroughputInMBps(v float64) *EbsOptimizedIn return s } +// The EC2 Instance Connect Endpoint. +type Ec2InstanceConnectEndpoint struct { + _ struct{} `type:"structure"` + + // The Availability Zone of the EC2 Instance Connect Endpoint. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The date and time that the EC2 Instance Connect Endpoint was created. + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"` + + // The DNS name of the EC2 Instance Connect Endpoint. + DnsName *string `locationName:"dnsName" type:"string"` + + FipsDnsName *string `locationName:"fipsDnsName" type:"string"` + + // The Amazon Resource Name (ARN) of the EC2 Instance Connect Endpoint. + InstanceConnectEndpointArn *string `locationName:"instanceConnectEndpointArn" min:"1" type:"string"` + + // The ID of the EC2 Instance Connect Endpoint. + InstanceConnectEndpointId *string `locationName:"instanceConnectEndpointId" type:"string"` + + // The ID of the elastic network interface that Amazon EC2 automatically created + // when creating the EC2 Instance Connect Endpoint. + NetworkInterfaceIds []*string `locationName:"networkInterfaceIdSet" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services account that created the EC2 Instance Connect + // Endpoint. + OwnerId *string `locationName:"ownerId" type:"string"` + + // Indicates whether your client's IP address is preserved as the source. The + // value is true or false. + // + // * If true, your client's IP address is used when you connect to a resource. + // + // * If false, the elastic network interface IP address is used when you + // connect to a resource. + // + // Default: true + PreserveClientIp *bool `locationName:"preserveClientIp" type:"boolean"` + + // The security groups associated with the endpoint. If you didn't specify a + // security group, the default security group for your VPC is associated with + // the endpoint. + SecurityGroupIds []*string `locationName:"securityGroupIdSet" locationNameList:"item" type:"list"` + + // The current state of the EC2 Instance Connect Endpoint. + State *string `locationName:"state" type:"string" enum:"Ec2InstanceConnectEndpointState"` + + // The message for the current state of the EC2 Instance Connect Endpoint. Can + // include a failure message. + StateMessage *string `locationName:"stateMessage" type:"string"` + + // The ID of the subnet in which the EC2 Instance Connect Endpoint was created. + SubnetId *string `locationName:"subnetId" type:"string"` + + // The tags assigned to the EC2 Instance Connect Endpoint. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the VPC in which the EC2 Instance Connect Endpoint was created. + VpcId *string `locationName:"vpcId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ec2InstanceConnectEndpoint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ec2InstanceConnectEndpoint) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *Ec2InstanceConnectEndpoint) SetAvailabilityZone(v string) *Ec2InstanceConnectEndpoint { + s.AvailabilityZone = &v + return s +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *Ec2InstanceConnectEndpoint) SetCreatedAt(v time.Time) *Ec2InstanceConnectEndpoint { + s.CreatedAt = &v + return s +} + +// SetDnsName sets the DnsName field's value. +func (s *Ec2InstanceConnectEndpoint) SetDnsName(v string) *Ec2InstanceConnectEndpoint { + s.DnsName = &v + return s +} + +// SetFipsDnsName sets the FipsDnsName field's value. +func (s *Ec2InstanceConnectEndpoint) SetFipsDnsName(v string) *Ec2InstanceConnectEndpoint { + s.FipsDnsName = &v + return s +} + +// SetInstanceConnectEndpointArn sets the InstanceConnectEndpointArn field's value. +func (s *Ec2InstanceConnectEndpoint) SetInstanceConnectEndpointArn(v string) *Ec2InstanceConnectEndpoint { + s.InstanceConnectEndpointArn = &v + return s +} + +// SetInstanceConnectEndpointId sets the InstanceConnectEndpointId field's value. +func (s *Ec2InstanceConnectEndpoint) SetInstanceConnectEndpointId(v string) *Ec2InstanceConnectEndpoint { + s.InstanceConnectEndpointId = &v + return s +} + +// SetNetworkInterfaceIds sets the NetworkInterfaceIds field's value. +func (s *Ec2InstanceConnectEndpoint) SetNetworkInterfaceIds(v []*string) *Ec2InstanceConnectEndpoint { + s.NetworkInterfaceIds = v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *Ec2InstanceConnectEndpoint) SetOwnerId(v string) *Ec2InstanceConnectEndpoint { + s.OwnerId = &v + return s +} + +// SetPreserveClientIp sets the PreserveClientIp field's value. +func (s *Ec2InstanceConnectEndpoint) SetPreserveClientIp(v bool) *Ec2InstanceConnectEndpoint { + s.PreserveClientIp = &v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *Ec2InstanceConnectEndpoint) SetSecurityGroupIds(v []*string) *Ec2InstanceConnectEndpoint { + s.SecurityGroupIds = v + return s +} + +// SetState sets the State field's value. +func (s *Ec2InstanceConnectEndpoint) SetState(v string) *Ec2InstanceConnectEndpoint { + s.State = &v + return s +} + +// SetStateMessage sets the StateMessage field's value. +func (s *Ec2InstanceConnectEndpoint) SetStateMessage(v string) *Ec2InstanceConnectEndpoint { + s.StateMessage = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *Ec2InstanceConnectEndpoint) SetSubnetId(v string) *Ec2InstanceConnectEndpoint { + s.SubnetId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *Ec2InstanceConnectEndpoint) SetTags(v []*Tag) *Ec2InstanceConnectEndpoint { + s.Tags = v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *Ec2InstanceConnectEndpoint) SetVpcId(v string) *Ec2InstanceConnectEndpoint { + s.VpcId = &v + return s +} + // Describes the Elastic Fabric Adapters for the instance type. type EfaInfo struct { _ struct{} `type:"structure"` @@ -113122,8 +114330,9 @@ type EnableFastLaunchInput struct { // the launch template, but not both. LaunchTemplate *FastLaunchLaunchTemplateSpecificationRequest `type:"structure"` - // The maximum number of parallel instances to launch for creating resources. - // Value must be 6 or greater. + // The maximum number of instances that Amazon EC2 can launch at the same time + // to create pre-provisioned snapshots for Windows faster launching. Value must + // be 6 or greater. MaxParallelLaunches *int64 `type:"integer"` // The type of resource to use for pre-provisioning the Windows AMI for faster @@ -113219,7 +114428,8 @@ type EnableFastLaunchOutput struct { // snapshots. LaunchTemplate *FastLaunchLaunchTemplateSpecificationResponse `locationName:"launchTemplate" type:"structure"` - // The maximum number of parallel instances to launch for creating resources. + // The maximum number of instances that Amazon EC2 can launch at the same time + // to create pre-provisioned snapshots for Windows faster launching. MaxParallelLaunches *int64 `locationName:"maxParallelLaunches" type:"integer"` // The owner ID for the Windows AMI for which faster launching was enabled. @@ -113229,9 +114439,9 @@ type EnableFastLaunchOutput struct { // for faster launching. ResourceType *string `locationName:"resourceType" type:"string" enum:"FastLaunchResourceType"` - // The configuration settings that were defined for creating and managing the - // pre-provisioned snapshots for faster launching of the Windows AMI. This property - // is returned when the associated resourceType is snapshot. + // Settings to create and manage the pre-provisioned snapshots that Amazon EC2 + // uses for faster launches from the Windows AMI. This property is returned + // when the associated resourceType is snapshot. SnapshotConfiguration *FastLaunchSnapshotConfigurationResponse `locationName:"snapshotConfiguration" type:"structure"` // The current state of faster launching for the specified Windows AMI. @@ -114713,6 +115923,12 @@ type Explanation struct { // The explanation code. ExplanationCode *string `locationName:"explanationCode" type:"string"` + // The Network Firewall stateful rule. + FirewallStatefulRule *FirewallStatefulRule `locationName:"firewallStatefulRule" type:"structure"` + + // The Network Firewall stateless rule. + FirewallStatelessRule *FirewallStatelessRule `locationName:"firewallStatelessRule" type:"structure"` + // The route table. IngressRouteTable *AnalysisComponent `locationName:"ingressRouteTable" type:"structure"` @@ -114936,6 +116152,18 @@ func (s *Explanation) SetExplanationCode(v string) *Explanation { return s } +// SetFirewallStatefulRule sets the FirewallStatefulRule field's value. +func (s *Explanation) SetFirewallStatefulRule(v *FirewallStatefulRule) *Explanation { + s.FirewallStatefulRule = v + return s +} + +// SetFirewallStatelessRule sets the FirewallStatelessRule field's value. +func (s *Explanation) SetFirewallStatelessRule(v *FirewallStatelessRule) *Explanation { + s.FirewallStatelessRule = v + return s +} + // SetIngressRouteTable sets the IngressRouteTable field's value. func (s *Explanation) SetIngressRouteTable(v *AnalysisComponent) *Explanation { s.IngressRouteTable = v @@ -116521,6 +117749,237 @@ func (s *Filter) SetValues(v []*string) *Filter { return s } +// Describes a port range. +type FilterPortRange struct { + _ struct{} `type:"structure"` + + // The first port in the range. + FromPort *int64 `locationName:"fromPort" type:"integer"` + + // The last port in the range. + ToPort *int64 `locationName:"toPort" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilterPortRange) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilterPortRange) GoString() string { + return s.String() +} + +// SetFromPort sets the FromPort field's value. +func (s *FilterPortRange) SetFromPort(v int64) *FilterPortRange { + s.FromPort = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *FilterPortRange) SetToPort(v int64) *FilterPortRange { + s.ToPort = &v + return s +} + +// Describes a stateful rule. +type FirewallStatefulRule struct { + _ struct{} `type:"structure"` + + // The destination ports. + DestinationPorts []*PortRange `locationName:"destinationPortSet" locationNameList:"item" type:"list"` + + // The destination IP addresses, in CIDR notation. + Destinations []*string `locationName:"destinationSet" locationNameList:"item" type:"list"` + + // The direction. The possible values are FORWARD and ANY. + Direction *string `locationName:"direction" type:"string"` + + // The protocol. + Protocol *string `locationName:"protocol" type:"string"` + + // The rule action. The possible values are pass, drop, and alert. + RuleAction *string `locationName:"ruleAction" type:"string"` + + // The ARN of the stateful rule group. + RuleGroupArn *string `locationName:"ruleGroupArn" min:"1" type:"string"` + + // The source ports. + SourcePorts []*PortRange `locationName:"sourcePortSet" locationNameList:"item" type:"list"` + + // The source IP addresses, in CIDR notation. + Sources []*string `locationName:"sourceSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallStatefulRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallStatefulRule) GoString() string { + return s.String() +} + +// SetDestinationPorts sets the DestinationPorts field's value. +func (s *FirewallStatefulRule) SetDestinationPorts(v []*PortRange) *FirewallStatefulRule { + s.DestinationPorts = v + return s +} + +// SetDestinations sets the Destinations field's value. +func (s *FirewallStatefulRule) SetDestinations(v []*string) *FirewallStatefulRule { + s.Destinations = v + return s +} + +// SetDirection sets the Direction field's value. +func (s *FirewallStatefulRule) SetDirection(v string) *FirewallStatefulRule { + s.Direction = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *FirewallStatefulRule) SetProtocol(v string) *FirewallStatefulRule { + s.Protocol = &v + return s +} + +// SetRuleAction sets the RuleAction field's value. +func (s *FirewallStatefulRule) SetRuleAction(v string) *FirewallStatefulRule { + s.RuleAction = &v + return s +} + +// SetRuleGroupArn sets the RuleGroupArn field's value. +func (s *FirewallStatefulRule) SetRuleGroupArn(v string) *FirewallStatefulRule { + s.RuleGroupArn = &v + return s +} + +// SetSourcePorts sets the SourcePorts field's value. +func (s *FirewallStatefulRule) SetSourcePorts(v []*PortRange) *FirewallStatefulRule { + s.SourcePorts = v + return s +} + +// SetSources sets the Sources field's value. +func (s *FirewallStatefulRule) SetSources(v []*string) *FirewallStatefulRule { + s.Sources = v + return s +} + +// Describes a stateless rule. +type FirewallStatelessRule struct { + _ struct{} `type:"structure"` + + // The destination ports. + DestinationPorts []*PortRange `locationName:"destinationPortSet" locationNameList:"item" type:"list"` + + // The destination IP addresses, in CIDR notation. + Destinations []*string `locationName:"destinationSet" locationNameList:"item" type:"list"` + + // The rule priority. + Priority *int64 `locationName:"priority" type:"integer"` + + // The protocols. + Protocols []*int64 `locationName:"protocolSet" locationNameList:"item" type:"list"` + + // The rule action. The possible values are pass, drop, and forward_to_site. + RuleAction *string `locationName:"ruleAction" type:"string"` + + // The ARN of the stateless rule group. + RuleGroupArn *string `locationName:"ruleGroupArn" min:"1" type:"string"` + + // The source ports. + SourcePorts []*PortRange `locationName:"sourcePortSet" locationNameList:"item" type:"list"` + + // The source IP addresses, in CIDR notation. + Sources []*string `locationName:"sourceSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallStatelessRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallStatelessRule) GoString() string { + return s.String() +} + +// SetDestinationPorts sets the DestinationPorts field's value. +func (s *FirewallStatelessRule) SetDestinationPorts(v []*PortRange) *FirewallStatelessRule { + s.DestinationPorts = v + return s +} + +// SetDestinations sets the Destinations field's value. +func (s *FirewallStatelessRule) SetDestinations(v []*string) *FirewallStatelessRule { + s.Destinations = v + return s +} + +// SetPriority sets the Priority field's value. +func (s *FirewallStatelessRule) SetPriority(v int64) *FirewallStatelessRule { + s.Priority = &v + return s +} + +// SetProtocols sets the Protocols field's value. +func (s *FirewallStatelessRule) SetProtocols(v []*int64) *FirewallStatelessRule { + s.Protocols = v + return s +} + +// SetRuleAction sets the RuleAction field's value. +func (s *FirewallStatelessRule) SetRuleAction(v string) *FirewallStatelessRule { + s.RuleAction = &v + return s +} + +// SetRuleGroupArn sets the RuleGroupArn field's value. +func (s *FirewallStatelessRule) SetRuleGroupArn(v string) *FirewallStatelessRule { + s.RuleGroupArn = &v + return s +} + +// SetSourcePorts sets the SourcePorts field's value. +func (s *FirewallStatelessRule) SetSourcePorts(v []*PortRange) *FirewallStatelessRule { + s.SourcePorts = v + return s +} + +// SetSources sets the Sources field's value. +func (s *FirewallStatelessRule) SetSources(v []*string) *FirewallStatelessRule { + s.Sources = v + return s +} + // Information about a Capacity Reservation in a Capacity Reservation Fleet. type FleetCapacityReservation struct { _ struct{} `type:"structure"` @@ -117017,8 +118476,9 @@ type FleetLaunchTemplateOverrides struct { // The Availability Zone in which to launch the instances. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` - // The ID of the AMI. An AMI is required to launch an instance. The AMI ID must - // be specified here or in the launch template. + // The ID of the AMI. An AMI is required to launch an instance. This parameter + // is only available for fleets of type instant. For fleets of type maintain + // and request, you must specify the AMI ID in the launch template. ImageId *string `locationName:"imageId" type:"string"` // The attributes for the instance types. When you specify instance attributes, @@ -117029,6 +118489,8 @@ type FleetLaunchTemplateOverrides struct { // The instance type. // + // mac1.metal is not supported as a launch template override. + // // If you specify InstanceType, you can't specify InstanceRequirements. InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` @@ -117147,8 +118609,9 @@ type FleetLaunchTemplateOverridesRequest struct { // The Availability Zone in which to launch the instances. AvailabilityZone *string `type:"string"` - // The ID of the AMI. An AMI is required to launch an instance. The AMI ID must - // be specified here or in the launch template. + // The ID of the AMI. An AMI is required to launch an instance. This parameter + // is only available for fleets of type instant. For fleets of type maintain + // and request, you must specify the AMI ID in the launch template. ImageId *string `type:"string"` // The attributes for the instance types. When you specify instance attributes, @@ -117159,6 +118622,8 @@ type FleetLaunchTemplateOverridesRequest struct { // The instance type. // + // mac1.metal is not supported as a launch template override. + // // If you specify InstanceType, you can't specify InstanceRequirements. InstanceType *string `type:"string" enum:"InstanceType"` @@ -119483,7 +120948,9 @@ func (s *GetFlowLogsIntegrationTemplateOutput) SetResult(v string) *GetFlowLogsI type GetGroupsForCapacityReservationInput struct { _ struct{} `type:"structure"` - // The ID of the Capacity Reservation. + // The ID of the Capacity Reservation. If you specify a Capacity Reservation + // that is shared with you, the operation returns only Capacity Reservation + // groups that you own. // // CapacityReservationId is a required field CapacityReservationId *string `type:"string" required:"true"` @@ -119743,12 +121210,13 @@ type GetInstanceTypesFromInstanceRequirementsInput struct { // InstanceRequirements is a required field InstanceRequirements *InstanceRequirementsRequest `type:"structure" required:"true"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `type:"integer"` - // The token for the next set of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` // The virtualization type. @@ -119841,7 +121309,8 @@ type GetInstanceTypesFromInstanceRequirementsOutput struct { // The instance types with the specified instance attributes. InstanceTypes []*InstanceTypeInfoFromInstanceRequirements `locationName:"instanceTypeSet" locationNameList:"item" type:"list"` - // The token for the next set of results. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` } @@ -121824,12 +123293,13 @@ type GetSpotPlacementScoresInput struct { // If you specify InstanceTypes, you can't specify InstanceRequirementsWithMetadata. InstanceTypes []*string `locationName:"InstanceType" type:"list"` - // The maximum number of results to return in a single call. Specify a value - // between 1 and 1000. The default value is 1000. To retrieve the remaining - // results, make another call with the returned NextToken value. + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"10" type:"integer"` - // The token for the next set of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` // The Regions used to narrow down the list of Regions to be scored. Enter the @@ -121953,7 +123423,8 @@ func (s *GetSpotPlacementScoresInput) SetTargetCapacityUnitType(v string) *GetSp type GetSpotPlacementScoresOutput struct { _ struct{} `type:"structure"` - // The token for the next set of results. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` // The Spot placement score for the top 10 Regions or Availability Zones, scored @@ -123113,7 +124584,7 @@ type GetVerifiedAccessEndpointPolicyInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. // // VerifiedAccessEndpointId is a required field VerifiedAccessEndpointId *string `type:"string" required:"true"` @@ -123165,7 +124636,7 @@ func (s *GetVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v str type GetVerifiedAccessEndpointPolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `locationName:"policyDocument" type:"string"` // The status of the Verified Access policy. @@ -123211,7 +124682,7 @@ type GetVerifiedAccessGroupPolicyInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. // // VerifiedAccessGroupId is a required field VerifiedAccessGroupId *string `type:"string" required:"true"` @@ -123263,7 +124734,7 @@ func (s *GetVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string) * type GetVerifiedAccessGroupPolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `locationName:"policyDocument" type:"string"` // The status of the Verified Access policy. @@ -123537,6 +125008,154 @@ func (s *GetVpnConnectionDeviceTypesOutput) SetVpnConnectionDeviceTypes(v []*Vpn return s } +type GetVpnTunnelReplacementStatusInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Site-to-Site VPN connection. + // + // VpnConnectionId is a required field + VpnConnectionId *string `type:"string" required:"true"` + + // The external IP address of the VPN tunnel. + // + // VpnTunnelOutsideIpAddress is a required field + VpnTunnelOutsideIpAddress *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVpnTunnelReplacementStatusInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVpnTunnelReplacementStatusInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetVpnTunnelReplacementStatusInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetVpnTunnelReplacementStatusInput"} + if s.VpnConnectionId == nil { + invalidParams.Add(request.NewErrParamRequired("VpnConnectionId")) + } + if s.VpnTunnelOutsideIpAddress == nil { + invalidParams.Add(request.NewErrParamRequired("VpnTunnelOutsideIpAddress")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetVpnTunnelReplacementStatusInput) SetDryRun(v bool) *GetVpnTunnelReplacementStatusInput { + s.DryRun = &v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *GetVpnTunnelReplacementStatusInput) SetVpnConnectionId(v string) *GetVpnTunnelReplacementStatusInput { + s.VpnConnectionId = &v + return s +} + +// SetVpnTunnelOutsideIpAddress sets the VpnTunnelOutsideIpAddress field's value. +func (s *GetVpnTunnelReplacementStatusInput) SetVpnTunnelOutsideIpAddress(v string) *GetVpnTunnelReplacementStatusInput { + s.VpnTunnelOutsideIpAddress = &v + return s +} + +type GetVpnTunnelReplacementStatusOutput struct { + _ struct{} `type:"structure"` + + // The ID of the customer gateway. + CustomerGatewayId *string `locationName:"customerGatewayId" type:"string"` + + // Get details of pending tunnel endpoint maintenance. + MaintenanceDetails *MaintenanceDetails `locationName:"maintenanceDetails" type:"structure"` + + // The ID of the transit gateway associated with the VPN connection. + TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` + + // The ID of the Site-to-Site VPN connection. + VpnConnectionId *string `locationName:"vpnConnectionId" type:"string"` + + // The ID of the virtual private gateway. + VpnGatewayId *string `locationName:"vpnGatewayId" type:"string"` + + // The external IP address of the VPN tunnel. + VpnTunnelOutsideIpAddress *string `locationName:"vpnTunnelOutsideIpAddress" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVpnTunnelReplacementStatusOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVpnTunnelReplacementStatusOutput) GoString() string { + return s.String() +} + +// SetCustomerGatewayId sets the CustomerGatewayId field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetCustomerGatewayId(v string) *GetVpnTunnelReplacementStatusOutput { + s.CustomerGatewayId = &v + return s +} + +// SetMaintenanceDetails sets the MaintenanceDetails field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetMaintenanceDetails(v *MaintenanceDetails) *GetVpnTunnelReplacementStatusOutput { + s.MaintenanceDetails = v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetTransitGatewayId(v string) *GetVpnTunnelReplacementStatusOutput { + s.TransitGatewayId = &v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetVpnConnectionId(v string) *GetVpnTunnelReplacementStatusOutput { + s.VpnConnectionId = &v + return s +} + +// SetVpnGatewayId sets the VpnGatewayId field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetVpnGatewayId(v string) *GetVpnTunnelReplacementStatusOutput { + s.VpnGatewayId = &v + return s +} + +// SetVpnTunnelOutsideIpAddress sets the VpnTunnelOutsideIpAddress field's value. +func (s *GetVpnTunnelReplacementStatusOutput) SetVpnTunnelOutsideIpAddress(v string) *GetVpnTunnelReplacementStatusOutput { + s.VpnTunnelOutsideIpAddress = &v + return s +} + // Describes the GPU accelerators for the instance type. type GpuDeviceInfo struct { _ struct{} `type:"structure"` @@ -123906,6 +125525,9 @@ type Host struct { // Dedicated Host supports a single instance type only. AllowsMultipleInstanceTypes *string `locationName:"allowsMultipleInstanceTypes" type:"string" enum:"AllowsMultipleInstanceTypes"` + // The ID of the Outpost hardware asset on which the Dedicated Host is allocated. + AssetId *string `locationName:"assetId" type:"string"` + // Whether auto-placement is on or off. AutoPlacement *string `locationName:"autoPlacement" type:"string" enum:"AutoPlacement"` @@ -123925,6 +125547,10 @@ type Host struct { // The ID of the Dedicated Host. HostId *string `locationName:"hostId" type:"string"` + // Indicates whether host maintenance is enabled or disabled for the Dedicated + // Host. + HostMaintenance *string `locationName:"hostMaintenance" type:"string" enum:"HostMaintenance"` + // The hardware specifications of the Dedicated Host. HostProperties *HostProperties `locationName:"hostProperties" type:"structure"` @@ -123990,6 +125616,12 @@ func (s *Host) SetAllowsMultipleInstanceTypes(v string) *Host { return s } +// SetAssetId sets the AssetId field's value. +func (s *Host) SetAssetId(v string) *Host { + s.AssetId = &v + return s +} + // SetAutoPlacement sets the AutoPlacement field's value. func (s *Host) SetAutoPlacement(v string) *Host { s.AutoPlacement = &v @@ -124026,6 +125658,12 @@ func (s *Host) SetHostId(v string) *Host { return s } +// SetHostMaintenance sets the HostMaintenance field's value. +func (s *Host) SetHostMaintenance(v string) *Host { + s.HostMaintenance = &v + return s +} + // SetHostProperties sets the HostProperties field's value. func (s *Host) SetHostProperties(v *HostProperties) *Host { s.HostProperties = v @@ -125092,7 +126730,11 @@ type ImageDiskContainer struct { // The URL to the Amazon S3-based disk image being imported. The URL can either // be a https URL (https://..) or an Amazon S3 URL (s3://..) - Url *string `type:"string"` + // + // Url is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ImageDiskContainer's + // String and GoString methods. + Url *string `type:"string" sensitive:"true"` // The S3 bucket for the disk image. UserBucket *UserBucket `type:"structure"` @@ -127058,7 +128700,14 @@ type Instance struct { // Any block device mapping entries for the instance. BlockDeviceMappings []*InstanceBlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` - // The boot mode of the instance. For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) + // The boot mode that was specified by the AMI. If the value is uefi-preferred, + // the AMI supports both UEFI and Legacy BIOS. The currentInstanceBootMode parameter + // is the boot mode that is used to boot the instance at launch or start. + // + // The operating system contained in the AMI must be configured to support the + // specified boot mode. + // + // For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) // in the Amazon EC2 User Guide. BootMode *string `locationName:"bootMode" type:"string" enum:"BootModeValues"` @@ -127074,6 +128723,11 @@ type Instance struct { // The CPU options for the instance. CpuOptions *CpuOptions `locationName:"cpuOptions" type:"structure"` + // The boot mode that is used to boot the instance at launch or start. For more + // information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) + // in the Amazon EC2 User Guide. + CurrentInstanceBootMode *string `locationName:"currentInstanceBootMode" type:"string" enum:"InstanceBootModeValues"` + // Indicates whether the instance is optimized for Amazon EBS I/O. This optimization // provides dedicated throughput to Amazon EBS and an optimized configuration // stack to provide optimal I/O performance. This optimization isn't available @@ -127140,7 +128794,7 @@ type Instance struct { // The monitoring for the instance. Monitoring *Monitoring `locationName:"monitoring" type:"structure"` - // [EC2-VPC] The network interfaces for the instance. + // The network interfaces for the instance. NetworkInterfaces []*InstanceNetworkInterface `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` // The Amazon Resource Name (ARN) of the Outpost. @@ -127157,14 +128811,14 @@ type Instance struct { // in the Amazon EC2 User Guide. PlatformDetails *string `locationName:"platformDetails" type:"string"` - // (IPv4 only) The private DNS hostname name assigned to the instance. This + // [IPv4 only] The private DNS hostname name assigned to the instance. This // DNS hostname can only be used inside the Amazon EC2 network. This name is // not available until the instance enters the running state. // - // [EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private - // DNS hostnames if you've enabled DNS resolution and DNS hostnames in your - // VPC. If you are not using the Amazon-provided DNS server in your VPC, your - // custom domain name servers must resolve the hostname as appropriate. + // The Amazon-provided DNS server resolves Amazon-provided private DNS hostnames + // if you've enabled DNS resolution and DNS hostnames in your VPC. If you are + // not using the Amazon-provided DNS server in your VPC, your custom domain + // name servers must resolve the hostname as appropriate. PrivateDnsName *string `locationName:"privateDnsName" type:"string"` // The options for the instance hostname. @@ -127176,9 +128830,9 @@ type Instance struct { // The product codes attached to this instance, if applicable. ProductCodes []*ProductCode `locationName:"productCodes" locationNameList:"item" type:"list"` - // (IPv4 only) The public DNS name assigned to the instance. This name is not - // available until the instance enters the running state. For EC2-VPC, this - // name is only available if you've enabled DNS hostnames for your VPC. + // [IPv4 only] The public DNS name assigned to the instance. This name is not + // available until the instance enters the running state. This name is only + // available if you've enabled DNS hostnames for your VPC. PublicDnsName *string `locationName:"dnsName" type:"string"` // The public IPv4 address, or the Carrier IP address assigned to the instance, @@ -127220,7 +128874,7 @@ type Instance struct { // The reason for the most recent state transition. This might be an empty string. StateTransitionReason *string `locationName:"reason" type:"string"` - // [EC2-VPC] The ID of the subnet in which the instance is running. + // The ID of the subnet in which the instance is running. SubnetId *string `locationName:"subnetId" type:"string"` // Any tags assigned to the instance. @@ -127242,7 +128896,7 @@ type Instance struct { // The virtualization type of the instance. VirtualizationType *string `locationName:"virtualizationType" type:"string" enum:"VirtualizationType"` - // [EC2-VPC] The ID of the VPC in which the instance is running. + // The ID of the VPC in which the instance is running. VpcId *string `locationName:"vpcId" type:"string"` } @@ -127312,6 +128966,12 @@ func (s *Instance) SetCpuOptions(v *CpuOptions) *Instance { return s } +// SetCurrentInstanceBootMode sets the CurrentInstanceBootMode field's value. +func (s *Instance) SetCurrentInstanceBootMode(v string) *Instance { + s.CurrentInstanceBootMode = &v + return s +} + // SetEbsOptimized sets the EbsOptimized field's value. func (s *Instance) SetEbsOptimized(v bool) *Instance { s.EbsOptimized = &v @@ -131029,7 +132689,7 @@ func (s *InstanceTagNotificationAttribute) SetInstanceTagKeys(v []*string) *Inst type InstanceTypeInfo struct { _ struct{} `type:"structure"` - // Indicates whether auto recovery is supported. + // Indicates whether Amazon CloudWatch action based recovery is supported. AutoRecoverySupported *bool `locationName:"autoRecoverySupported" type:"boolean"` // Indicates whether the instance is a bare metal instance type. @@ -134105,7 +135765,7 @@ type LaunchSpecification struct { // Deprecated. AddressingType *string `locationName:"addressingType" type:"string"` - // One or more block device mapping entries. + // The block device mapping entries. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` // Indicates whether the instance is optimized for EBS I/O. This optimization @@ -134135,8 +135795,8 @@ type LaunchSpecification struct { // Describes the monitoring of an instance. Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"` - // One or more network interfaces. If you specify a network interface, you must - // specify subnet IDs and security group IDs using the network interface. + // The network interfaces. If you specify a network interface, you must specify + // subnet IDs and security group IDs using the network interface. NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` // The placement information for the instance. @@ -134145,15 +135805,14 @@ type LaunchSpecification struct { // The ID of the RAM disk. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // The IDs of the security groups. SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The ID of the subnet in which to launch the instance. SubnetId *string `locationName:"subnetId" type:"string"` - // The Base64-encoded user data for the instance. + // The base64-encoded user data that instances use when starting up. User data + // is limited to 16 KB. // // UserData is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by LaunchSpecification's @@ -134627,7 +136286,9 @@ func (s *LaunchTemplateCapacityReservationSpecificationResponse) SetCapacityRese type LaunchTemplateConfig struct { _ struct{} `type:"structure"` - // The launch template. + // The launch template to use. Make sure that the launch template does not contain + // the NetworkInterfaceId parameter because you can't specify a network interface + // ID in a Spot Fleet. LaunchTemplateSpecification *FleetLaunchTemplateSpecification `locationName:"launchTemplateSpecification" type:"structure"` // Any parameters that you specify override the same parameters in the launch @@ -134684,6 +136345,9 @@ func (s *LaunchTemplateConfig) SetOverrides(v []*LaunchTemplateOverrides) *Launc type LaunchTemplateCpuOptions struct { _ struct{} `type:"structure"` + // Indicates whether the instance is enabled for AMD SEV-SNP. + AmdSevSnp *string `locationName:"amdSevSnp" type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `locationName:"coreCount" type:"integer"` @@ -134709,6 +136373,12 @@ func (s LaunchTemplateCpuOptions) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *LaunchTemplateCpuOptions) SetAmdSevSnp(v string) *LaunchTemplateCpuOptions { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *LaunchTemplateCpuOptions) SetCoreCount(v int64) *LaunchTemplateCpuOptions { s.CoreCount = &v @@ -134726,6 +136396,10 @@ func (s *LaunchTemplateCpuOptions) SetThreadsPerCore(v int64) *LaunchTemplateCpu type LaunchTemplateCpuOptionsRequest struct { _ struct{} `type:"structure"` + // Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is + // supported with M6a, R6a, and C6a instance types only. + AmdSevSnp *string `type:"string" enum:"AmdSevSnpSpecification"` + // The number of CPU cores for the instance. CoreCount *int64 `type:"integer"` @@ -134752,6 +136426,12 @@ func (s LaunchTemplateCpuOptionsRequest) GoString() string { return s.String() } +// SetAmdSevSnp sets the AmdSevSnp field's value. +func (s *LaunchTemplateCpuOptionsRequest) SetAmdSevSnp(v string) *LaunchTemplateCpuOptionsRequest { + s.AmdSevSnp = &v + return s +} + // SetCoreCount sets the CoreCount field's value. func (s *LaunchTemplateCpuOptionsRequest) SetCoreCount(v int64) *LaunchTemplateCpuOptionsRequest { s.CoreCount = &v @@ -136295,8 +137975,8 @@ type LaunchTemplatePlacement struct { // Reserved for future use. SpreadDomain *string `locationName:"spreadDomain" type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. Tenancy *string `locationName:"tenancy" type:"string" enum:"Tenancy"` } @@ -136404,8 +138084,8 @@ type LaunchTemplatePlacementRequest struct { // Reserved for future use. SpreadDomain *string `type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. Tenancy *string `type:"string" enum:"Tenancy"` } @@ -137142,14 +138822,13 @@ type ListImagesInRecycleBinInput struct { // that are in the Recycle Bin. You can specify up to 20 IDs in a single request. ImageIds []*string `locationName:"ImageId" locationNameList:"ImageId" type:"list"` - // The maximum number of results to return with a single call. To retrieve the - // remaining results, make another call with the returned nextToken value. - // - // If you do not specify a value for MaxResults, the request returns 1,000 items - // per page by default. For more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). + // The maximum number of items to return for this request. To get the next page + // of items, make another request with the token returned in the output. For + // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination). MaxResults *int64 `min:"1" type:"integer"` - // The token for the next page of results. + // The token returned from a previous paginated request. Pagination continues + // from the end of the items returned by the previous request. NextToken *string `type:"string"` } @@ -137214,8 +138893,8 @@ type ListImagesInRecycleBinOutput struct { // Information about the AMIs. Images []*ImageRecycleBinInfo `locationName:"imageSet" locationNameList:"item" type:"list"` - // The token to use to retrieve the next page of results. This value is null - // when there are no more results to return. + // The token to include in another request to get the next page of items. This + // value is null when there are no more items to return. NextToken *string `locationName:"nextToken" type:"string"` } @@ -138217,6 +139896,56 @@ func (s *LocalGatewayVirtualInterfaceGroup) SetTags(v []*Tag) *LocalGatewayVirtu return s } +// Details for Site-to-Site VPN tunnel endpoint maintenance events. +type MaintenanceDetails struct { + _ struct{} `type:"structure"` + + // Timestamp of last applied maintenance. + LastMaintenanceApplied *time.Time `locationName:"lastMaintenanceApplied" type:"timestamp"` + + // The timestamp after which Amazon Web Services will automatically apply maintenance. + MaintenanceAutoAppliedAfter *time.Time `locationName:"maintenanceAutoAppliedAfter" type:"timestamp"` + + // Verify existence of a pending maintenance. + PendingMaintenance *string `locationName:"pendingMaintenance" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MaintenanceDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MaintenanceDetails) GoString() string { + return s.String() +} + +// SetLastMaintenanceApplied sets the LastMaintenanceApplied field's value. +func (s *MaintenanceDetails) SetLastMaintenanceApplied(v time.Time) *MaintenanceDetails { + s.LastMaintenanceApplied = &v + return s +} + +// SetMaintenanceAutoAppliedAfter sets the MaintenanceAutoAppliedAfter field's value. +func (s *MaintenanceDetails) SetMaintenanceAutoAppliedAfter(v time.Time) *MaintenanceDetails { + s.MaintenanceAutoAppliedAfter = &v + return s +} + +// SetPendingMaintenance sets the PendingMaintenance field's value. +func (s *MaintenanceDetails) SetPendingMaintenance(v string) *MaintenanceDetails { + s.PendingMaintenance = &v + return s +} + // Describes a managed prefix list. type ManagedPrefixList struct { _ struct{} `type:"structure"` @@ -139859,6 +141588,11 @@ type ModifyHostsInput struct { // HostIds is a required field HostIds []*string `locationName:"hostId" locationNameList:"item" type:"list" required:"true"` + // Indicates whether to enable or disable host maintenance for the Dedicated + // Host. For more information, see Host maintenance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-maintenance.html) + // in the Amazon EC2 User Guide. + HostMaintenance *string `type:"string" enum:"HostMaintenance"` + // Indicates whether to enable or disable host recovery for the Dedicated Host. // For more information, see Host recovery (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html) // in the Amazon EC2 User Guide. @@ -139926,6 +141660,12 @@ func (s *ModifyHostsInput) SetHostIds(v []*string) *ModifyHostsInput { return s } +// SetHostMaintenance sets the HostMaintenance field's value. +func (s *ModifyHostsInput) SetHostMaintenance(v string) *ModifyHostsInput { + s.HostMaintenance = &v + return s +} + // SetHostRecovery sets the HostRecovery field's value. func (s *ModifyHostsInput) SetHostRecovery(v string) *ModifyHostsInput { s.HostRecovery = &v @@ -140189,7 +141929,7 @@ type ModifyImageAttributeInput struct { // The name of the attribute to modify. // - // Valid values: description | launchPermission + // Valid values: description | imdsSupport | launchPermission Attribute *string `type:"string"` // A new description for the AMI. @@ -140206,6 +141946,18 @@ type ModifyImageAttributeInput struct { // ImageId is a required field ImageId *string `type:"string" required:"true"` + // Set to v2.0 to indicate that IMDSv2 is specified in the AMI. Instances launched + // from this AMI will have HttpTokens automatically set to required so that, + // by default, the instance requires that IMDSv2 is used when requesting instance + // metadata. In addition, HttpPutResponseHopLimit is set to 2. For more information, + // see Configure the AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-IMDS-new-instances.html#configure-IMDS-new-instances-ami-configuration) + // in the Amazon EC2 User Guide. + // + // Do not use this parameter unless your AMI software supports IMDSv2. After + // you set the value to v2.0, you can't undo it. The only way to “reset” + // your AMI is to create a new AMI from the underlying snapshot. + ImdsSupport *AttributeValue `type:"structure"` + // A new launch permission for the AMI. LaunchPermission *LaunchPermissionModifications `type:"structure"` @@ -140233,7 +141985,7 @@ type ModifyImageAttributeInput struct { UserIds []*string `locationName:"UserId" locationNameList:"UserId" type:"list"` // The value of the attribute being modified. This parameter can be used only - // when the Attribute parameter is description. + // when the Attribute parameter is description or imdsSupport. Value *string `type:"string"` } @@ -140292,6 +142044,12 @@ func (s *ModifyImageAttributeInput) SetImageId(v string) *ModifyImageAttributeIn return s } +// SetImdsSupport sets the ImdsSupport field's value. +func (s *ModifyImageAttributeInput) SetImdsSupport(v *AttributeValue) *ModifyImageAttributeInput { + s.ImdsSupport = v + return s +} + // SetLaunchPermission sets the LaunchPermission field's value. func (s *ModifyImageAttributeInput) SetLaunchPermission(v *LaunchPermissionModifications) *ModifyImageAttributeInput { s.LaunchPermission = v @@ -140412,10 +142170,9 @@ type ModifyInstanceAttributeInput struct { // a PV instance can make it unreachable. EnaSupport *AttributeBooleanValue `locationName:"enaSupport" type:"structure"` - // [EC2-VPC] Replaces the security groups of the instance with the specified - // security groups. You must specify at least one security group, even if it's - // just the default security group for the VPC. You must specify the security - // group ID, not the security group name. + // Replaces the security groups of the instance with the specified security + // groups. You must specify the ID of at least one security group, even if it's + // just the default security group for the VPC. Groups []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` // The ID of the instance. @@ -141403,7 +143160,8 @@ type ModifyInstancePlacementInput struct { // The ID of the Dedicated Host with which to associate the instance. HostId *string `locationName:"hostId" type:"string"` - // The ARN of the host resource group in which to place the instance. + // The ARN of the host resource group in which to place the instance. The instance + // must have a tenancy of host to specify this parameter. HostResourceGroupArn *string `type:"string"` // The ID of the instance that you are modifying. @@ -141417,9 +143175,10 @@ type ModifyInstancePlacementInput struct { // The tenancy for the instance. // - // For T3 instances, you can't change the tenancy from dedicated to host, or - // from host to dedicated. Attempting to make one of these unsupported tenancy - // changes results in the InvalidTenancy error code. + // For T3 instances, you must launch the instance on a Dedicated Host to use + // a tenancy of host. You can't change the tenancy from host to dedicated or + // default. Attempting to make one of these unsupported tenancy changes results + // in an InvalidRequest error code. Tenancy *string `locationName:"tenancy" type:"string" enum:"HostTenancy"` } @@ -144626,7 +146385,8 @@ func (s *ModifyTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } -// Options for a network-interface type Verified Access endpoint. +// Describes the options when modifying a Verified Access endpoint with the +// network-interface type. type ModifyVerifiedAccessEndpointEniOptions struct { _ struct{} `type:"structure"` @@ -144688,7 +146448,7 @@ type ModifyVerifiedAccessEndpointInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access endpoint. + // A description for the Verified Access endpoint. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -144697,19 +146457,18 @@ type ModifyVerifiedAccessEndpointInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The load balancer details if creating the Amazon Web Services Verified Access - // endpoint as load-balancertype. + // The load balancer details if creating the Verified Access endpoint as load-balancertype. LoadBalancerOptions *ModifyVerifiedAccessEndpointLoadBalancerOptions `type:"structure"` // The network interface options. NetworkInterfaceOptions *ModifyVerifiedAccessEndpointEniOptions `type:"structure"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. // // VerifiedAccessEndpointId is a required field VerifiedAccessEndpointId *string `type:"string" required:"true"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. VerifiedAccessGroupId *string `type:"string"` } @@ -144863,7 +146622,7 @@ func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*stri type ModifyVerifiedAccessEndpointOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access endpoint details. + // The Verified Access endpoint details. VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` } @@ -144905,7 +146664,7 @@ type ModifyVerifiedAccessEndpointPolicyInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `type:"string"` // The status of the Verified Access policy. @@ -144913,7 +146672,7 @@ type ModifyVerifiedAccessEndpointPolicyInput struct { // PolicyEnabled is a required field PolicyEnabled *bool `type:"boolean" required:"true"` - // The ID of the Amazon Web Services Verified Access endpoint. + // The ID of the Verified Access endpoint. // // VerifiedAccessEndpointId is a required field VerifiedAccessEndpointId *string `type:"string" required:"true"` @@ -144986,7 +146745,7 @@ func (s *ModifyVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v type ModifyVerifiedAccessEndpointPolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `locationName:"policyDocument" type:"string"` // The status of the Verified Access policy. @@ -145031,7 +146790,7 @@ type ModifyVerifiedAccessGroupInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access group. + // A description for the Verified Access group. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -145040,12 +146799,12 @@ type ModifyVerifiedAccessGroupInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. // // VerifiedAccessGroupId is a required field VerifiedAccessGroupId *string `type:"string" required:"true"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstanceId *string `type:"string"` } @@ -145113,7 +146872,7 @@ func (s *ModifyVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) * type ModifyVerifiedAccessGroupOutput struct { _ struct{} `type:"structure"` - // Details of Amazon Web Services Verified Access group. + // Details of Verified Access group. VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` } @@ -145155,7 +146914,7 @@ type ModifyVerifiedAccessGroupPolicyInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `type:"string"` // The status of the Verified Access policy. @@ -145163,7 +146922,7 @@ type ModifyVerifiedAccessGroupPolicyInput struct { // PolicyEnabled is a required field PolicyEnabled *bool `type:"boolean" required:"true"` - // The ID of the Amazon Web Services Verified Access group. + // The ID of the Verified Access group. // // VerifiedAccessGroupId is a required field VerifiedAccessGroupId *string `type:"string" required:"true"` @@ -145236,7 +146995,7 @@ func (s *ModifyVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string type ModifyVerifiedAccessGroupPolicyOutput struct { _ struct{} `type:"structure"` - // The Amazon Web Services Verified Access policy document. + // The Verified Access policy document. PolicyDocument *string `locationName:"policyDocument" type:"string"` // The status of the Verified Access policy. @@ -145281,7 +147040,7 @@ type ModifyVerifiedAccessInstanceInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access instance. + // A description for the Verified Access instance. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -145290,7 +147049,7 @@ type ModifyVerifiedAccessInstanceInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` @@ -145354,7 +147113,7 @@ func (s *ModifyVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string type ModifyVerifiedAccessInstanceLoggingConfigurationInput struct { _ struct{} `type:"structure"` - // The configuration options for Amazon Web Services Verified Access instances. + // The configuration options for Verified Access instances. // // AccessLogs is a required field AccessLogs *VerifiedAccessLogOptions `type:"structure" required:"true"` @@ -145370,7 +147129,7 @@ type ModifyVerifiedAccessInstanceLoggingConfigurationInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. // // VerifiedAccessInstanceId is a required field VerifiedAccessInstanceId *string `type:"string" required:"true"` @@ -145442,7 +147201,7 @@ func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetVerifiedAcces type ModifyVerifiedAccessInstanceLoggingConfigurationOutput struct { _ struct{} `type:"structure"` - // The logging configuration for Amazon Web Services Verified Access instance. + // The logging configuration for the Verified Access instance. LoggingConfiguration *VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfiguration" type:"structure"` } @@ -145473,7 +147232,7 @@ func (s *ModifyVerifiedAccessInstanceLoggingConfigurationOutput) SetLoggingConfi type ModifyVerifiedAccessInstanceOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access instance. + // The ID of the Verified Access instance. VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` } @@ -145509,7 +147268,7 @@ type ModifyVerifiedAccessTrustProviderInput struct { // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` - // A description for the Amazon Web Services Verified Access trust provider. + // A description for the Verified Access trust provider. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -145518,10 +147277,10 @@ type ModifyVerifiedAccessTrustProviderInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The OpenID Connect details for an oidc-type, user-identity based trust provider. + // The options for an OpenID Connect-compatible user-identity trust provider. OidcOptions *ModifyVerifiedAccessTrustProviderOidcOptions `type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. // // VerifiedAccessTrustProviderId is a required field VerifiedAccessTrustProviderId *string `type:"string" required:"true"` @@ -145588,14 +147347,36 @@ func (s *ModifyVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderI return s } -// OpenID Connect options for an oidc-type, user-identity based trust provider. +// Options for an OpenID Connect-compatible user-identity trust provider. type ModifyVerifiedAccessTrustProviderOidcOptions struct { _ struct{} `type:"structure"` + // The OIDC authorization endpoint. + AuthorizationEndpoint *string `type:"string"` + + // The client identifier. + ClientId *string `type:"string"` + + // The client secret. + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ModifyVerifiedAccessTrustProviderOidcOptions's + // String and GoString methods. + ClientSecret *string `type:"string" sensitive:"true"` + + // The OIDC issuer. + Issuer *string `type:"string"` + // OpenID Connect (OIDC) scopes are used by an application during authentication // to authorize access to a user's details. Each scope returns a specific set // of user attributes. Scope *string `type:"string"` + + // The OIDC token endpoint. + TokenEndpoint *string `type:"string"` + + // The OIDC user info endpoint. + UserInfoEndpoint *string `type:"string"` } // String returns the string representation. @@ -145616,16 +147397,52 @@ func (s ModifyVerifiedAccessTrustProviderOidcOptions) GoString() string { return s.String() } +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetAuthorizationEndpoint(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetClientId(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetClientSecret(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.ClientSecret = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetIssuer(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.Issuer = &v + return s +} + // SetScope sets the Scope field's value. func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetScope(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { s.Scope = &v return s } +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetTokenEndpoint(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.TokenEndpoint = &v + return s +} + +// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetUserInfoEndpoint(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.UserInfoEndpoint = &v + return s +} + type ModifyVerifiedAccessTrustProviderOutput struct { _ struct{} `type:"structure"` - // The ID of the Amazon Web Services Verified Access trust provider. + // The ID of the Verified Access trust provider. VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` } @@ -147307,10 +149124,19 @@ type ModifyVpnTunnelOptionsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // Choose whether or not to trigger immediate tunnel replacement. + // + // Valid values: True | False + SkipTunnelReplacement *bool `type:"boolean"` + // The tunnel options to modify. // + // TunnelOptions is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ModifyVpnTunnelOptionsInput's + // String and GoString methods. + // // TunnelOptions is a required field - TunnelOptions *ModifyVpnTunnelOptionsSpecification `type:"structure" required:"true"` + TunnelOptions *ModifyVpnTunnelOptionsSpecification `type:"structure" required:"true" sensitive:"true"` // The ID of the Amazon Web Services Site-to-Site VPN connection. // @@ -147366,6 +149192,12 @@ func (s *ModifyVpnTunnelOptionsInput) SetDryRun(v bool) *ModifyVpnTunnelOptionsI return s } +// SetSkipTunnelReplacement sets the SkipTunnelReplacement field's value. +func (s *ModifyVpnTunnelOptionsInput) SetSkipTunnelReplacement(v bool) *ModifyVpnTunnelOptionsInput { + s.SkipTunnelReplacement = &v + return s +} + // SetTunnelOptions sets the TunnelOptions field's value. func (s *ModifyVpnTunnelOptionsInput) SetTunnelOptions(v *ModifyVpnTunnelOptionsSpecification) *ModifyVpnTunnelOptionsInput { s.TunnelOptions = v @@ -147417,7 +149249,7 @@ func (s *ModifyVpnTunnelOptionsOutput) SetVpnConnection(v *VpnConnection) *Modif // The Amazon Web Services Site-to-Site VPN tunnel options to modify. type ModifyVpnTunnelOptionsSpecification struct { - _ struct{} `type:"structure"` + _ struct{} `type:"structure" sensitive:"true"` // The action to take after DPD timeout occurs. Specify restart to restart the // IKE initiation. Specify clear to end the IKE session. @@ -147434,6 +149266,9 @@ type ModifyVpnTunnelOptionsSpecification struct { // Default: 30 DPDTimeoutSeconds *int64 `type:"integer"` + // Turn on or off tunnel endpoint lifecycle control feature. + EnableTunnelLifecycleControl *bool `type:"boolean"` + // The IKE versions that are permitted for the VPN tunnel. // // Valid values: ikev1 | ikev2 @@ -147499,7 +149334,11 @@ type ModifyVpnTunnelOptionsSpecification struct { // Constraints: Allowed characters are alphanumeric characters, periods (.), // and underscores (_). Must be between 8 and 64 characters in length and cannot // start with zero (0). - PreSharedKey *string `type:"string"` + // + // PreSharedKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ModifyVpnTunnelOptionsSpecification's + // String and GoString methods. + PreSharedKey *string `type:"string" sensitive:"true"` // The percentage of the rekey window (determined by RekeyMarginTimeSeconds) // during which the rekey time is randomly selected. @@ -147595,6 +149434,12 @@ func (s *ModifyVpnTunnelOptionsSpecification) SetDPDTimeoutSeconds(v int64) *Mod return s } +// SetEnableTunnelLifecycleControl sets the EnableTunnelLifecycleControl field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetEnableTunnelLifecycleControl(v bool) *ModifyVpnTunnelOptionsSpecification { + s.EnableTunnelLifecycleControl = &v + return s +} + // SetIKEVersions sets the IKEVersions field's value. func (s *ModifyVpnTunnelOptionsSpecification) SetIKEVersions(v []*IKEVersionsRequestListValue) *ModifyVpnTunnelOptionsSpecification { s.IKEVersions = v @@ -148034,16 +149879,13 @@ func (s *MoveByoipCidrToIpamOutput) SetByoipCidr(v *ByoipCidr) *MoveByoipCidrToI return s } -// Describes the status of a moving Elastic IP address. +// This action is deprecated. // -// We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic -// to a VPC. For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Describes the status of a moving Elastic IP address. type MovingAddressStatus struct { _ struct{} `type:"structure"` - // The status of the Elastic IP address that's being moved to the EC2-VPC platform, - // or restored to the EC2-Classic platform. + // The status of the Elastic IP address that's being moved or restored. MoveStatus *string `locationName:"moveStatus" type:"string" enum:"MoveStatus"` // The Elastic IP address. @@ -149133,8 +150975,7 @@ type NetworkInsightsAnalysis struct { // codes (https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html). Explanations []*Explanation `locationName:"explanationSet" locationNameList:"item" type:"list"` - // The Amazon Resource Names (ARN) of the Amazon Web Services resources that - // the path must traverse. + // The Amazon Resource Names (ARN) of the resources that the path must traverse. FilterInArns []*string `locationName:"filterInArnSet" locationNameList:"item" type:"list"` // The components in the path from source to destination. @@ -149295,19 +151136,24 @@ type NetworkInsightsPath struct { // The time stamp when the path was created. CreatedDate *time.Time `locationName:"createdDate" type:"timestamp"` - // The Amazon Web Services resource that is the destination of the path. + // The ID of the destination. Destination *string `locationName:"destination" type:"string"` // The Amazon Resource Name (ARN) of the destination. DestinationArn *string `locationName:"destinationArn" min:"1" type:"string"` - // The IP address of the Amazon Web Services resource that is the destination - // of the path. + // The IP address of the destination. DestinationIp *string `locationName:"destinationIp" type:"string"` // The destination port. DestinationPort *int64 `locationName:"destinationPort" type:"integer"` + // Scopes the analysis to network paths that match specific filters at the destination. + FilterAtDestination *PathFilter `locationName:"filterAtDestination" type:"structure"` + + // Scopes the analysis to network paths that match specific filters at the source. + FilterAtSource *PathFilter `locationName:"filterAtSource" type:"structure"` + // The Amazon Resource Name (ARN) of the path. NetworkInsightsPathArn *string `locationName:"networkInsightsPathArn" min:"1" type:"string"` @@ -149317,14 +151163,13 @@ type NetworkInsightsPath struct { // The protocol. Protocol *string `locationName:"protocol" type:"string" enum:"Protocol"` - // The Amazon Web Services resource that is the source of the path. + // The ID of the source. Source *string `locationName:"source" type:"string"` // The Amazon Resource Name (ARN) of the source. SourceArn *string `locationName:"sourceArn" min:"1" type:"string"` - // The IP address of the Amazon Web Services resource that is the source of - // the path. + // The IP address of the source. SourceIp *string `locationName:"sourceIp" type:"string"` // The tags associated with the path. @@ -149379,6 +151224,18 @@ func (s *NetworkInsightsPath) SetDestinationPort(v int64) *NetworkInsightsPath { return s } +// SetFilterAtDestination sets the FilterAtDestination field's value. +func (s *NetworkInsightsPath) SetFilterAtDestination(v *PathFilter) *NetworkInsightsPath { + s.FilterAtDestination = v + return s +} + +// SetFilterAtSource sets the FilterAtSource field's value. +func (s *NetworkInsightsPath) SetFilterAtSource(v *PathFilter) *NetworkInsightsPath { + s.FilterAtSource = v + return s +} + // SetNetworkInsightsPathArn sets the NetworkInsightsPathArn field's value. func (s *NetworkInsightsPath) SetNetworkInsightsPathArn(v string) *NetworkInsightsPath { s.NetworkInsightsPathArn = &v @@ -150256,7 +152113,8 @@ func (s *NewDhcpConfiguration) SetValues(v []*string) *NewDhcpConfiguration { return s } -// Options for OIDC-based, user-identity type trust provider. +// Describes the options for an OpenID Connect-compatible user-identity trust +// provider. type OidcOptions struct { _ struct{} `type:"structure"` @@ -150267,7 +152125,11 @@ type OidcOptions struct { ClientId *string `locationName:"clientId" type:"string"` // The client secret. - ClientSecret *string `locationName:"clientSecret" type:"string"` + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by OidcOptions's + // String and GoString methods. + ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"` // The OIDC issuer. Issuer *string `locationName:"issuer" type:"string"` @@ -150743,6 +152605,12 @@ type PathComponent struct { // The explanation codes. Explanations []*Explanation `locationName:"explanationSet" locationNameList:"item" type:"list"` + // The Network Firewall stateful rule. + FirewallStatefulRule *FirewallStatefulRule `locationName:"firewallStatefulRule" type:"structure"` + + // The Network Firewall stateless rule. + FirewallStatelessRule *FirewallStatelessRule `locationName:"firewallStatelessRule" type:"structure"` + // The inbound header. InboundHeader *AnalysisPacketHeader `locationName:"inboundHeader" type:"structure"` @@ -150758,6 +152626,9 @@ type PathComponent struct { // The sequence number. SequenceNumber *int64 `locationName:"sequenceNumber" type:"integer"` + // The name of the VPC endpoint service. + ServiceName *string `locationName:"serviceName" type:"string"` + // The source VPC. SourceVpc *AnalysisComponent `locationName:"sourceVpc" type:"structure"` @@ -150834,6 +152705,18 @@ func (s *PathComponent) SetExplanations(v []*Explanation) *PathComponent { return s } +// SetFirewallStatefulRule sets the FirewallStatefulRule field's value. +func (s *PathComponent) SetFirewallStatefulRule(v *FirewallStatefulRule) *PathComponent { + s.FirewallStatefulRule = v + return s +} + +// SetFirewallStatelessRule sets the FirewallStatelessRule field's value. +func (s *PathComponent) SetFirewallStatelessRule(v *FirewallStatelessRule) *PathComponent { + s.FirewallStatelessRule = v + return s +} + // SetInboundHeader sets the InboundHeader field's value. func (s *PathComponent) SetInboundHeader(v *AnalysisPacketHeader) *PathComponent { s.InboundHeader = v @@ -150864,6 +152747,12 @@ func (s *PathComponent) SetSequenceNumber(v int64) *PathComponent { return s } +// SetServiceName sets the ServiceName field's value. +func (s *PathComponent) SetServiceName(v string) *PathComponent { + s.ServiceName = &v + return s +} + // SetSourceVpc sets the SourceVpc field's value. func (s *PathComponent) SetSourceVpc(v *AnalysisComponent) *PathComponent { s.SourceVpc = v @@ -150894,6 +152783,126 @@ func (s *PathComponent) SetVpc(v *AnalysisComponent) *PathComponent { return s } +// Describes a set of filters for a path analysis. Use path filters to scope +// the analysis when there can be multiple resulting paths. +type PathFilter struct { + _ struct{} `type:"structure"` + + // The destination IPv4 address. + DestinationAddress *string `locationName:"destinationAddress" type:"string"` + + // The destination port range. + DestinationPortRange *FilterPortRange `locationName:"destinationPortRange" type:"structure"` + + // The source IPv4 address. + SourceAddress *string `locationName:"sourceAddress" type:"string"` + + // The source port range. + SourcePortRange *FilterPortRange `locationName:"sourcePortRange" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PathFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PathFilter) GoString() string { + return s.String() +} + +// SetDestinationAddress sets the DestinationAddress field's value. +func (s *PathFilter) SetDestinationAddress(v string) *PathFilter { + s.DestinationAddress = &v + return s +} + +// SetDestinationPortRange sets the DestinationPortRange field's value. +func (s *PathFilter) SetDestinationPortRange(v *FilterPortRange) *PathFilter { + s.DestinationPortRange = v + return s +} + +// SetSourceAddress sets the SourceAddress field's value. +func (s *PathFilter) SetSourceAddress(v string) *PathFilter { + s.SourceAddress = &v + return s +} + +// SetSourcePortRange sets the SourcePortRange field's value. +func (s *PathFilter) SetSourcePortRange(v *FilterPortRange) *PathFilter { + s.SourcePortRange = v + return s +} + +// Describes a set of filters for a path analysis. Use path filters to scope +// the analysis when there can be multiple resulting paths. +type PathRequestFilter struct { + _ struct{} `type:"structure"` + + // The destination IPv4 address. + DestinationAddress *string `type:"string"` + + // The destination port range. + DestinationPortRange *RequestFilterPortRange `type:"structure"` + + // The source IPv4 address. + SourceAddress *string `type:"string"` + + // The source port range. + SourcePortRange *RequestFilterPortRange `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PathRequestFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PathRequestFilter) GoString() string { + return s.String() +} + +// SetDestinationAddress sets the DestinationAddress field's value. +func (s *PathRequestFilter) SetDestinationAddress(v string) *PathRequestFilter { + s.DestinationAddress = &v + return s +} + +// SetDestinationPortRange sets the DestinationPortRange field's value. +func (s *PathRequestFilter) SetDestinationPortRange(v *RequestFilterPortRange) *PathRequestFilter { + s.DestinationPortRange = v + return s +} + +// SetSourceAddress sets the SourceAddress field's value. +func (s *PathRequestFilter) SetSourceAddress(v string) *PathRequestFilter { + s.SourceAddress = &v + return s +} + +// SetSourcePortRange sets the SourcePortRange field's value. +func (s *PathRequestFilter) SetSourcePortRange(v *RequestFilterPortRange) *PathRequestFilter { + s.SourcePortRange = v + return s +} + // Describes a path statement. type PathStatement struct { _ struct{} `type:"structure"` @@ -151685,8 +153694,8 @@ type Placement struct { // Reserved for future use. SpreadDomain *string `locationName:"spreadDomain" type:"string"` - // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. + // The tenancy of the instance. An instance with a tenancy of dedicated runs + // on single-tenant hardware. // // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). // The host tenancy is not supported for ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) @@ -152689,6 +154698,11 @@ type ProcessorInfo struct { // The architectures supported by the instance type. SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list" enum:"ArchitectureType"` + // Indicates whether the instance type supports AMD SEV-SNP. If the request + // returns amd-sev-snp, AMD SEV-SNP is supported. Otherwise, it is not supported. + // For more information, see AMD SEV-SNP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html). + SupportedFeatures []*string `locationName:"supportedFeatures" locationNameList:"item" type:"list" enum:"SupportedAdditionalProcessorFeature"` + // The speed of the processor, in GHz. SustainedClockSpeedInGhz *float64 `locationName:"sustainedClockSpeedInGhz" type:"double"` } @@ -152717,6 +154731,12 @@ func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo { return s } +// SetSupportedFeatures sets the SupportedFeatures field's value. +func (s *ProcessorInfo) SetSupportedFeatures(v []*string) *ProcessorInfo { + s.SupportedFeatures = v + return s +} + // SetSustainedClockSpeedInGhz sets the SustainedClockSpeedInGhz field's value. func (s *ProcessorInfo) SetSustainedClockSpeedInGhz(v float64) *ProcessorInfo { s.SustainedClockSpeedInGhz = &v @@ -154326,7 +156346,13 @@ type RegisterImageInput struct { // in the Amazon EC2 User Guide. BlockDeviceMappings []*BlockDeviceMapping `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` - // The boot mode of the AMI. For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) + // The boot mode of the AMI. A value of uefi-preferred indicates that the AMI + // supports both UEFI and Legacy BIOS. + // + // The operating system contained in the AMI must be configured to support the + // specified boot mode. + // + // For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) // in the Amazon EC2 User Guide. BootMode *string `type:"string" enum:"BootModeValues"` @@ -154585,7 +156611,9 @@ type RegisterInstanceEventNotificationAttributesInput struct { DryRun *bool `type:"boolean"` // Information about the tag keys to register. - InstanceTagAttribute *RegisterInstanceTagAttributeRequest `type:"structure"` + // + // InstanceTagAttribute is a required field + InstanceTagAttribute *RegisterInstanceTagAttributeRequest `type:"structure" required:"true"` } // String returns the string representation. @@ -154606,6 +156634,19 @@ func (s RegisterInstanceEventNotificationAttributesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *RegisterInstanceEventNotificationAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RegisterInstanceEventNotificationAttributesInput"} + if s.InstanceTagAttribute == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceTagAttribute")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *RegisterInstanceEventNotificationAttributesInput) SetDryRun(v bool) *RegisterInstanceEventNotificationAttributesInput { s.DryRun = &v @@ -155385,7 +157426,7 @@ func (s *RejectVpcPeeringConnectionOutput) SetReturn(v bool) *RejectVpcPeeringCo type ReleaseAddressInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The allocation ID. Required for EC2-VPC. + // The allocation ID. This parameter is required. AllocationId *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -155404,7 +157445,7 @@ type ReleaseAddressInput struct { // operation on EC2 classic, you receive an InvalidParameterCombination error. NetworkBorderGroup *string `type:"string"` - // [EC2-Classic] The Elastic IP address. Required for EC2-Classic. + // Deprecated. PublicIp *string `type:"string"` } @@ -156713,6 +158754,118 @@ func (s *ReplaceTransitGatewayRouteOutput) SetRoute(v *TransitGatewayRoute) *Rep return s } +type ReplaceVpnTunnelInput struct { + _ struct{} `type:"structure"` + + // Trigger pending tunnel endpoint maintenance. + ApplyPendingMaintenance *bool `type:"boolean"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Site-to-Site VPN connection. + // + // VpnConnectionId is a required field + VpnConnectionId *string `type:"string" required:"true"` + + // The external IP address of the VPN tunnel. + // + // VpnTunnelOutsideIpAddress is a required field + VpnTunnelOutsideIpAddress *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplaceVpnTunnelInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplaceVpnTunnelInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReplaceVpnTunnelInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReplaceVpnTunnelInput"} + if s.VpnConnectionId == nil { + invalidParams.Add(request.NewErrParamRequired("VpnConnectionId")) + } + if s.VpnTunnelOutsideIpAddress == nil { + invalidParams.Add(request.NewErrParamRequired("VpnTunnelOutsideIpAddress")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplyPendingMaintenance sets the ApplyPendingMaintenance field's value. +func (s *ReplaceVpnTunnelInput) SetApplyPendingMaintenance(v bool) *ReplaceVpnTunnelInput { + s.ApplyPendingMaintenance = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ReplaceVpnTunnelInput) SetDryRun(v bool) *ReplaceVpnTunnelInput { + s.DryRun = &v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *ReplaceVpnTunnelInput) SetVpnConnectionId(v string) *ReplaceVpnTunnelInput { + s.VpnConnectionId = &v + return s +} + +// SetVpnTunnelOutsideIpAddress sets the VpnTunnelOutsideIpAddress field's value. +func (s *ReplaceVpnTunnelInput) SetVpnTunnelOutsideIpAddress(v string) *ReplaceVpnTunnelInput { + s.VpnTunnelOutsideIpAddress = &v + return s +} + +type ReplaceVpnTunnelOutput struct { + _ struct{} `type:"structure"` + + // Confirmation of replace tunnel operation. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplaceVpnTunnelOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplaceVpnTunnelOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *ReplaceVpnTunnelOutput) SetReturn(v bool) *ReplaceVpnTunnelOutput { + s.Return = &v + return s +} + type ReportInstanceStatusInput struct { _ struct{} `type:"structure"` @@ -156869,6 +159022,47 @@ func (s ReportInstanceStatusOutput) GoString() string { return s.String() } +// Describes a port range. +type RequestFilterPortRange struct { + _ struct{} `type:"structure"` + + // The first port in the range. + FromPort *int64 `type:"integer"` + + // The last port in the range. + ToPort *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RequestFilterPortRange) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RequestFilterPortRange) GoString() string { + return s.String() +} + +// SetFromPort sets the FromPort field's value. +func (s *RequestFilterPortRange) SetFromPort(v int64) *RequestFilterPortRange { + s.FromPort = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *RequestFilterPortRange) SetToPort(v int64) *RequestFilterPortRange { + s.ToPort = &v + return s +} + // A tag on an IPAM resource. type RequestIpamResourceTag struct { _ struct{} `type:"structure"` @@ -156915,7 +159109,7 @@ func (s *RequestIpamResourceTag) SetValue(v string) *RequestIpamResourceTag { // // You must specify at least one parameter for the launch template data. type RequestLaunchTemplateData struct { - _ struct{} `type:"structure" sensitive:"true"` + _ struct{} `type:"structure"` // The block device mapping. BlockDeviceMappings []*LaunchTemplateBlockDeviceMappingRequest `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` @@ -156989,8 +159183,14 @@ type RequestLaunchTemplateData struct { // // * resolve:ssm:parameter-name:label // - // For more information, see Use a Systems Manager parameter to find an AMI - // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI) + // * resolve:ssm:public-parameter + // + // Currently, EC2 Fleet and Spot Fleet do not support specifying a Systems Manager + // parameter. If the launch template will be used by an EC2 Fleet or Spot Fleet, + // you must specify the AMI ID. + // + // For more information, see Use a Systems Manager parameter instead of an AMI + // ID (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id) // in the Amazon Elastic Compute Cloud User Guide. ImageId *string `type:"string"` @@ -157102,7 +159302,11 @@ type RequestLaunchTemplateData struct { // must be provided in the MIME multi-part archive format (https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive). // For more information, see Amazon EC2 user data in launch templates (https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html) // in the Batch User Guide. - UserData *string `type:"string"` + // + // UserData is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RequestLaunchTemplateData's + // String and GoString methods. + UserData *string `type:"string" sensitive:"true"` } // String returns the string representation. @@ -157660,7 +159864,7 @@ func (s *RequestSpotInstancesInput) SetValidUntil(v time.Time) *RequestSpotInsta type RequestSpotInstancesOutput struct { _ struct{} `type:"structure"` - // One or more Spot Instance requests. + // The Spot Instance requests. SpotInstanceRequests []*SpotInstanceRequest `locationName:"spotInstanceRequestSet" locationNameList:"item" type:"list"` } @@ -157695,8 +159899,8 @@ type RequestSpotLaunchSpecification struct { // Deprecated. AddressingType *string `locationName:"addressingType" type:"string"` - // One or more block device mapping entries. You can't specify both a snapshot - // ID and an encryption value. This is because only blank volumes can be encrypted + // The block device mapping entries. You can't specify both a snapshot ID and + // an encryption value. This is because only blank volumes can be encrypted // on creation. If a snapshot is the basis for a volume, it is not blank and // its encryption status is used for the volume encryption status. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` @@ -157730,8 +159934,8 @@ type RequestSpotLaunchSpecification struct { // Default: Disabled Monitoring *RunInstancesMonitoringEnabled `locationName:"monitoring" type:"structure"` - // One or more network interfaces. If you specify a network interface, you must - // specify subnet IDs and security group IDs using the network interface. + // The network interfaces. If you specify a network interface, you must specify + // subnet IDs and security group IDs using the network interface. NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"NetworkInterface" locationNameList:"item" type:"list"` // The placement information for the instance. @@ -157740,19 +159944,17 @@ type RequestSpotLaunchSpecification struct { // The ID of the RAM disk. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security group IDs. + // The IDs of the security groups. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // Not supported. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"item" type:"list"` // The ID of the subnet in which to launch the instance. SubnetId *string `locationName:"subnetId" type:"string"` - // The Base64-encoded user data for the instance. User data is limited to 16 - // KB. + // The base64-encoded user data that instances use when starting up. User data + // is limited to 16 KB. // // UserData is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by RequestSpotLaunchSpecification's @@ -157895,7 +160097,7 @@ func (s *RequestSpotLaunchSpecification) SetUserData(v string) *RequestSpotLaunc type Reservation struct { _ struct{} `type:"structure"` - // [EC2-Classic only] The security groups. + // Not supported. Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The instances. @@ -158415,8 +160617,7 @@ type ReservedInstancesConfiguration struct { // The instance type for the modified Reserved Instances. InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` - // The network platform of the modified Reserved Instances, which is either - // EC2-Classic or EC2-VPC. + // The network platform of the modified Reserved Instances. Platform *string `locationName:"platform" type:"string"` // Whether the Reserved Instance is applied to instances in a Region or instances @@ -161522,6 +163723,129 @@ func (s *RouteTableAssociationState) SetStatusMessage(v string) *RouteTableAssoc return s } +// Describes the rule options for a stateful rule group. +type RuleGroupRuleOptionsPair struct { + _ struct{} `type:"structure"` + + // The ARN of the rule group. + RuleGroupArn *string `locationName:"ruleGroupArn" min:"1" type:"string"` + + // The rule options. + RuleOptions []*RuleOption `locationName:"ruleOptionSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleGroupRuleOptionsPair) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleGroupRuleOptionsPair) GoString() string { + return s.String() +} + +// SetRuleGroupArn sets the RuleGroupArn field's value. +func (s *RuleGroupRuleOptionsPair) SetRuleGroupArn(v string) *RuleGroupRuleOptionsPair { + s.RuleGroupArn = &v + return s +} + +// SetRuleOptions sets the RuleOptions field's value. +func (s *RuleGroupRuleOptionsPair) SetRuleOptions(v []*RuleOption) *RuleGroupRuleOptionsPair { + s.RuleOptions = v + return s +} + +// Describes the type of a stateful rule group. +type RuleGroupTypePair struct { + _ struct{} `type:"structure"` + + // The ARN of the rule group. + RuleGroupArn *string `locationName:"ruleGroupArn" min:"1" type:"string"` + + // The rule group type. The possible values are Domain List and Suricata. + RuleGroupType *string `locationName:"ruleGroupType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleGroupTypePair) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleGroupTypePair) GoString() string { + return s.String() +} + +// SetRuleGroupArn sets the RuleGroupArn field's value. +func (s *RuleGroupTypePair) SetRuleGroupArn(v string) *RuleGroupTypePair { + s.RuleGroupArn = &v + return s +} + +// SetRuleGroupType sets the RuleGroupType field's value. +func (s *RuleGroupTypePair) SetRuleGroupType(v string) *RuleGroupTypePair { + s.RuleGroupType = &v + return s +} + +// Describes additional settings for a stateful rule. +type RuleOption struct { + _ struct{} `type:"structure"` + + // The Suricata keyword. + Keyword *string `locationName:"keyword" type:"string"` + + // The settings for the keyword. + Settings []*string `locationName:"settingSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleOption) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RuleOption) GoString() string { + return s.String() +} + +// SetKeyword sets the Keyword field's value. +func (s *RuleOption) SetKeyword(v string) *RuleOption { + s.Keyword = &v + return s +} + +// SetSettings sets the Settings field's value. +func (s *RuleOption) SetSettings(v []*string) *RuleOption { + s.Settings = v + return s +} + type RunInstancesInput struct { _ struct{} `type:"structure"` @@ -161604,6 +163928,14 @@ type RunInstancesInput struct { // to accelerate your Deep Learning (DL) inference workloads. // // You cannot specify accelerators from different generations in the same request. + // + // Starting April 15, 2023, Amazon Web Services will not onboard new customers + // to Amazon Elastic Inference (EI), and will help current customers migrate + // their workloads to options that offer better price and performance. After + // April 15, 2023, new customers will not be able to launch instances with Amazon + // EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, + // customers who have used Amazon EI at least once during the past 30-day period + // are considered current customers and will be able to continue using the service. ElasticInferenceAccelerators []*ElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. @@ -161644,12 +163976,18 @@ type RunInstancesInput struct { // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) // in the Amazon EC2 User Guide. // + // When you change your EBS-backed instance type, instance restart or replacement + // behavior depends on the instance type compatibility between the old and new + // types. An instance that's backed by an instance store volume is always replaced. + // For more information, see Change the instance type (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html) + // in the Amazon EC2 User Guide. + // // Default: m1.small InstanceType *string `type:"string" enum:"InstanceType"` - // [EC2-VPC] The number of IPv6 addresses to associate with the primary network - // interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. - // You cannot specify this option and the option to assign specific IPv6 addresses + // The number of IPv6 addresses to associate with the primary network interface. + // Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You + // cannot specify this option and the option to assign specific IPv6 addresses // in the same request. You can specify this option if you've specified a minimum // number of instances to launch. // @@ -161657,10 +163995,10 @@ type RunInstancesInput struct { // request. Ipv6AddressCount *int64 `type:"integer"` - // [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with - // the primary network interface. You cannot specify this option and the option - // to assign a number of IPv6 addresses in the same request. You cannot specify - // this option if you've specified a minimum number of instances to launch. + // The IPv6 addresses from the range of the subnet to associate with the primary + // network interface. You cannot specify this option and the option to assign + // a number of IPv6 addresses in the same request. You cannot specify this option + // if you've specified a minimum number of instances to launch. // // You cannot specify this option and the network interfaces option in the same // request. @@ -161734,8 +164072,8 @@ type RunInstancesInput struct { // the subnet. PrivateDnsNameOptions *PrivateDnsNameOptionsRequest `type:"structure"` - // [EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 - // address range of the subnet. + // The primary IPv4 address. You must specify a value from the IPv4 address + // range of the subnet. // // Only one private IP address can be designated as primary. You can't specify // this option if you've specified the option to designate a private IP address @@ -161763,7 +164101,7 @@ type RunInstancesInput struct { // as part of the network interface. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` - // [EC2-Classic, default VPC] The names of the security groups. + // [Default VPC] The names of the security groups. // // If you specify a network interface, you must specify any security groups // as part of the network interface. @@ -161771,7 +164109,7 @@ type RunInstancesInput struct { // Default: Amazon EC2 uses the default security group. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"SecurityGroup" type:"list"` - // [EC2-VPC] The ID of the subnet to launch the instance into. + // The ID of the subnet to launch the instance into. // // If you specify a network interface, you must specify any subnets as part // of the network interface. @@ -162439,7 +164777,7 @@ type ScheduledInstance struct { // The instance type. InstanceType *string `locationName:"instanceType" type:"string"` - // The network platform (EC2-Classic or EC2-VPC). + // The network platform. NetworkPlatform *string `locationName:"networkPlatform" type:"string"` // The time for the next schedule to start. @@ -162604,7 +164942,7 @@ type ScheduledInstanceAvailability struct { // The minimum term. The only possible value is 365 days. MinTermDurationInDays *int64 `locationName:"minTermDurationInDays" type:"integer"` - // The network platform (EC2-Classic or EC2-VPC). + // The network platform. NetworkPlatform *string `locationName:"networkPlatform" type:"string"` // The platform (Linux/UNIX or Windows). @@ -165298,7 +167636,11 @@ type SnapshotDetail struct { StatusMessage *string `locationName:"statusMessage" type:"string"` // The URL used to access the disk image. - Url *string `locationName:"url" type:"string"` + // + // Url is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SnapshotDetail's + // String and GoString methods. + Url *string `locationName:"url" type:"string" sensitive:"true"` // The Amazon S3 bucket for the disk image. UserBucket *UserBucketDetails `locationName:"userBucket" type:"structure"` @@ -165396,7 +167738,11 @@ type SnapshotDiskContainer struct { // The URL to the Amazon S3-based disk image being imported. It can either be // a https URL (https://..) or an Amazon S3 URL (s3://..). - Url *string `type:"string"` + // + // Url is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SnapshotDiskContainer's + // String and GoString methods. + Url *string `type:"string" sensitive:"true"` // The Amazon S3 bucket for the disk image. UserBucket *UserBucket `type:"structure"` @@ -165671,7 +168017,11 @@ type SnapshotTaskDetail struct { StatusMessage *string `locationName:"statusMessage" type:"string"` // The URL of the disk image from which the snapshot is created. - Url *string `locationName:"url" type:"string"` + // + // Url is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SnapshotTaskDetail's + // String and GoString methods. + Url *string `locationName:"url" type:"string" sensitive:"true"` // The Amazon S3 bucket for the disk image. UserBucket *UserBucketDetails `locationName:"userBucket" type:"structure"` @@ -166093,9 +168443,7 @@ type SpotFleetLaunchSpecification struct { // Resource Center and search for the kernel ID. RamdiskId *string `locationName:"ramdiskId" type:"string"` - // One or more security groups. When requesting instances in a VPC, you must - // specify the IDs of the security groups. When requesting instances in EC2-Classic, - // you can specify the names or the IDs of the security groups. + // The security groups. SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // The maximum price per unit hour that you are willing to pay for a Spot Instance. @@ -166115,7 +168463,8 @@ type SpotFleetLaunchSpecification struct { // The tags to apply during creation. TagSpecifications []*SpotFleetTagSpecification `locationName:"tagSpecificationSet" locationNameList:"item" type:"list"` - // The Base64-encoded user data that instances use when starting up. + // The base64-encoded user data that instances use when starting up. User data + // is limited to 16 KB. // // UserData is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SpotFleetLaunchSpecification's @@ -173904,6 +176253,9 @@ type TunnelOption struct { // The number of seconds after which a DPD timeout occurs. DpdTimeoutSeconds *int64 `locationName:"dpdTimeoutSeconds" type:"integer"` + // Status of tunnel endpoint lifecycle control feature. + EnableTunnelLifecycleControl *bool `locationName:"enableTunnelLifecycleControl" type:"boolean"` + // The IKE versions that are permitted for the VPN tunnel. IkeVersions []*IKEVersionsListValue `locationName:"ikeVersionSet" locationNameList:"item" type:"list"` @@ -173941,7 +176293,11 @@ type TunnelOption struct { // The pre-shared key (PSK) to establish initial authentication between the // virtual private gateway and the customer gateway. - PreSharedKey *string `locationName:"preSharedKey" type:"string"` + // + // PreSharedKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by TunnelOption's + // String and GoString methods. + PreSharedKey *string `locationName:"preSharedKey" type:"string" sensitive:"true"` // The percentage of the rekey window determined by RekeyMarginTimeSeconds during // which the rekey time is randomly selected. @@ -173995,6 +176351,12 @@ func (s *TunnelOption) SetDpdTimeoutSeconds(v int64) *TunnelOption { return s } +// SetEnableTunnelLifecycleControl sets the EnableTunnelLifecycleControl field's value. +func (s *TunnelOption) SetEnableTunnelLifecycleControl(v bool) *TunnelOption { + s.EnableTunnelLifecycleControl = &v + return s +} + // SetIkeVersions sets the IkeVersions field's value. func (s *TunnelOption) SetIkeVersions(v []*IKEVersionsListValue) *TunnelOption { s.IkeVersions = v @@ -176189,16 +178551,24 @@ func (s *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) SetEnabled(v bo return s } -// Describes the destinations for Verified Access logs. +// Options for Verified Access logs. type VerifiedAccessLogOptions struct { _ struct{} `type:"structure"` // Sends Verified Access logs to CloudWatch Logs. CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestinationOptions `type:"structure"` + // Include trust data sent by trust providers into the logs. + IncludeTrustContext *bool `type:"boolean"` + // Sends Verified Access logs to Kinesis. KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestinationOptions `type:"structure"` + // The logging version to use. + // + // Valid values: ocsf-0.1 | ocsf-1.0.0-rc.2 + LogVersion *string `type:"string"` + // Sends Verified Access logs to Amazon S3. S3 *VerifiedAccessLogS3DestinationOptions `type:"structure"` } @@ -176252,12 +178622,24 @@ func (s *VerifiedAccessLogOptions) SetCloudWatchLogs(v *VerifiedAccessLogCloudWa return s } +// SetIncludeTrustContext sets the IncludeTrustContext field's value. +func (s *VerifiedAccessLogOptions) SetIncludeTrustContext(v bool) *VerifiedAccessLogOptions { + s.IncludeTrustContext = &v + return s +} + // SetKinesisDataFirehose sets the KinesisDataFirehose field's value. func (s *VerifiedAccessLogOptions) SetKinesisDataFirehose(v *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) *VerifiedAccessLogOptions { s.KinesisDataFirehose = v return s } +// SetLogVersion sets the LogVersion field's value. +func (s *VerifiedAccessLogOptions) SetLogVersion(v string) *VerifiedAccessLogOptions { + s.LogVersion = &v + return s +} + // SetS3 sets the S3 field's value. func (s *VerifiedAccessLogOptions) SetS3(v *VerifiedAccessLogS3DestinationOptions) *VerifiedAccessLogOptions { s.S3 = v @@ -176406,16 +178788,22 @@ func (s *VerifiedAccessLogS3DestinationOptions) SetPrefix(v string) *VerifiedAcc return s } -// Describes the destinations for Verified Access logs. +// Describes the options for Verified Access logs. type VerifiedAccessLogs struct { _ struct{} `type:"structure"` // CloudWatch Logs logging destination. CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestination `locationName:"cloudWatchLogs" type:"structure"` + // Describes current setting for including trust data into the logs. + IncludeTrustContext *bool `locationName:"includeTrustContext" type:"boolean"` + // Kinesis logging destination. KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestination `locationName:"kinesisDataFirehose" type:"structure"` + // Describes current setting for the logging version. + LogVersion *string `locationName:"logVersion" type:"string"` + // Amazon S3 logging options. S3 *VerifiedAccessLogS3Destination `locationName:"s3" type:"structure"` } @@ -176444,12 +178832,24 @@ func (s *VerifiedAccessLogs) SetCloudWatchLogs(v *VerifiedAccessLogCloudWatchLog return s } +// SetIncludeTrustContext sets the IncludeTrustContext field's value. +func (s *VerifiedAccessLogs) SetIncludeTrustContext(v bool) *VerifiedAccessLogs { + s.IncludeTrustContext = &v + return s +} + // SetKinesisDataFirehose sets the KinesisDataFirehose field's value. func (s *VerifiedAccessLogs) SetKinesisDataFirehose(v *VerifiedAccessLogKinesisDataFirehoseDestination) *VerifiedAccessLogs { s.KinesisDataFirehose = v return s } +// SetLogVersion sets the LogVersion field's value. +func (s *VerifiedAccessLogs) SetLogVersion(v string) *VerifiedAccessLogs { + s.LogVersion = &v + return s +} + // SetS3 sets the S3 field's value. func (s *VerifiedAccessLogs) SetS3(v *VerifiedAccessLogS3Destination) *VerifiedAccessLogs { s.S3 = v @@ -176466,7 +178866,7 @@ type VerifiedAccessTrustProvider struct { // A description for the Amazon Web Services Verified Access trust provider. Description *string `locationName:"description" type:"string"` - // The options for device-identity type trust provider. + // The options for device-identity trust provider. DeviceOptions *DeviceOptions `locationName:"deviceOptions" type:"structure"` // The type of device-based trust provider. @@ -176475,7 +178875,7 @@ type VerifiedAccessTrustProvider struct { // The last updated time. LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` - // The OpenID Connect details for an oidc-type, user-identity based trust provider. + // The options for an OpenID Connect-compatible user-identity trust provider. OidcOptions *OidcOptions `locationName:"oidcOptions" type:"structure"` // The identifier to be used when working with policy rules. @@ -178504,7 +180904,11 @@ type VpnConnection struct { // the native XML format). This element is always present in the CreateVpnConnection // response; however, it's present in the DescribeVpnConnections response only // if the VPN connection is in the pending or available state. - CustomerGatewayConfiguration *string `locationName:"customerGatewayConfiguration" type:"string"` + // + // CustomerGatewayConfiguration is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by VpnConnection's + // String and GoString methods. + CustomerGatewayConfiguration *string `locationName:"customerGatewayConfiguration" type:"string" sensitive:"true"` // The ID of the customer gateway at your end of the VPN connection. CustomerGatewayId *string `locationName:"customerGatewayId" type:"string"` @@ -179186,6 +181590,9 @@ type VpnTunnelOptionsSpecification struct { // Default: 30 DPDTimeoutSeconds *int64 `type:"integer"` + // Turn on or off tunnel endpoint lifecycle control feature. + EnableTunnelLifecycleControl *bool `type:"boolean"` + // The IKE versions that are permitted for the VPN tunnel. // // Valid values: ikev1 | ikev2 @@ -179251,7 +181658,11 @@ type VpnTunnelOptionsSpecification struct { // Constraints: Allowed characters are alphanumeric characters, periods (.), // and underscores (_). Must be between 8 and 64 characters in length and cannot // start with zero (0). - PreSharedKey *string `type:"string"` + // + // PreSharedKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by VpnTunnelOptionsSpecification's + // String and GoString methods. + PreSharedKey *string `type:"string" sensitive:"true"` // The percentage of the rekey window (determined by RekeyMarginTimeSeconds) // during which the rekey time is randomly selected. @@ -179347,6 +181758,12 @@ func (s *VpnTunnelOptionsSpecification) SetDPDTimeoutSeconds(v int64) *VpnTunnel return s } +// SetEnableTunnelLifecycleControl sets the EnableTunnelLifecycleControl field's value. +func (s *VpnTunnelOptionsSpecification) SetEnableTunnelLifecycleControl(v bool) *VpnTunnelOptionsSpecification { + s.EnableTunnelLifecycleControl = &v + return s +} + // SetIKEVersions sets the IKEVersions field's value. func (s *VpnTunnelOptionsSpecification) SetIKEVersions(v []*IKEVersionsRequestListValue) *VpnTunnelOptionsSpecification { s.IKEVersions = v @@ -179818,6 +182235,22 @@ func AllowsMultipleInstanceTypes_Values() []string { } } +const ( + // AmdSevSnpSpecificationEnabled is a AmdSevSnpSpecification enum value + AmdSevSnpSpecificationEnabled = "enabled" + + // AmdSevSnpSpecificationDisabled is a AmdSevSnpSpecification enum value + AmdSevSnpSpecificationDisabled = "disabled" +) + +// AmdSevSnpSpecification_Values returns all elements of the AmdSevSnpSpecification enum +func AmdSevSnpSpecification_Values() []string { + return []string{ + AmdSevSnpSpecificationEnabled, + AmdSevSnpSpecificationDisabled, + } +} + const ( // AnalysisStatusRunning is a AnalysisStatus enum value AnalysisStatusRunning = "running" @@ -180160,6 +182593,9 @@ const ( // BootModeValuesUefi is a BootModeValues enum value BootModeValuesUefi = "uefi" + + // BootModeValuesUefiPreferred is a BootModeValues enum value + BootModeValuesUefiPreferred = "uefi-preferred" ) // BootModeValues_Values returns all elements of the BootModeValues enum @@ -180167,6 +182603,7 @@ func BootModeValues_Values() []string { return []string{ BootModeValuesLegacyBios, BootModeValuesUefi, + BootModeValuesUefiPreferred, } } @@ -181134,6 +183571,38 @@ func EbsOptimizedSupport_Values() []string { } } +const ( + // Ec2InstanceConnectEndpointStateCreateInProgress is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateCreateInProgress = "create-in-progress" + + // Ec2InstanceConnectEndpointStateCreateComplete is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateCreateComplete = "create-complete" + + // Ec2InstanceConnectEndpointStateCreateFailed is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateCreateFailed = "create-failed" + + // Ec2InstanceConnectEndpointStateDeleteInProgress is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateDeleteInProgress = "delete-in-progress" + + // Ec2InstanceConnectEndpointStateDeleteComplete is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateDeleteComplete = "delete-complete" + + // Ec2InstanceConnectEndpointStateDeleteFailed is a Ec2InstanceConnectEndpointState enum value + Ec2InstanceConnectEndpointStateDeleteFailed = "delete-failed" +) + +// Ec2InstanceConnectEndpointState_Values returns all elements of the Ec2InstanceConnectEndpointState enum +func Ec2InstanceConnectEndpointState_Values() []string { + return []string{ + Ec2InstanceConnectEndpointStateCreateInProgress, + Ec2InstanceConnectEndpointStateCreateComplete, + Ec2InstanceConnectEndpointStateCreateFailed, + Ec2InstanceConnectEndpointStateDeleteInProgress, + Ec2InstanceConnectEndpointStateDeleteComplete, + Ec2InstanceConnectEndpointStateDeleteFailed, + } +} + const ( // ElasticGpuStateAttached is a ElasticGpuState enum value ElasticGpuStateAttached = "ATTACHED" @@ -181718,6 +184187,22 @@ func GatewayType_Values() []string { } } +const ( + // HostMaintenanceOn is a HostMaintenance enum value + HostMaintenanceOn = "on" + + // HostMaintenanceOff is a HostMaintenance enum value + HostMaintenanceOff = "off" +) + +// HostMaintenance_Values returns all elements of the HostMaintenance enum +func HostMaintenance_Values() []string { + return []string{ + HostMaintenanceOn, + HostMaintenanceOff, + } +} + const ( // HostRecoveryOn is a HostRecovery enum value HostRecoveryOn = "on" @@ -182050,6 +184535,22 @@ func InstanceAutoRecoveryState_Values() []string { } } +const ( + // InstanceBootModeValuesLegacyBios is a InstanceBootModeValues enum value + InstanceBootModeValuesLegacyBios = "legacy-bios" + + // InstanceBootModeValuesUefi is a InstanceBootModeValues enum value + InstanceBootModeValuesUefi = "uefi" +) + +// InstanceBootModeValues_Values returns all elements of the InstanceBootModeValues enum +func InstanceBootModeValues_Values() []string { + return []string{ + InstanceBootModeValuesLegacyBios, + InstanceBootModeValuesUefi, + } +} + const ( // InstanceEventWindowStateCreating is a InstanceEventWindowState enum value InstanceEventWindowStateCreating = "creating" @@ -184143,6 +186644,111 @@ const ( // InstanceTypeR6idn32xlarge is a InstanceType enum value InstanceTypeR6idn32xlarge = "r6idn.32xlarge" + + // InstanceTypeC7gMetal is a InstanceType enum value + InstanceTypeC7gMetal = "c7g.metal" + + // InstanceTypeM7gMedium is a InstanceType enum value + InstanceTypeM7gMedium = "m7g.medium" + + // InstanceTypeM7gLarge is a InstanceType enum value + InstanceTypeM7gLarge = "m7g.large" + + // InstanceTypeM7gXlarge is a InstanceType enum value + InstanceTypeM7gXlarge = "m7g.xlarge" + + // InstanceTypeM7g2xlarge is a InstanceType enum value + InstanceTypeM7g2xlarge = "m7g.2xlarge" + + // InstanceTypeM7g4xlarge is a InstanceType enum value + InstanceTypeM7g4xlarge = "m7g.4xlarge" + + // InstanceTypeM7g8xlarge is a InstanceType enum value + InstanceTypeM7g8xlarge = "m7g.8xlarge" + + // InstanceTypeM7g12xlarge is a InstanceType enum value + InstanceTypeM7g12xlarge = "m7g.12xlarge" + + // InstanceTypeM7g16xlarge is a InstanceType enum value + InstanceTypeM7g16xlarge = "m7g.16xlarge" + + // InstanceTypeM7gMetal is a InstanceType enum value + InstanceTypeM7gMetal = "m7g.metal" + + // InstanceTypeR7gMedium is a InstanceType enum value + InstanceTypeR7gMedium = "r7g.medium" + + // InstanceTypeR7gLarge is a InstanceType enum value + InstanceTypeR7gLarge = "r7g.large" + + // InstanceTypeR7gXlarge is a InstanceType enum value + InstanceTypeR7gXlarge = "r7g.xlarge" + + // InstanceTypeR7g2xlarge is a InstanceType enum value + InstanceTypeR7g2xlarge = "r7g.2xlarge" + + // InstanceTypeR7g4xlarge is a InstanceType enum value + InstanceTypeR7g4xlarge = "r7g.4xlarge" + + // InstanceTypeR7g8xlarge is a InstanceType enum value + InstanceTypeR7g8xlarge = "r7g.8xlarge" + + // InstanceTypeR7g12xlarge is a InstanceType enum value + InstanceTypeR7g12xlarge = "r7g.12xlarge" + + // InstanceTypeR7g16xlarge is a InstanceType enum value + InstanceTypeR7g16xlarge = "r7g.16xlarge" + + // InstanceTypeR7gMetal is a InstanceType enum value + InstanceTypeR7gMetal = "r7g.metal" + + // InstanceTypeC6inMetal is a InstanceType enum value + InstanceTypeC6inMetal = "c6in.metal" + + // InstanceTypeM6inMetal is a InstanceType enum value + InstanceTypeM6inMetal = "m6in.metal" + + // InstanceTypeM6idnMetal is a InstanceType enum value + InstanceTypeM6idnMetal = "m6idn.metal" + + // InstanceTypeR6inMetal is a InstanceType enum value + InstanceTypeR6inMetal = "r6in.metal" + + // InstanceTypeR6idnMetal is a InstanceType enum value + InstanceTypeR6idnMetal = "r6idn.metal" + + // InstanceTypeInf2Xlarge is a InstanceType enum value + InstanceTypeInf2Xlarge = "inf2.xlarge" + + // InstanceTypeInf28xlarge is a InstanceType enum value + InstanceTypeInf28xlarge = "inf2.8xlarge" + + // InstanceTypeInf224xlarge is a InstanceType enum value + InstanceTypeInf224xlarge = "inf2.24xlarge" + + // InstanceTypeInf248xlarge is a InstanceType enum value + InstanceTypeInf248xlarge = "inf2.48xlarge" + + // InstanceTypeTrn1n32xlarge is a InstanceType enum value + InstanceTypeTrn1n32xlarge = "trn1n.32xlarge" + + // InstanceTypeI4gLarge is a InstanceType enum value + InstanceTypeI4gLarge = "i4g.large" + + // InstanceTypeI4gXlarge is a InstanceType enum value + InstanceTypeI4gXlarge = "i4g.xlarge" + + // InstanceTypeI4g2xlarge is a InstanceType enum value + InstanceTypeI4g2xlarge = "i4g.2xlarge" + + // InstanceTypeI4g4xlarge is a InstanceType enum value + InstanceTypeI4g4xlarge = "i4g.4xlarge" + + // InstanceTypeI4g8xlarge is a InstanceType enum value + InstanceTypeI4g8xlarge = "i4g.8xlarge" + + // InstanceTypeI4g16xlarge is a InstanceType enum value + InstanceTypeI4g16xlarge = "i4g.16xlarge" ) // InstanceType_Values returns all elements of the InstanceType enum @@ -184767,6 +187373,41 @@ func InstanceType_Values() []string { InstanceTypeR6idn16xlarge, InstanceTypeR6idn24xlarge, InstanceTypeR6idn32xlarge, + InstanceTypeC7gMetal, + InstanceTypeM7gMedium, + InstanceTypeM7gLarge, + InstanceTypeM7gXlarge, + InstanceTypeM7g2xlarge, + InstanceTypeM7g4xlarge, + InstanceTypeM7g8xlarge, + InstanceTypeM7g12xlarge, + InstanceTypeM7g16xlarge, + InstanceTypeM7gMetal, + InstanceTypeR7gMedium, + InstanceTypeR7gLarge, + InstanceTypeR7gXlarge, + InstanceTypeR7g2xlarge, + InstanceTypeR7g4xlarge, + InstanceTypeR7g8xlarge, + InstanceTypeR7g12xlarge, + InstanceTypeR7g16xlarge, + InstanceTypeR7gMetal, + InstanceTypeC6inMetal, + InstanceTypeM6inMetal, + InstanceTypeM6idnMetal, + InstanceTypeR6inMetal, + InstanceTypeR6idnMetal, + InstanceTypeInf2Xlarge, + InstanceTypeInf28xlarge, + InstanceTypeInf224xlarge, + InstanceTypeInf248xlarge, + InstanceTypeTrn1n32xlarge, + InstanceTypeI4gLarge, + InstanceTypeI4gXlarge, + InstanceTypeI4g2xlarge, + InstanceTypeI4g4xlarge, + InstanceTypeI4g8xlarge, + InstanceTypeI4g16xlarge, } } @@ -186957,6 +189598,9 @@ const ( // ResourceTypeIpamResourceDiscoveryAssociation is a ResourceType enum value ResourceTypeIpamResourceDiscoveryAssociation = "ipam-resource-discovery-association" + + // ResourceTypeInstanceConnectEndpoint is a ResourceType enum value + ResourceTypeInstanceConnectEndpoint = "instance-connect-endpoint" ) // ResourceType_Values returns all elements of the ResourceType enum @@ -187047,6 +189691,7 @@ func ResourceType_Values() []string { ResourceTypeVpcBlockPublicAccessExclusion, ResourceTypeIpamResourceDiscovery, ResourceTypeIpamResourceDiscoveryAssociation, + ResourceTypeInstanceConnectEndpoint, } } @@ -187642,6 +190287,18 @@ func SummaryStatus_Values() []string { } } +const ( + // SupportedAdditionalProcessorFeatureAmdSevSnp is a SupportedAdditionalProcessorFeature enum value + SupportedAdditionalProcessorFeatureAmdSevSnp = "amd-sev-snp" +) + +// SupportedAdditionalProcessorFeature_Values returns all elements of the SupportedAdditionalProcessorFeature enum +func SupportedAdditionalProcessorFeature_Values() []string { + return []string{ + SupportedAdditionalProcessorFeatureAmdSevSnp, + } +} + const ( // TargetCapacityUnitTypeVcpu is a TargetCapacityUnitType enum value TargetCapacityUnitTypeVcpu = "vcpu" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go index 5b53953..621712d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go @@ -11,6 +11,9 @@ import ( ) const ( + // ec2CopySnapshotPresignedUrlCustomization handler name + ec2CopySnapshotPresignedUrlCustomization = "ec2CopySnapshotPresignedUrl" + // customRetryerMinRetryDelay sets min retry delay customRetryerMinRetryDelay = 1 * time.Second @@ -21,7 +24,10 @@ const ( func init() { initRequest = func(r *request.Request) { if r.Operation.Name == opCopySnapshot { // fill the PresignedURL parameter - r.Handlers.Build.PushFront(fillPresignedURL) + r.Handlers.Build.PushFrontNamed(request.NamedHandler{ + Name: ec2CopySnapshotPresignedUrlCustomization, + Fn: fillPresignedURL, + }) } // only set the retryer on request if config doesn't have a retryer @@ -48,13 +54,15 @@ func fillPresignedURL(r *request.Request) { origParams := r.Params.(*CopySnapshotInput) - // Stop if PresignedURL/DestinationRegion is set - if origParams.PresignedUrl != nil || origParams.DestinationRegion != nil { + // Stop if PresignedURL is set + if origParams.PresignedUrl != nil { return } + // Always use config region as destination region for SDKs origParams.DestinationRegion = r.Config.Region - newParams := awsutil.CopyOf(r.Params).(*CopySnapshotInput) + + newParams := awsutil.CopyOf(origParams).(*CopySnapshotInput) // Create a new request based on the existing request. We will use this to // presign the CopySnapshot request against the source region. @@ -82,8 +90,12 @@ func fillPresignedURL(r *request.Request) { clientInfo.Endpoint = resolved.URL clientInfo.SigningRegion = resolved.SigningRegion + // Copy handlers without Presigned URL customization to avoid an infinite loop + handlersWithoutPresignCustomization := r.Handlers.Copy() + handlersWithoutPresignCustomization.Build.RemoveByName(ec2CopySnapshotPresignedUrlCustomization) + // Presign a CopySnapshot request with modified params - req := request.New(*cfg, clientInfo, r.Handlers, r.Retryer, r.Operation, newParams, r.Data) + req := request.New(*cfg, clientInfo, handlersWithoutPresignCustomization, r.Retryer, r.Operation, newParams, r.Data) url, err := req.Presign(5 * time.Minute) // 5 minutes should be enough. if err != nil { // bubble error back up to original request r.Error = err diff --git a/vendor/github.com/aws/aws-sdk-go/service/ecs/api.go b/vendor/github.com/aws/aws-sdk-go/service/ecs/api.go index 7dd17a7..c5e9ad6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ecs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ecs/api.go @@ -169,9 +169,9 @@ func (c *ECS) CreateClusterRequest(input *CreateClusterInput) (req *request.Requ // When you call the CreateCluster API operation, Amazon ECS attempts to create // the Amazon ECS service-linked role for your account. This is so that it can // manage required resources in other Amazon Web Services services on your behalf. -// However, if the IAM user that makes the call doesn't have permissions to -// create the service-linked role, it isn't created. For more information, see -// Using service-linked roles for Amazon ECS (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) +// However, if the user that makes the call doesn't have permissions to create +// the service-linked role, it isn't created. For more information, see Using +// service-linked roles for Amazon ECS (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) // in the Amazon Elastic Container Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -196,6 +196,9 @@ func (c *ECS) CreateClusterRequest(input *CreateClusterInput) (req *request.Requ // The specified parameter isn't valid. Review the available parameters for // the API request. // +// - NamespaceNotFoundException +// The specified namespace wasn't found. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/ecs-2014-11-13/CreateCluster func (c *ECS) CreateCluster(input *CreateClusterInput) (*CreateClusterOutput, error) { req, out := c.CreateClusterRequest(input) @@ -266,6 +269,14 @@ func (c *ECS) CreateServiceRequest(input *CreateServiceInput) (req *request.Requ // Amazon ECS runs another copy of the task in the specified cluster. To update // an existing service, see the UpdateService action. // +// Starting April 15, 2023, Amazon Web Services will not onboard new customers +// to Amazon Elastic Inference (EI), and will help current customers migrate +// their workloads to options that offer better price and performance. After +// April 15, 2023, new customers will not be able to launch instances with Amazon +// EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, +// customers who have used Amazon EI at least once during the past 30-day period +// are considered current customers and will be able to continue using the service. +// // In addition to maintaining the desired count of tasks in your service, you // can optionally run your service behind one or more load balancers. The load // balancers distribute traffic across the tasks that are associated with the @@ -578,8 +589,8 @@ func (c *ECS) DeleteAccountSettingRequest(input *DeleteAccountSettingInput) (req // DeleteAccountSetting API operation for Amazon EC2 Container Service. // -// Disables an account setting for a specified IAM user, IAM role, or the root -// user for an account. +// Disables an account setting for a specified user, role, or the root user +// for an account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1051,6 +1062,121 @@ func (c *ECS) DeleteServiceWithContext(ctx aws.Context, input *DeleteServiceInpu return out, req.Send() } +const opDeleteTaskDefinitions = "DeleteTaskDefinitions" + +// DeleteTaskDefinitionsRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTaskDefinitions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTaskDefinitions for more information on using the DeleteTaskDefinitions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteTaskDefinitionsRequest method. +// req, resp := client.DeleteTaskDefinitionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecs-2014-11-13/DeleteTaskDefinitions +func (c *ECS) DeleteTaskDefinitionsRequest(input *DeleteTaskDefinitionsInput) (req *request.Request, output *DeleteTaskDefinitionsOutput) { + op := &request.Operation{ + Name: opDeleteTaskDefinitions, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTaskDefinitionsInput{} + } + + output = &DeleteTaskDefinitionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTaskDefinitions API operation for Amazon EC2 Container Service. +// +// Deletes one or more task definitions. +// +// You must deregister a task definition revision before you delete it. For +// more information, see DeregisterTaskDefinition (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeregisterTaskDefinition.html). +// +// When you delete a task definition revision, it is immediately transitions +// from the INACTIVE to DELETE_IN_PROGRESS. Existing tasks and services that +// reference a DELETE_IN_PROGRESS task definition revision continue to run without +// disruption. Existing services that reference a DELETE_IN_PROGRESS task definition +// revision can still scale up or down by modifying the service's desired count. +// +// You can't use a DELETE_IN_PROGRESS task definition revision to run new tasks +// or create new services. You also can't update an existing service to reference +// a DELETE_IN_PROGRESS task definition revision. +// +// A task definition revision will stay in DELETE_IN_PROGRESS status until all +// the associated tasks and services have been terminated. +// +// When you delete all INACTIVE task definition revisions, the task definition +// name is not displayed in the console and not returned in the API. If a task +// definition revisions are in the DELETE_IN_PROGRESS state, the task definition +// name is displayed in the console and returned in the API. The task definition +// name is retained by Amazon ECS and the revision is incremented the next time +// you create a task definition with that name. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon EC2 Container Service's +// API operation DeleteTaskDefinitions for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You don't have authorization to perform the requested action. +// +// - ClientException +// These errors are usually caused by a client action. This client action might +// be using an action or resource on behalf of a user that doesn't have permissions +// to use the action or resource,. Or, it might be specifying an identifier +// that isn't valid. +// +// - InvalidParameterException +// The specified parameter isn't valid. Review the available parameters for +// the API request. +// +// - ServerException +// These errors are usually caused by a server issue. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecs-2014-11-13/DeleteTaskDefinitions +func (c *ECS) DeleteTaskDefinitions(input *DeleteTaskDefinitionsInput) (*DeleteTaskDefinitionsOutput, error) { + req, out := c.DeleteTaskDefinitionsRequest(input) + return out, req.Send() +} + +// DeleteTaskDefinitionsWithContext is the same as DeleteTaskDefinitions with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTaskDefinitions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ECS) DeleteTaskDefinitionsWithContext(ctx aws.Context, input *DeleteTaskDefinitionsInput, opts ...request.Option) (*DeleteTaskDefinitionsOutput, error) { + req, out := c.DeleteTaskDefinitionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteTaskSet = "DeleteTaskSet" // DeleteTaskSetRequest generates a "aws/request.Request" representing the @@ -1320,7 +1446,9 @@ func (c *ECS) DeregisterTaskDefinitionRequest(input *DeregisterTaskDefinitionInp // the task definition is marked as INACTIVE. Existing tasks and services that // reference an INACTIVE task definition continue to run without disruption. // Existing services that reference an INACTIVE task definition can still scale -// up or down by modifying the service's desired count. +// up or down by modifying the service's desired count. If you want to delete +// a task definition revision, you must first deregister the task definition +// revision. // // You can't use an INACTIVE task definition to run new tasks or create new // services, and you can't update an existing service to reference an INACTIVE @@ -1332,6 +1460,9 @@ func (c *ECS) DeregisterTaskDefinitionRequest(input *DeregisterTaskDefinitionInp // We don't recommend that you rely on INACTIVE task definitions persisting // beyond the lifecycle of any associated tasks and services. // +// You must deregister a task definition revision before you delete it. For +// more information, see DeleteTaskDefinitions (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeleteTaskDefinitions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2180,7 +2311,7 @@ func (c *ECS) ExecuteCommandRequest(input *ExecuteCommandInput) (req *request.Re // condition key value and the corresponding parameter value. // // For information about required permissions and considerations, see Using -// Amazon ECS Exec for debugging (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.htm) +// Amazon ECS Exec for debugging (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html) // in the Amazon ECS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2221,7 +2352,7 @@ func (c *ECS) ExecuteCommandRequest(input *ExecuteCommandInput) (req *request.Re // - The SSM agent is not installed or is not running // // - There is an interface Amazon VPC endpoint for Amazon ECS, but there -// is not one for for Systems Manager Session Manager +// is not one for Systems Manager Session Manager // // For information about how to troubleshoot the issues, see Troubleshooting // issues with ECS Exec (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html) @@ -3846,34 +3977,44 @@ func (c *ECS) PutAccountSettingRequest(input *PutAccountSettingInput) (req *requ // // Modifies an account setting. Account settings are set on a per-Region basis. // -// If you change the account setting for the root user, the default settings -// for all of the IAM users and roles that no individual account setting was -// specified are reset for. For more information, see Account Settings (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html) +// If you change the root user account setting, the default settings are reset +// for users and roles that do not have specified individual account settings. +// For more information, see Account Settings (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html) // in the Amazon Elastic Container Service Developer Guide. // // When serviceLongArnFormat, taskLongArnFormat, or containerInstanceLongArnFormat // are specified, the Amazon Resource Name (ARN) and resource ID format of the -// resource type for a specified IAM user, IAM role, or the root user for an -// account is affected. The opt-in and opt-out account setting must be set for -// each Amazon ECS resource separately. The ARN and resource ID format of a -// resource is defined by the opt-in status of the IAM user or role that created -// the resource. You must turn on this setting to use Amazon ECS features such -// as resource tagging. +// resource type for a specified user, role, or the root user for an account +// is affected. The opt-in and opt-out account setting must be set for each +// Amazon ECS resource separately. The ARN and resource ID format of a resource +// is defined by the opt-in status of the user or role that created the resource. +// You must turn on this setting to use Amazon ECS features such as resource +// tagging. // // When awsvpcTrunking is specified, the elastic network interface (ENI) limit // for any new container instances that support the feature is changed. If awsvpcTrunking -// is enabled, any new container instances that support the feature are launched +// is turned on, any new container instances that support the feature are launched // have the increased ENI limits available to them. For more information, see // Elastic Network Interface Trunking (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html) // in the Amazon Elastic Container Service Developer Guide. // // When containerInsights is specified, the default setting indicating whether -// CloudWatch Container Insights is enabled for your clusters is changed. If -// containerInsights is enabled, any new clusters that are created will have -// Container Insights enabled unless you disable it during cluster creation. -// For more information, see CloudWatch Container Insights (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html) +// Amazon Web Services CloudWatch Container Insights is turned on for your clusters +// is changed. If containerInsights is turned on, any new clusters that are +// created will have Container Insights turned on unless you disable it during +// cluster creation. For more information, see CloudWatch Container Insights +// (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html) // in the Amazon Elastic Container Service Developer Guide. // +// Amazon ECS is introducing tagging authorization for resource creation. Users +// must have permissions for actions that create the resource, such as ecsCreateCluster. +// If tags are specified when you create a resource, Amazon Web Services performs +// additional authorization to verify if users or roles have permissions to +// create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource +// action. For more information, see Grant permission to tag resources on creation +// (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/supported-iam-actions-tagging.html) +// in the Amazon ECS Developer Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3961,7 +4102,7 @@ func (c *ECS) PutAccountSettingDefaultRequest(input *PutAccountSettingDefaultInp // PutAccountSettingDefault API operation for Amazon EC2 Container Service. // -// Modifies an account setting for all IAM users on an account for whom no individual +// Modifies an account setting for all users on an account for whom no individual // account setting has been specified. Account settings are set on a per-Region // basis. // @@ -4368,11 +4509,11 @@ func (c *ECS) RegisterTaskDefinitionRequest(input *RegisterTaskDefinitionInput) // see Amazon ECS Task Definitions (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) // in the Amazon Elastic Container Service Developer Guide. // -// You can specify an IAM role for your task with the taskRoleArn parameter. -// When you specify an IAM role for a task, its containers can then use the -// latest versions of the CLI or SDKs to make API requests to the Amazon Web -// Services services that are specified in the IAM policy that's associated -// with the role. For more information, see IAM Roles for Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) +// You can specify a role for your task with the taskRoleArn parameter. When +// you specify a role for a task, its containers can then use the latest versions +// of the CLI or SDKs to make API requests to the Amazon Web Services services +// that are specified in the policy that's associated with the role. For more +// information, see IAM Roles for Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) // in the Amazon Elastic Container Service Developer Guide. // // You can specify a Docker networking mode for the containers in your task @@ -4481,6 +4622,14 @@ func (c *ECS) RunTaskRequest(input *RunTaskInput) (req *request.Request, output // Alternatively, you can use StartTask to use your own scheduler or place tasks // manually on specific container instances. // +// Starting April 15, 2023, Amazon Web Services will not onboard new customers +// to Amazon Elastic Inference (EI), and will help current customers migrate +// their workloads to options that offer better price and performance. After +// April 15, 2023, new customers will not be able to launch instances with Amazon +// EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, +// customers who have used Amazon EI at least once during the past 30-day period +// are considered current customers and will be able to continue using the service. +// // The Amazon ECS API follows an eventual consistency model. This is because // of the distributed nature of the system supporting the API. This means that // the result of an API command you run that affects your Amazon ECS resources @@ -4613,6 +4762,14 @@ func (c *ECS) StartTaskRequest(input *StartTaskInput) (req *request.Request, out // Starts a new task from the specified task definition on the specified container // instance or instances. // +// Starting April 15, 2023, Amazon Web Services will not onboard new customers +// to Amazon Elastic Inference (EI), and will help current customers migrate +// their workloads to options that offer better price and performance. After +// April 15, 2023, new customers will not be able to launch instances with Amazon +// EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, +// customers who have used Amazon EI at least once during the past 30-day period +// are considered current customers and will be able to continue using the service. +// // Alternatively, you can use RunTask to place tasks for you. For more information, // see Scheduling Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/scheduling_tasks.html) // in the Amazon Elastic Container Service Developer Guide. @@ -5408,6 +5565,9 @@ func (c *ECS) UpdateClusterRequest(input *UpdateClusterInput) (req *request.Requ // The specified parameter isn't valid. Review the available parameters for // the API request. // +// - NamespaceNotFoundException +// The specified namespace wasn't found. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/ecs-2014-11-13/UpdateCluster func (c *ECS) UpdateCluster(input *UpdateClusterInput) (*UpdateClusterOutput, error) { req, out := c.UpdateClusterRequest(input) @@ -5932,8 +6092,8 @@ func (c *ECS) UpdateServiceRequest(input *UpdateServiceInput) (req *request.Requ // number of running tasks for this service. // // You must have a service-linked role when you update any of the following -// service properties. If you specified a custom IAM role when you created the -// service, Amazon ECS automatically replaces the roleARN (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Service.html#ECS-Type-Service-roleArn) +// service properties. If you specified a custom role when you created the service, +// Amazon ECS automatically replaces the roleARN (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Service.html#ECS-Type-Service-roleArn) // associated with the service with the ARN of your service-linked role. For // more information, see Service-linked roles (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) // in the Amazon Elastic Container Service Developer Guide. @@ -6176,7 +6336,7 @@ func (c *ECS) UpdateTaskProtectionRequest(input *UpdateTaskProtectionInput) (req // or deployments (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html). // // Task-protection, by default, expires after 2 hours at which point Amazon -// ECS unsets the protectionEnabled property making the task eligible for termination +// ECS clears the protectionEnabled property making the task eligible for termination // by a subsequent scale-in event. // // You can specify a custom expiration period for task protection from 1 minute @@ -6719,20 +6879,20 @@ type AutoScalingGroupProvider struct { // The managed termination protection setting to use for the Auto Scaling group // capacity provider. This determines whether the Auto Scaling group has managed - // termination protection. The default is disabled. + // termination protection. The default is off. // // When using managed termination protection, managed scaling must also be used // otherwise managed termination protection doesn't work. // - // When managed termination protection is enabled, Amazon ECS prevents the Amazon + // When managed termination protection is on, Amazon ECS prevents the Amazon // EC2 instances in an Auto Scaling group that contain tasks from being terminated // during a scale-in action. The Auto Scaling group and each instance in the - // Auto Scaling group must have instance protection from scale-in actions enabled + // Auto Scaling group must have instance protection from scale-in actions on // as well. For more information, see Instance Protection (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection) // in the Auto Scaling User Guide. // - // When managed termination protection is disabled, your Amazon EC2 instances - // aren't protected from termination when the Auto Scaling group scales in. + // When managed termination protection is off, your Amazon EC2 instances aren't + // protected from termination when the Auto Scaling group scales in. ManagedTerminationProtection *string `locationName:"managedTerminationProtection" type:"string" enum:"ManagedTerminationProtection"` } @@ -6804,15 +6964,15 @@ type AutoScalingGroupProviderUpdate struct { // When using managed termination protection, managed scaling must also be used // otherwise managed termination protection doesn't work. // - // When managed termination protection is enabled, Amazon ECS prevents the Amazon + // When managed termination protection is on, Amazon ECS prevents the Amazon // EC2 instances in an Auto Scaling group that contain tasks from being terminated // during a scale-in action. The Auto Scaling group and each instance in the - // Auto Scaling group must have instance protection from scale-in actions enabled. + // Auto Scaling group must have instance protection from scale-in actions on. // For more information, see Instance Protection (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection) // in the Auto Scaling User Guide. // - // When managed termination protection is disabled, your Amazon EC2 instances - // aren't protected from termination when the Auto Scaling group scales in. + // When managed termination protection is off, your Amazon EC2 instances aren't + // protected from termination when the Auto Scaling group scales in. ManagedTerminationProtection *string `locationName:"managedTerminationProtection" type:"string" enum:"ManagedTerminationProtection"` } @@ -7376,7 +7536,7 @@ type Cluster struct { ServiceConnectDefaults *ClusterServiceConnectDefaults `locationName:"serviceConnectDefaults" type:"structure"` // The settings for the cluster. This parameter indicates whether CloudWatch - // Container Insights is enabled or disabled for a cluster. + // Container Insights is on or off for a cluster. Settings []*ClusterSetting `locationName:"settings" type:"list"` // Additional information about your clusters that are separated by launch type. @@ -7951,7 +8111,7 @@ type ClusterServiceConnectDefaultsRequest struct { // the cluster configuration for Service Connect is removed. Note that the namespace // will remain in Cloud Map and must be deleted separately. // - // For more information about Cloud Map, see Working with Services (https://docs.aws.amazon.com/) + // For more information about Cloud Map, see Working with Services (https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) // in the Cloud Map Developer Guide. // // Namespace is a required field @@ -8000,14 +8160,17 @@ func (s *ClusterServiceConnectDefaultsRequest) SetNamespace(v string) *ClusterSe type ClusterSetting struct { _ struct{} `type:"structure"` - // The name of the cluster setting. The only supported value is containerInsights. + // The name of the cluster setting. The value is containerInsights . Name *string `locationName:"name" type:"string" enum:"ClusterSettingName"` // The value to set for the cluster setting. The supported values are enabled - // and disabled. If enabled is specified, CloudWatch Container Insights will - // be enabled for the cluster, otherwise it will be disabled unless the containerInsights - // account setting is enabled. If a cluster value is specified, it will override - // the containerInsights value set with PutAccountSetting or PutAccountSettingDefault. + // and disabled. + // + // If you set name to containerInsights and value to enabled, CloudWatch Container + // Insights will be on for the cluster, otherwise it will be off unless the + // containerInsights account setting is turned on. If a cluster value is specified, + // it will override the containerInsights value set with PutAccountSetting (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html) + // or PutAccountSettingDefault (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html). Value *string `locationName:"value" type:"string"` } @@ -8067,9 +8230,6 @@ type Container struct { Image *string `locationName:"image" type:"string"` // The container image manifest digest. - // - // The imageDigest is only returned if the container is using an image hosted - // in Amazon ECR, otherwise it is omitted. ImageDigest *string `locationName:"imageDigest" type:"string"` // The last known status of the container. @@ -8312,8 +8472,8 @@ type ContainerDefinition struct { // * Windows platform version 1.0.0 or later. DependsOn []*ContainerDependency `locationName:"dependsOn" type:"list"` - // When this parameter is true, networking is disabled within the container. - // This parameter maps to NetworkDisabled in the Create a container (https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) + // When this parameter is true, networking is off within the container. This + // parameter maps to NetworkDisabled in the Create a container (https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) // section of the Docker Remote API (https://docs.docker.com/engine/api/v1.35/). // // This parameter is not supported for Windows containers. @@ -8345,13 +8505,18 @@ type ContainerDefinition struct { // command: sudo docker version --format '{{.Server.APIVersion}}' DockerLabels map[string]*string `locationName:"dockerLabels" type:"map"` - // A list of strings to provide custom labels for SELinux and AppArmor multi-level - // security systems. This field isn't valid for containers in tasks using the - // Fargate launch type. + // A list of strings to provide custom configuration for multiple security systems. + // For more information about valid values, see Docker Run Security Configuration + // (https://docs.docker.com/engine/reference/run/#security-configuration). This + // field isn't valid for containers in tasks using the Fargate launch type. // - // With Windows containers, this parameter can be used to reference a credential - // spec file when configuring a container for Active Directory authentication. + // For Linux tasks on EC2, this parameter can be used to reference custom labels + // for SELinux and AppArmor multi-level security systems. + // + // For any tasks on EC2, this parameter can be used to reference a credential + // spec file that configures a container for Active Directory authentication. // For more information, see Using gMSAs for Windows Containers (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) + // and Using gMSAs for Linux Containers (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) // in the Amazon Elastic Container Service Developer Guide. // // This parameter maps to SecurityOpt in the Create a container (https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) @@ -8773,7 +8938,7 @@ type ContainerDefinition struct { // set by the operating system with the exception of the nofile resource limit // parameter which Fargate overrides. The nofile resource limit sets a restriction // on the number of open files that a container can use. The default nofile - // soft limit is 1024 and hard limit is 4096. + // soft limit is 1024 and the default hard limit is 4096. // // This parameter requires version 1.18 of the Docker Remote API or greater // on your container instance. To check the Docker Remote API version on your @@ -9948,20 +10113,23 @@ type CreateClusterInput struct { // The short name of one or more capacity providers to associate with the cluster. // A capacity provider must be associated with a cluster before it can be included // as part of the default capacity provider strategy of the cluster or used - // in a capacity provider strategy when calling the CreateService or RunTask + // in a capacity provider strategy when calling the CreateService (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html) + // or RunTask (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) // actions. // // If specifying a capacity provider that uses an Auto Scaling group, the capacity // provider must be created but not associated with another cluster. New Auto // Scaling group capacity providers can be created with the CreateCapacityProvider + // (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCapacityProvider.html) // API operation. // // To use a Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT // capacity providers. The Fargate capacity providers are available to all accounts // and only need to be associated with a cluster to be used. // - // The PutClusterCapacityProviders API operation is used to update the list - // of available capacity providers for a cluster after the cluster is created. + // The PutCapacityProvider (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html) + // API operation is used to update the list of available capacity providers + // for a cluster after the cluster is created. CapacityProviders []*string `locationName:"capacityProviders" type:"list"` // The name of your cluster. If you don't specify a name for your cluster, you @@ -9974,9 +10142,10 @@ type CreateClusterInput struct { // The capacity provider strategy to set as the default for the cluster. After // a default capacity provider strategy is set for a cluster, when you call - // the RunTask or CreateService APIs with no capacity provider strategy or launch - // type specified, the default capacity provider strategy for the cluster is - // used. + // the CreateService (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html) + // or RunTask (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) + // APIs with no capacity provider strategy or launch type specified, the default + // capacity provider strategy for the cluster is used. // // If a default capacity provider strategy isn't defined for a cluster when // it was created, it can be defined later with the PutClusterCapacityProviders @@ -10189,7 +10358,7 @@ type CreateServiceInput struct { DeploymentController *DeploymentController `locationName:"deploymentController" type:"structure"` // The number of instantiations of the specified task definition to place and - // keep running on your cluster. + // keep running in your service. // // This is required if schedulingStrategy is REPLICA or isn't specified. If // schedulingStrategy is DAEMON then this isn't required. @@ -10199,11 +10368,14 @@ type CreateServiceInput struct { // the service. For more information, see Tagging your Amazon ECS resources // (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) // in the Amazon Elastic Container Service Developer Guide. + // + // When you use Amazon ECS managed tags, you need to set the propagateTags request + // parameter. EnableECSManagedTags *bool `locationName:"enableECSManagedTags" type:"boolean"` - // Determines whether the execute command functionality is enabled for the service. - // If true, this enables execute command functionality on all containers in - // the service tasks. + // Determines whether the execute command functionality is turned on for the + // service. If true, this enables execute command functionality on all containers + // in the service tasks. EnableExecuteCommand *bool `locationName:"enableExecuteCommand" type:"boolean"` // The period of time, in seconds, that the Amazon ECS service scheduler ignores @@ -10321,7 +10493,10 @@ type CreateServiceInput struct { // Specifies whether to propagate the tags from the task definition to the task. // If no value is specified, the tags aren't propagated. Tags can only be propagated // to the task during task creation. To add tags to a task after task creation, - // use the TagResource API action. + // use the TagResource (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) + // API action. + // + // The default is NONE. PropagateTags *string `locationName:"propagateTags" type:"string" enum:"PropagateTags"` // The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon @@ -10432,6 +10607,9 @@ type CreateServiceInput struct { // // A task definition must be specified if the service uses either the ECS or // CODE_DEPLOY deployment controllers. + // + // For more information about deployment types, see Amazon ECS deployment types + // (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html). TaskDefinition *string `locationName:"taskDefinition" type:"string"` } @@ -10985,11 +11163,11 @@ type DeleteAccountSettingInput struct { // Name is a required field Name *string `locationName:"name" type:"string" required:"true" enum:"SettingName"` - // The Amazon Resource Name (ARN) of the principal. It can be an IAM user, IAM - // role, or the root user. If you specify the root user, it disables the account - // setting for all IAM users, IAM roles, and the root user of the account unless - // an IAM user or role explicitly overrides these settings. If this field is - // omitted, the setting is changed only for the authenticated user. + // The Amazon Resource Name (ARN) of the principal. It can be an user, role, + // or the root user. If you specify the root user, it disables the account setting + // for all users, roles, and the root user of the account unless a user or role + // explicitly overrides these settings. If this field is omitted, the setting + // is changed only for the authenticated user. PrincipalArn *string `locationName:"principalArn" type:"string"` } @@ -11422,6 +11600,95 @@ func (s *DeleteServiceOutput) SetService(v *Service) *DeleteServiceOutput { return s } +type DeleteTaskDefinitionsInput struct { + _ struct{} `type:"structure"` + + // The family and revision (family:revision) or full Amazon Resource Name (ARN) + // of the task definition to delete. You must specify a revision. + // + // You can specify up to 10 task definitions as a comma separated list. + // + // TaskDefinitions is a required field + TaskDefinitions []*string `locationName:"taskDefinitions" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTaskDefinitionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTaskDefinitionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTaskDefinitionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTaskDefinitionsInput"} + if s.TaskDefinitions == nil { + invalidParams.Add(request.NewErrParamRequired("TaskDefinitions")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTaskDefinitions sets the TaskDefinitions field's value. +func (s *DeleteTaskDefinitionsInput) SetTaskDefinitions(v []*string) *DeleteTaskDefinitionsInput { + s.TaskDefinitions = v + return s +} + +type DeleteTaskDefinitionsOutput struct { + _ struct{} `type:"structure"` + + // Any failures associated with the call. + Failures []*Failure `locationName:"failures" type:"list"` + + // The list of deleted task definitions. + TaskDefinitions []*TaskDefinition `locationName:"taskDefinitions" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTaskDefinitionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTaskDefinitionsOutput) GoString() string { + return s.String() +} + +// SetFailures sets the Failures field's value. +func (s *DeleteTaskDefinitionsOutput) SetFailures(v []*Failure) *DeleteTaskDefinitionsOutput { + s.Failures = v + return s +} + +// SetTaskDefinitions sets the TaskDefinitions field's value. +func (s *DeleteTaskDefinitionsOutput) SetTaskDefinitions(v []*TaskDefinition) *DeleteTaskDefinitionsOutput { + s.TaskDefinitions = v + return s +} + type DeleteTaskSetInput struct { _ struct{} `type:"structure"` @@ -11600,7 +11867,7 @@ type Deployment struct { // The rollout state of the deployment. When a service deployment is started, // it begins in an IN_PROGRESS state. When the service reaches a steady state, // the deployment transitions to a COMPLETED state. If the service fails to - // reach a steady state and circuit breaker is enabled, the deployment transitions + // reach a steady state and circuit breaker is turned on, the deployment transitions // to a FAILED state. A deployment in FAILED state doesn't launch any new tasks. // For more information, see DeploymentCircuitBreaker. RolloutState *string `locationName:"rolloutState" type:"string" enum:"DeploymentRolloutState"` @@ -11872,13 +12139,13 @@ func (s *DeploymentAlarms) SetRollback(v bool) *DeploymentAlarms { } // The deployment circuit breaker can only be used for services using the rolling -// update (ECS) deployment type that aren't behind a Classic Load Balancer. +// update (ECS) deployment type. // // The deployment circuit breaker determines whether a service deployment will -// fail if the service can't reach a steady state. If enabled, a service deployment -// will transition to a failed state and stop launching new tasks. You can also -// configure Amazon ECS to roll back your service to the last completed deployment -// after a failure. For more information, see Rolling update (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) +// fail if the service can't reach a steady state. If it is turned on, a service +// deployment will transition to a failed state and stop launching new tasks. +// You can also configure Amazon ECS to roll back your service to the last completed +// deployment after a failure. For more information, see Rolling update (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) // in the Amazon Elastic Container Service Developer Guide. type DeploymentCircuitBreaker struct { _ struct{} `type:"structure"` @@ -11955,10 +12222,12 @@ type DeploymentConfiguration struct { // update (ECS) deployment type. // // The deployment circuit breaker determines whether a service deployment will - // fail if the service can't reach a steady state. If deployment circuit breaker - // is enabled, a service deployment will transition to a failed state and stop - // launching new tasks. If rollback is enabled, when a service deployment fails, - // the service is rolled back to the last deployment that completed successfully. + // fail if the service can't reach a steady state. If you use the deployment + // circuit breaker, a service deployment will transition to a failed state and + // stop launching new tasks. If you use the rollback option, when a service + // deployment fails, the service is rolled back to the last deployment that + // completed successfully. For more information, see Rolling update (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) + // in the Amazon Elastic Container Service Developer Guide DeploymentCircuitBreaker *DeploymentCircuitBreaker `locationName:"deploymentCircuitBreaker" type:"structure"` // If a service is using the rolling update (ECS) deployment type, the maximumPercent @@ -13406,17 +13675,16 @@ type EFSAuthorizationConfig struct { // The Amazon EFS access point ID to use. If an access point is specified, the // root directory value specified in the EFSVolumeConfiguration must either // be omitted or set to / which will enforce the path set on the EFS access - // point. If an access point is used, transit encryption must be enabled in - // the EFSVolumeConfiguration. For more information, see Working with Amazon - // EFS access points (https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) + // point. If an access point is used, transit encryption must be on in the EFSVolumeConfiguration. + // For more information, see Working with Amazon EFS access points (https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) // in the Amazon Elastic File System User Guide. AccessPointId *string `locationName:"accessPointId" type:"string"` - // Determines whether to use the Amazon ECS task IAM role defined in a task - // definition when mounting the Amazon EFS file system. If enabled, transit - // encryption must be enabled in the EFSVolumeConfiguration. If this parameter - // is omitted, the default value of DISABLED is used. For more information, - // see Using Amazon EFS access points (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints) + // Determines whether to use the Amazon ECS task role defined in a task definition + // when mounting the Amazon EFS file system. If it is turned on, transit encryption + // must be turned on in the EFSVolumeConfiguration. If this parameter is omitted, + // the default value of DISABLED is used. For more information, see Using Amazon + // EFS access points (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints) // in the Amazon Elastic Container Service Developer Guide. Iam *string `locationName:"iam" type:"string" enum:"EFSAuthorizationConfigIAM"` } @@ -13478,7 +13746,7 @@ type EFSVolumeConfiguration struct { // Determines whether to use encryption for Amazon EFS data in transit between // the Amazon ECS host and the Amazon EFS server. Transit encryption must be - // enabled if Amazon EFS IAM authorization is used. If this parameter is omitted, + // turned on if Amazon EFS IAM authorization is used. If this parameter is omitted, // the default value of DISABLED is used. For more information, see Encrypting // data in transit (https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html) // in the Amazon Elastic File System User Guide. @@ -13641,9 +13909,12 @@ func (s *EnvironmentFile) SetValue(v string) *EnvironmentFile { // Fargate task storage (https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_data_volumes.html) // in the Amazon ECS User Guide for Fargate. // -// This parameter is only supported for tasks hosted on Fargate using Linux -// platform version 1.4.0 or later. This parameter is not supported for Windows -// containers on Fargate. +// For tasks using the Fargate launch type, the task requires the following +// platforms: +// +// - Linux platform version 1.4.0 or later. +// +// - Windows platform version 1.0.0 or later. type EphemeralStorage struct { _ struct{} `type:"structure"` @@ -13854,7 +14125,7 @@ type ExecuteCommandLogConfiguration struct { _ struct{} `type:"structure"` // Determines whether to use encryption on the CloudWatch logs. If not specified, - // encryption will be disabled. + // encryption will be off. CloudWatchEncryptionEnabled *bool `locationName:"cloudWatchEncryptionEnabled" type:"boolean"` // The name of the CloudWatch log group to send logs to. @@ -14345,7 +14616,7 @@ type GetTaskProtectionOutput struct { // * taskArn: The task ARN. // // * protectionEnabled: The protection status of the task. If scale-in protection - // is enabled for a task, the value is true. Otherwise, it is false. + // is turned on for a task, the value is true. Otherwise, it is false. // // * expirationDate: The epoch time when protection for the task will expire. ProtectedTasks []*ProtectedTask `locationName:"protectedTasks" type:"list"` @@ -14384,7 +14655,8 @@ func (s *GetTaskProtectionOutput) SetProtectedTasks(v []*ProtectedTask) *GetTask // An object representing a container health check. Health check parameters // that are specified in a container definition override any Docker health checks // that exist in the container image (such as those specified in a parent image -// or from the image's Dockerfile). +// or from the image's Dockerfile). This configuration maps to the HEALTHCHECK +// parameter of docker run (https://docs.docker.com/engine/reference/run/). // // The Amazon ECS container agent only monitors and reports on the health checks // specified in the task definition. Amazon ECS does not monitor Docker health @@ -14405,8 +14677,8 @@ func (s *GetTaskProtectionOutput) SetProtectedTasks(v []*ProtectedTask) *GetTask // container health check defined. // // The following describes the possible healthStatus values for a task. The -// container health check status of nonessential containers only affects the -// health status of a task if no essential containers have health checks defined. +// container health check status of non-essential containers don't have an effect +// on the health status of a task. // // - HEALTHY-All essential containers within the task have passed their health // checks. @@ -14415,21 +14687,14 @@ func (s *GetTaskProtectionOutput) SetProtectedTasks(v []*ProtectedTask) *GetTask // check. // // - UNKNOWN-The essential containers within the task are still having their -// health checks evaluated or there are only nonessential containers with -// health checks defined. +// health checks evaluated, there are only nonessential containers with health +// checks defined, or there are no container health checks defined. // // If a task is run manually, and not as part of a service, the task will continue // its lifecycle regardless of its health status. For tasks that are part of // a service, if the task reports as unhealthy then the task will be stopped // and the service scheduler will replace it. // -// For tasks that are a part of a service and the service uses the ECS rolling -// deployment type, the deployment is paused while the new tasks have the UNKNOWN -// task health check status. For example, tasks that define health checks for -// nonessential containers when no essential containers have health checks will -// have the UNKNOWN health check status indefinitely which prevents the deployment -// from completing. -// // The following are notes about container health check support: // // - Container health checks require version 1.17.0 or greater of the Amazon @@ -14451,14 +14716,15 @@ type HealthCheck struct { // default shell. // // When you use the Amazon Web Services Management Console JSON panel, the Command - // Line Interface, or the APIs, enclose the list of commands in brackets. + // Line Interface, or the APIs, enclose the list of commands in double quotes + // and brackets. // // [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] // - // You don't need to include the brackets when you use the Amazon Web Services - // Management Console. + // You don't include the double quotes and brackets when you use the Amazon + // Web Services Management Console. // - // "CMD-SHELL", "curl -f http://localhost/ || exit 1" + // CMD-SHELL, curl -f http://localhost/ || exit 1 // // An exit code of 0 indicates success, and non-zero exit code indicates failure. // For more information, see HealthCheck in the Create a container (https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) @@ -14478,7 +14744,7 @@ type HealthCheck struct { // The optional grace period to provide containers time to bootstrap before // failed health checks count towards the maximum number of retries. You can - // specify between 0 and 300 seconds. By default, the startPeriod is disabled. + // specify between 0 and 300 seconds. By default, the startPeriod is off. // // If a health check succeeds within the startPeriod, then the container is // considered healthy and any subsequent failures count toward the maximum number @@ -14663,7 +14929,7 @@ type InferenceAccelerator struct { _ struct{} `type:"structure"` // The Elastic Inference accelerator device name. The deviceName must also be - // referenced in a container definition as a ResourceRequirement. + // referenced in a container definition as a ResourceRequirement (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ResourceRequirement.html). // // DeviceName is a required field DeviceName *string `locationName:"deviceName" type:"string" required:"true"` @@ -15073,7 +15339,8 @@ func (s *LimitExceededException) RequestID() string { return s.RespMetadata.RequestID } -// Linux-specific options that are applied to the container, such as Linux KernelCapabilities. +// The Linux-specific options that are applied to the container, such as Linux +// KernelCapabilities (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html). type LinuxParameters struct { _ struct{} `type:"structure"` @@ -15115,6 +15382,9 @@ type LinuxParameters struct { // // If you're using tasks that use the Fargate launch type, the maxSwap parameter // isn't supported. + // + // If you're using tasks on Amazon Linux 2023 the swappiness parameter isn't + // supported. MaxSwap *int64 `locationName:"maxSwap" type:"integer"` // The value for the size (in MiB) of the /dev/shm volume. This parameter maps @@ -15134,6 +15404,9 @@ type LinuxParameters struct { // // If you're using tasks that use the Fargate launch type, the swappiness parameter // isn't supported. + // + // If you're using tasks on Amazon Linux 2023 the swappiness parameter isn't + // supported. Swappiness *int64 `locationName:"swappiness" type:"integer"` // The container path, mount options, and size (in MiB) of the tmpfs mount. @@ -15264,9 +15537,9 @@ type ListAccountSettingsInput struct { // retrieve the next items in a list and not for other programmatic purposes. NextToken *string `locationName:"nextToken" type:"string"` - // The ARN of the principal, which can be an IAM user, IAM role, or the root - // user. If this field is omitted, the account settings are listed only for - // the authenticated user. + // The ARN of the principal, which can be a user, role, or the root user. If + // this field is omitted, the account settings are listed only for the authenticated + // user. // // Federated users assume the account setting of the root user and can't have // explicit account settings set for them. @@ -16516,9 +16789,6 @@ func (s *ListTasksOutput) SetTaskArns(v []*string) *ListTasksOutput { // The load balancer configuration to use with a service or task set. // -// For specific notes and restrictions regarding the use of load balancers with -// services and task sets, see the CreateService and CreateTaskSet actions. -// // When you add, update, or remove a load balancer configuration, Amazon ECS // starts a new deployment with the updated Elastic Load Balancing configuration. // This causes tasks to register to and deregister from load balancers. @@ -16762,8 +17032,8 @@ type ManagedAgent struct { // The last known status of the managed agent. LastStatus *string `locationName:"lastStatus" type:"string"` - // The name of the managed agent. When the execute command feature is enabled, - // the managed agent name is ExecuteCommandAgent. + // The name of the managed agent. When the execute command feature is turned + // on, the managed agent name is ExecuteCommandAgent. Name *string `locationName:"name" type:"string" enum:"ManagedAgentName"` // The reason for why the managed agent is in the state it is in. @@ -16898,15 +17168,15 @@ func (s *ManagedAgentStateChange) SetStatus(v string) *ManagedAgentStateChange { // The managed scaling settings for the Auto Scaling group capacity provider. // -// When managed scaling is enabled, Amazon ECS manages the scale-in and scale-out +// When managed scaling is turned on, Amazon ECS manages the scale-in and scale-out // actions of the Auto Scaling group. Amazon ECS manages a target tracking scaling // policy using an Amazon ECS managed CloudWatch metric with the specified targetCapacity // value as the target value for the metric. For more information, see Using // managed scaling (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling) // in the Amazon Elastic Container Service Developer Guide. // -// If managed scaling is disabled, the user must manage the scaling of the Auto -// Scaling group. +// If managed scaling is off, the user must manage the scaling of the Auto Scaling +// group. type ManagedScaling struct { _ struct{} `type:"structure"` @@ -16937,9 +17207,12 @@ type ManagedScaling struct { // Determines whether to use managed scaling for the capacity provider. Status *string `locationName:"status" type:"string" enum:"ManagedScalingStatus"` - // The target capacity value for the capacity provider. The specified value - // must be greater than 0 and less than or equal to 100. A value of 100 results - // in the Amazon EC2 instances in your Auto Scaling group being completely used. + // The target capacity utilization as a percentage for the capacity provider. + // The specified value must be greater than 0 and less than or equal to 100. + // For example, if you want the capacity provider to maintain 10% spare capacity, + // then that means the utilization is 90%, so use a targetCapacity of 90. The + // default value of 100 percent results in the Amazon EC2 instances in your + // Auto Scaling group being completely used. TargetCapacity *int64 `locationName:"targetCapacity" min:"1" type:"integer"` } @@ -17077,7 +17350,7 @@ func (s *MissingVersionException) RequestID() string { return s.RespMetadata.RequestID } -// Details for a volume mount point that's used in a container definition. +// The details for a volume mount point that's used in a container definition. type MountPoint struct { _ struct{} `type:"structure"` @@ -17316,7 +17589,7 @@ func (s *NetworkBinding) SetProtocol(v string) *NetworkBinding { return s } -// An object representing the network configuration for a task or service. +// The network configuration for a task or service. type NetworkConfiguration struct { _ struct{} `type:"structure"` @@ -17790,6 +18063,13 @@ func (s *PlatformUnknownException) RequestID() string { // the exposed ports using containerPort. The hostPort can be left blank or // it must be the same value as the containerPort. // +// Most fields of this parameter (containerPort, hostPort, protocol) maps to +// PortBindings in the Create a container (https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) +// section of the Docker Remote API (https://docs.docker.com/engine/api/v1.35/) +// and the --publish option to docker run (https://docs.docker.com/engine/reference/commandline/run/). +// If the network mode of a task definition is set to host, host ports must +// either be undefined or match the container port in the port mapping. +// // You can't expose the same container port for multiple protocols. If you attempt // this, an error is returned. // @@ -17885,7 +18165,7 @@ type PortMapping struct { // strategy. // // * For containers in a task with the bridge network mode, the Amazon ECS - // agent finds open ports on the host and automaticaly binds them to the + // agent finds open ports on the host and automatically binds them to the // container ports. This is a dynamic mapping strategy. // // If you use containers in a task with the awsvpc or host network mode, the @@ -17909,6 +18189,7 @@ type PortMapping struct { // was previously specified in a running task is also reserved while the task // is running. That is, after a task stops, the host port is released. The current // reserved ports are displayed in the remainingResources of DescribeContainerInstances + // (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeContainerInstances.html) // output. A container instance can have up to 100 reserved ports at a time. // This number includes the default reserved ports. Automatically assigned ports // aren't included in the 100 reserved ports quota. @@ -17992,8 +18273,8 @@ type ProtectedTask struct { // The epoch time when protection for the task will expire. ExpirationDate *time.Time `locationName:"expirationDate" type:"timestamp"` - // The protection status of the task. If scale-in protection is enabled for - // a task, the value is true. Otherwise, it is false. + // The protection status of the task. If scale-in protection is on for a task, + // the value is true. Otherwise, it is false. ProtectionEnabled *bool `locationName:"protectionEnabled" type:"boolean"` // The task ARN. @@ -18145,20 +18426,23 @@ type PutAccountSettingDefaultInput struct { // If containerInstanceLongArnFormat is specified, the ARN and resource ID for // your Amazon ECS container instances is affected. If awsvpcTrunking is specified, // the ENI limit for your Amazon ECS container instances is affected. If containerInsights - // is specified, the default setting for CloudWatch Container Insights for your - // clusters is affected. - // - // Fargate is transitioning from task count-based quotas to vCPU-based quotas. - // You can set the name to fargateVCPULimit to opt in or opt out of the vCPU-based - // quotas. For information about the opt in timeline, see Fargate vCPU-based - // quotas timeline (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#fargate-quota-timeline) + // is specified, the default setting for Amazon Web Services CloudWatch Container + // Insights for your clusters is affected. If tagResourceAuthorization is specified, + // the opt-in option for tagging resources on creation is affected. For information + // about the opt-in timeline, see Tagging authorization timeline (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#tag-resources) // in the Amazon ECS Developer Guide. // + // When you specify fargateFIPSMode for the name and enabled for the value, + // Fargate uses FIPS-140 compliant cryptographic algorithms on your tasks. For + // more information about FIPS-140 compliance with Fargate, see Amazon Web Services + // Fargate Federal Information Processing Standard (FIPS) 140-2 compliance (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-fips-compliance.html) + // in the Amazon Elastic Container Service Developer Guide. + // // Name is a required field Name *string `locationName:"name" type:"string" required:"true" enum:"SettingName"` // The account setting value for the specified principal ARN. Accepted values - // are enabled and disabled. + // are enabled, disabled, on, and off. // // Value is a required field Value *string `locationName:"value" type:"string" required:"true"` @@ -18251,24 +18535,28 @@ type PutAccountSettingInput struct { // the ARN and resource ID for your Amazon ECS container instances is affected. // If awsvpcTrunking is specified, the elastic network interface (ENI) limit // for your Amazon ECS container instances is affected. If containerInsights - // is specified, the default setting for CloudWatch Container Insights for your - // clusters is affected. + // is specified, the default setting for Amazon Web Services CloudWatch Container + // Insights for your clusters is affected. If fargateFIPSMode is specified, + // Fargate FIPS 140 compliance is affected. If tagResourceAuthorization is specified, + // the opt-in option for tagging resources on creation is affected. For information + // about the opt-in timeline, see Tagging authorization timeline (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#tag-resources) + // in the Amazon ECS Developer Guide. // // Name is a required field Name *string `locationName:"name" type:"string" required:"true" enum:"SettingName"` - // The ARN of the principal, which can be an IAM user, IAM role, or the root - // user. If you specify the root user, it modifies the account setting for all - // IAM users, IAM roles, and the root user of the account unless an IAM user - // or role explicitly overrides these settings. If this field is omitted, the - // setting is changed only for the authenticated user. + // The ARN of the principal, which can be a user, role, or the root user. If + // you specify the root user, it modifies the account setting for all users, + // roles, and the root user of the account unless a user or role explicitly + // overrides these settings. If this field is omitted, the setting is changed + // only for the authenticated user. // // Federated users assume the account setting of the root user and can't have // explicit account settings set for them. PrincipalArn *string `locationName:"principalArn" type:"string"` // The account setting value for the specified principal ARN. Accepted values - // are enabled and disabled. + // are enabled, disabled, on, and off. // // Value is a required field Value *string `locationName:"value" type:"string" required:"true"` @@ -18862,10 +19150,12 @@ type RegisterTaskDefinitionInput struct { // Fargate task storage (https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_data_volumes.html) // in the Amazon ECS User Guide for Fargate. // - // This parameter is only supported for tasks hosted on Fargate using the following - // platform versions: + // For tasks using the Fargate launch type, the task requires the following + // platforms: // // * Linux platform version 1.4.0 or later. + // + // * Windows platform version 1.0.0 or later. EphemeralStorage *EphemeralStorage `locationName:"ephemeralStorage" type:"structure"` // The Amazon Resource Name (ARN) of the task execution role that grants the @@ -19585,7 +19875,8 @@ type ResourceRequirement struct { // GPUs on the container instance that the task is launched on. // // If the InferenceAccelerator type is used, the value matches the deviceName - // for an InferenceAccelerator specified in a task definition. + // for an InferenceAccelerator (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_InferenceAccelerator.html) + // specified in a task definition. // // Value is a required field Value *string `locationName:"value" type:"string" required:"true"` @@ -19790,11 +20081,11 @@ type RunTaskInput struct { // The family and revision (family:revision) or full ARN of the task definition // to run. If a revision isn't specified, the latest ACTIVE revision is used. // - // When you create an IAM policy for run-task, you can set the resource to be - // the latest task definition revision, or a specific revision. + // When you create a policy for run-task, you can set the resource to be the + // latest task definition revision, or a specific revision. // // The full ARN value must match the value that you specified as the Resource - // of the IAM principal's permissions policy. + // of the principal's permissions policy. // // When you specify the policy resource as the latest task definition version // (by setting the Resource in the policy to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName), @@ -20256,7 +20547,7 @@ func (s *ServerException) RequestID() string { return s.RespMetadata.RequestID } -// Details on a service within a cluster +// Details on a service within a cluster. type Service struct { _ struct{} `type:"structure"` @@ -20293,9 +20584,9 @@ type Service struct { // in the Amazon Elastic Container Service Developer Guide. EnableECSManagedTags *bool `locationName:"enableECSManagedTags" type:"boolean"` - // Determines whether the execute command functionality is enabled for the service. - // If true, the execute command functionality is enabled for all containers - // in tasks as part of the service. + // Determines whether the execute command functionality is turned on for the + // service. If true, the execute command functionality is turned on for all + // containers in tasks as part of the service. EnableExecuteCommand *bool `locationName:"enableExecuteCommand" type:"boolean"` // The event stream for your service. A maximum of 100 of the latest events @@ -20782,8 +21073,8 @@ type ServiceConnectConfiguration struct { // for use with Service Connect. The namespace must be in the same Amazon Web // Services Region as the Amazon ECS service and cluster. The type of namespace // doesn't affect Service Connect. For more information about Cloud Map, see - // Working with Services (https://docs.aws.amazon.com/) in the Cloud Map Developer - // Guide. + // Working with Services (https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html) + // in the Cloud Map Developer Guide. Namespace *string `locationName:"namespace" type:"string"` // The list of Service Connect service objects. These are names and aliases @@ -20896,9 +21187,8 @@ type ServiceConnectService struct { // lowercase letters, numbers, underscores (_), and hyphens (-). The name can't // start with a hyphen. // - // If this parameter isn't specified, the default value of discoveryName.namespace - // is used. If the discoveryName isn't specified, the port mapping name from - // the task definition is used in portName.namespace. + // If the discoveryName isn't specified, the port mapping name from the task + // definition is used in portName.namespace. DiscoveryName *string `locationName:"discoveryName" type:"string"` // The port number for the Service Connect proxy to listen on. @@ -21012,9 +21302,8 @@ type ServiceConnectServiceResource struct { // lowercase letters, numbers, underscores (_), and hyphens (-). The name can't // start with a hyphen. // - // If this parameter isn't specified, the default value of discoveryName.namespace - // is used. If the discoveryName isn't specified, the port mapping name from - // the task definition is used in portName.namespace. + // If the discoveryName isn't specified, the port mapping name from the task + // definition is used in portName.namespace. DiscoveryName *string `locationName:"discoveryName" type:"string"` } @@ -21373,12 +21662,11 @@ type Setting struct { // The Amazon ECS resource name. Name *string `locationName:"name" type:"string" enum:"SettingName"` - // The ARN of the principal. It can be an IAM user, IAM role, or the root user. - // If this field is omitted, the authenticated user is assumed. + // The ARN of the principal. It can be a user, role, or the root user. If this + // field is omitted, the authenticated user is assumed. PrincipalArn *string `locationName:"principalArn" type:"string"` - // Determines whether the account setting is enabled or disabled for the specified - // resource. + // Determines whether the account setting is on or off for the specified resource. Value *string `locationName:"value" type:"string"` } @@ -21438,9 +21726,9 @@ type StartTaskInput struct { // in the Amazon Elastic Container Service Developer Guide. EnableECSManagedTags *bool `locationName:"enableECSManagedTags" type:"boolean"` - // Whether or not the execute command functionality is enabled for the task. - // If true, this enables execute command functionality on all containers in - // the task. + // Whether or not the execute command functionality is turned on for the task. + // If true, this turns on the execute command functionality on all containers + // in the task. EnableExecuteCommand *bool `locationName:"enableExecuteCommand" type:"boolean"` // The name of the task group to associate with the task. The default value @@ -21697,7 +21985,7 @@ type StopTaskInput struct { // API operations on this task. Up to 255 characters are allowed in this message. Reason *string `locationName:"reason" type:"string"` - // The task ID or full Amazon Resource Name (ARN) of the task to stop. + // The task ID of the task to stop. // // Task is a required field Task *string `locationName:"task" type:"string" required:"true"` @@ -22442,7 +22730,7 @@ func (s TagResourceOutput) GoString() string { // - The SSM agent is not installed or is not running // // - There is an interface Amazon VPC endpoint for Amazon ECS, but there -// is not one for for Systems Manager Session Manager +// is not one for Systems Manager Session Manager // // For information about how to troubleshoot the issues, see Troubleshooting // issues with ECS Exec (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html) @@ -22654,8 +22942,8 @@ type Task struct { // (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-lifecycle.html). DesiredStatus *string `locationName:"desiredStatus" type:"string"` - // Determines whether execute command functionality is enabled for this task. - // If true, execute command functionality is enabled on all the containers in + // Determines whether execute command functionality is turned on for this task. + // If true, execute command functionality is turned on all the containers in // the task. EnableExecuteCommand *bool `locationName:"enableExecuteCommand" type:"boolean"` @@ -23291,9 +23579,9 @@ type TaskDefinition struct { // This parameter isn't supported for tasks run on Fargate. RequiresAttributes []*Attribute `locationName:"requiresAttributes" type:"list"` - // The task launch types the task definition was validated against. To determine - // which task launch types the task definition is validated for, see the TaskDefinition$compatibilities - // parameter. + // The task launch types the task definition was validated against. For more + // information, see Amazon ECS launch types (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) + // in the Amazon Elastic Container Service Developer Guide. RequiresCompatibilities []*string `locationName:"requiresCompatibilities" type:"list" enum:"Compatibility"` // The revision of the task in a particular family. The revision is a version @@ -23500,8 +23788,8 @@ func (s *TaskDefinition) SetVolumes(v []*Volume) *TaskDefinition { return s } -// An object representing a constraint on task placement in the task definition. -// For more information, see Task placement constraints (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) +// The constraint on task placement in the task definition. For more information, +// see Task placement constraints (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) // in the Amazon Elastic Container Service Developer Guide. // // Task placement constraints aren't supported for tasks run on Fargate. @@ -23568,8 +23856,8 @@ type TaskOverride struct { // * Windows platform version 1.0.0 or later. EphemeralStorage *EphemeralStorage `locationName:"ephemeralStorage" type:"structure"` - // The Amazon Resource Name (ARN) of the task execution IAM role override for - // the task. For more information, see Amazon ECS task execution IAM role (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) + // The Amazon Resource Name (ARN) of the task execution role override for the + // task. For more information, see Amazon ECS task execution IAM role (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) // in the Amazon Elastic Container Service Developer Guide. ExecutionRoleArn *string `locationName:"executionRoleArn" type:"string"` @@ -23579,10 +23867,9 @@ type TaskOverride struct { // The memory override for the task. Memory *string `locationName:"memory" type:"string"` - // The Amazon Resource Name (ARN) of the IAM role that containers in this task - // can assume. All containers in this task are granted the permissions that - // are specified in this role. For more information, see IAM Role for Tasks - // (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) + // The Amazon Resource Name (ARN) of the role that containers in this task can + // assume. All containers in this task are granted the permissions that are + // specified in this role. For more information, see IAM Role for Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) // in the Amazon Elastic Container Service Developer Guide. TaskRoleArn *string `locationName:"taskRoleArn" type:"string"` } @@ -24140,7 +24427,9 @@ func (s *Tmpfs) SetSize(v int64) *Tmpfs { // set by the operating system with the exception of the nofile resource limit // parameter which Fargate overrides. The nofile resource limit sets a restriction // on the number of open files that a container can use. The default nofile -// soft limit is 1024 and hard limit is 4096. +// soft limit is 1024 and the default hard limit is 4096. +// +// You can specify the ulimit settings for a container in a task definition. type Ulimit struct { _ struct{} `type:"structure"` @@ -25538,7 +25827,7 @@ type UpdateTaskProtectionOutput struct { // * taskArn: The task ARN. // // * protectionEnabled: The protection status of the task. If scale-in protection - // is enabled for a task, the value is true. Otherwise, it is false. + // is turned on for a task, the value is true. Otherwise, it is false. // // * expirationDate: The epoch time when protection for the task will expire. ProtectedTasks []*ProtectedTask `locationName:"protectedTasks" type:"list"` @@ -26780,6 +27069,12 @@ const ( // SettingNameContainerInsights is a SettingName enum value SettingNameContainerInsights = "containerInsights" + + // SettingNameFargateFipsmode is a SettingName enum value + SettingNameFargateFipsmode = "fargateFIPSMode" + + // SettingNameTagResourceAuthorization is a SettingName enum value + SettingNameTagResourceAuthorization = "tagResourceAuthorization" ) // SettingName_Values returns all elements of the SettingName enum @@ -26790,6 +27085,8 @@ func SettingName_Values() []string { SettingNameContainerInstanceLongArnFormat, SettingNameAwsvpcTrunking, SettingNameContainerInsights, + SettingNameFargateFipsmode, + SettingNameTagResourceAuthorization, } } @@ -26887,6 +27184,9 @@ const ( // TaskDefinitionStatusInactive is a TaskDefinitionStatus enum value TaskDefinitionStatusInactive = "INACTIVE" + + // TaskDefinitionStatusDeleteInProgress is a TaskDefinitionStatus enum value + TaskDefinitionStatusDeleteInProgress = "DELETE_IN_PROGRESS" ) // TaskDefinitionStatus_Values returns all elements of the TaskDefinitionStatus enum @@ -26894,6 +27194,7 @@ func TaskDefinitionStatus_Values() []string { return []string{ TaskDefinitionStatusActive, TaskDefinitionStatusInactive, + TaskDefinitionStatusDeleteInProgress, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/ecs/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ecs/errors.go index 8df1690..749e017 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ecs/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ecs/errors.go @@ -159,7 +159,7 @@ const ( // * The SSM agent is not installed or is not running // // * There is an interface Amazon VPC endpoint for Amazon ECS, but there - // is not one for for Systems Manager Session Manager + // is not one for Systems Manager Session Manager // // For information about how to troubleshoot the issues, see Troubleshooting // issues with ECS Exec (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html) diff --git a/vendor/github.com/aws/aws-sdk-go/service/efs/api.go b/vendor/github.com/aws/aws-sdk-go/service/efs/api.go index 5247b0d..fde9cfd 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/efs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/efs/api.go @@ -66,14 +66,21 @@ func (c *EFS) CreateAccessPointRequest(input *CreateAccessPointInput) (req *requ // more, see Mounting a file system using EFS access points (https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html). // // If multiple requests to create access points on the same file system are -// sent in quick succession, and the file system is near the limit of 1000 access -// points, you may experience a throttling response for these requests. This -// is to ensure that the file system does not exceed the stated access point -// limit. +// sent in quick succession, and the file system is near the limit of 1,000 +// access points, you may experience a throttling response for these requests. +// This is to ensure that the file system does not exceed the stated access +// point limit. // // This operation requires permissions for the elasticfilesystem:CreateAccessPoint // action. // +// Access points can be tagged on creation. If tags are specified in the creation +// action, IAM performs additional authorization on the elasticfilesystem:TagResource +// action to verify if users have permissions to create tags. Therefore, you +// must grant explicit permissions to use the elasticfilesystem:TagResource +// action. For more information, see Granting permissions to tag resources during +// creation (https://docs.aws.amazon.com/efs/latest/ug/using-tags-efs.html#supported-iam-actions-tagging.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -231,6 +238,13 @@ func (c *EFS) CreateFileSystemRequest(input *CreateFileSystemInput) (req *reques // This operation requires permissions for the elasticfilesystem:CreateFileSystem // action. // +// File systems can be tagged on creation. If tags are specified in the creation +// action, IAM performs additional authorization on the elasticfilesystem:TagResource +// action to verify if users have permissions to create tags. Therefore, you +// must grant explicit permissions to use the elasticfilesystem:TagResource +// action. For more information, see Granting permissions to tag resources during +// creation (https://docs.aws.amazon.com/efs/latest/ug/using-tags-efs.html#supported-iam-actions-tagging.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -600,9 +614,9 @@ func (c *EFS) CreateReplicationConfigurationRequest(input *CreateReplicationConf // EFS One Zone storage. In that case, the General Purpose performance mode // is used. The performance mode cannot be changed. // -// - Throughput mode - The destination file system uses the Bursting Throughput -// mode by default. After the file system is created, you can modify the -// throughput mode. +// - Throughput mode - The destination file system's throughput mode matches +// that of the source file system. After the file system is created, you +// can modify the throughput mode. // // The following properties are turned off by default: // @@ -3663,7 +3677,7 @@ type AccessPointDescription struct { // The name of the access point. This is the value of the Name tag. Name *string `type:"string"` - // Identified the Amazon Web Services account that owns the access point resource. + // Identifies the Amazon Web Services account that owns the access point resource. OwnerId *string `type:"string"` // The full POSIX identity, including the user ID, group ID, and secondary group @@ -4270,7 +4284,7 @@ type CreateAccessPointOutput struct { // The name of the access point. This is the value of the Name tag. Name *string `type:"string"` - // Identified the Amazon Web Services account that owns the access point resource. + // Identifies the Amazon Web Services account that owns the access point resource. OwnerId *string `type:"string"` // The full POSIX identity, including the user ID, group ID, and secondary group @@ -6625,10 +6639,21 @@ type Destination struct { // Region is a required field Region *string `min:"1" type:"string" required:"true"` - // Describes the status of the destination Amazon EFS file system. If the status - // is ERROR, the destination file system in the replication configuration is - // in a failed state and is unrecoverable. To access the file system data, restore - // a backup of the failed file system to a new file system. + // Describes the status of the destination Amazon EFS file system. + // + // * The Paused state occurs as a result of opting out of the source or destination + // Region after the replication configuration was created. To resume replication + // for the file system, you need to again opt in to the Amazon Web Services + // Region. For more information, see Managing Amazon Web Services Regions + // (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable) + // in the Amazon Web Services General Reference Guide. + // + // * The Error state occurs when either the source or the destination file + // system (or both) is in a failed state and is unrecoverable. For more information, + // see Monitoring replication status (https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) + // in the Amazon EFS User Guide. You must delete the replication configuration, + // and then restore the most recent backup of the failed file system (either + // the source or the destination) to a new file system. // // Status is a required field Status *string `type:"string" required:"true" enum:"ReplicationStatus"` @@ -6894,9 +6919,7 @@ type FileSystemDescription struct { // NumberOfMountTargets is a required field NumberOfMountTargets *int64 `type:"integer" required:"true"` - // The Amazon Web Services account that created the file system. If the file - // system was created by an IAM user, the parent account to which the user belongs - // is the owner. + // The Amazon Web Services account that created the file system. // // OwnerId is a required field OwnerId *string `type:"string" required:"true"` @@ -10300,9 +10323,7 @@ type UpdateFileSystemOutput struct { // NumberOfMountTargets is a required field NumberOfMountTargets *int64 `type:"integer" required:"true"` - // The Amazon Web Services account that created the file system. If the file - // system was created by an IAM user, the parent account to which the user belongs - // is the owner. + // The Amazon Web Services account that created the file system. // // OwnerId is a required field OwnerId *string `type:"string" required:"true"` @@ -10598,6 +10619,12 @@ const ( // ReplicationStatusError is a ReplicationStatus enum value ReplicationStatusError = "ERROR" + + // ReplicationStatusPaused is a ReplicationStatus enum value + ReplicationStatusPaused = "PAUSED" + + // ReplicationStatusPausing is a ReplicationStatus enum value + ReplicationStatusPausing = "PAUSING" ) // ReplicationStatus_Values returns all elements of the ReplicationStatus enum @@ -10607,6 +10634,8 @@ func ReplicationStatus_Values() []string { ReplicationStatusEnabling, ReplicationStatusDeleting, ReplicationStatusError, + ReplicationStatusPaused, + ReplicationStatusPausing, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/elasticache/api.go b/vendor/github.com/aws/aws-sdk-go/service/elasticache/api.go index a3e5e0c..067e71f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elasticache/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elasticache/api.go @@ -8140,7 +8140,7 @@ type CacheCluster struct { // The network type associated with the cluster, either ipv4 | ipv6. IPv6 is // supported for workloads using Redis engine version 6.2 onward or Memcached - // engine version 1.6.6 on all instances built on the Nitro system (https://aws.amazon.com/ec2/nitro/). + // engine version 1.6.6 on all instances built on the Nitro system (http://aws.amazon.com/ec2/nitro/). IpDiscovery *string `type:"string" enum:"IpDiscovery"` // Returns the destination, format and type of the logs. @@ -8148,7 +8148,7 @@ type CacheCluster struct { // Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads // using Redis engine version 6.2 onward or Memcached engine version 1.6.6 on - // all instances built on the Nitro system (https://aws.amazon.com/ec2/nitro/). + // all instances built on the Nitro system (http://aws.amazon.com/ec2/nitro/). NetworkType *string `type:"string" enum:"NetworkType"` // Describes a notification topic and its status. Notification topics are used @@ -8463,7 +8463,7 @@ type CacheEngineVersion struct { // The name of the cache parameter group family associated with this cache engine. // // Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | - // redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x + // redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x | redis7 CacheParameterGroupFamily *string `type:"string"` // The name of the cache engine. @@ -8930,7 +8930,7 @@ type CacheParameterGroup struct { // is compatible with. // // Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | - // redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x | + // redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x | redis7 CacheParameterGroupFamily *string `type:"string"` // The name of the cache parameter group. @@ -9218,7 +9218,7 @@ type CacheSubnetGroup struct { // Either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Redis // engine version 6.2 onward or Memcached engine version 1.6.6 on all instances - // built on the Nitro system (https://aws.amazon.com/ec2/nitro/). + // built on the Nitro system (http://aws.amazon.com/ec2/nitro/). SupportedNetworkTypes []*string `type:"list" enum:"NetworkType"` // The Amazon Virtual Private Cloud identifier (VPC ID) of the cache subnet @@ -9774,7 +9774,7 @@ type CreateCacheClusterInput struct { // The network type you choose when modifying a cluster, either ipv4 | ipv6. // IPv6 is supported for workloads using Redis engine version 6.2 onward or // Memcached engine version 1.6.6 on all instances built on the Nitro system - // (https://aws.amazon.com/ec2/nitro/). + // (http://aws.amazon.com/ec2/nitro/). IpDiscovery *string `type:"string" enum:"IpDiscovery"` // Specifies the destination, format and type of the logs. @@ -9782,7 +9782,7 @@ type CreateCacheClusterInput struct { // Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads // using Redis engine version 6.2 onward or Memcached engine version 1.6.6 on - // all instances built on the Nitro system (https://aws.amazon.com/ec2/nitro/). + // all instances built on the Nitro system (http://aws.amazon.com/ec2/nitro/). NetworkType *string `type:"string" enum:"NetworkType"` // The Amazon Resource Name (ARN) of the Amazon Simple Notification Service @@ -9904,9 +9904,6 @@ type CreateCacheClusterInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` // A flag that enables in-transit encryption when set to true. - // - // Only available when creating a cache cluster in an Amazon VPC using Memcached - // version 1.6.12 or later. TransitEncryptionEnabled *bool `type:"boolean"` } @@ -10160,7 +10157,7 @@ type CreateCacheParameterGroupInput struct { // can be used with. // // Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | - // redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x + // redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x | redis7 // // CacheParameterGroupFamily is a required field CacheParameterGroupFamily *string `type:"string" required:"true"` @@ -10753,6 +10750,14 @@ type CreateReplicationGroupInput struct { // see Subnets and Subnet Groups (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.html). CacheSubnetGroupName *string `type:"string"` + // Enabled or Disabled. To modify cluster mode from Disabled to Enabled, you + // must first set the cluster mode to Compatible. Compatible mode allows your + // Redis clients to connect using both cluster mode enabled and cluster mode + // disabled. After you migrate all Redis clients to use cluster mode enabled, + // you can then complete cluster mode configuration and set the cluster mode + // to Enabled. + ClusterMode *string `type:"string" enum:"ClusterMode"` + // Enables data tiering. Data tiering is only supported for replication groups // using the r6gd node type. This parameter must be set to true when using r6gd // nodes. For more information, see Data tiering (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html). @@ -10780,7 +10785,7 @@ type CreateReplicationGroupInput struct { // The network type you choose when creating a replication group, either ipv4 // | ipv6. IPv6 is supported for workloads using Redis engine version 6.2 onward // or Memcached engine version 1.6.6 on all instances built on the Nitro system - // (https://aws.amazon.com/ec2/nitro/). + // (http://aws.amazon.com/ec2/nitro/). IpDiscovery *string `type:"string" enum:"IpDiscovery"` // The ID of the KMS key used to encrypt the disk in the cluster. @@ -10795,7 +10800,7 @@ type CreateReplicationGroupInput struct { // Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads // using Redis engine version 6.2 onward or Memcached engine version 1.6.6 on - // all instances built on the Nitro system (https://aws.amazon.com/ec2/nitro/). + // all instances built on the Nitro system (http://aws.amazon.com/ec2/nitro/). NetworkType *string `type:"string" enum:"NetworkType"` // A list of node group (shard) configuration options. Each node group (shard) @@ -10985,8 +10990,10 @@ type CreateReplicationGroupInput struct { // connections only. // // Setting TransitEncryptionMode to required is a two-step process that requires - // you to first set the TransitEncryptionMode to preferred first, after that - // you can set TransitEncryptionMode to required. + // you to first set the TransitEncryptionMode to preferred, after that you can + // set TransitEncryptionMode to required. + // + // This process will not trigger the replacement of the replication group. TransitEncryptionMode *string `type:"string" enum:"TransitEncryptionMode"` // The user group to associate with the replication group. @@ -11088,6 +11095,12 @@ func (s *CreateReplicationGroupInput) SetCacheSubnetGroupName(v string) *CreateR return s } +// SetClusterMode sets the ClusterMode field's value. +func (s *CreateReplicationGroupInput) SetClusterMode(v string) *CreateReplicationGroupInput { + s.ClusterMode = &v + return s +} + // SetDataTieringEnabled sets the DataTieringEnabled field's value. func (s *CreateReplicationGroupInput) SetDataTieringEnabled(v bool) *CreateReplicationGroupInput { s.DataTieringEnabled = &v @@ -15484,7 +15497,7 @@ type EngineDefaults struct { // default parameters apply. // // Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | - // redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.0 | redis6.x + // redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.0 | redis6.x | redis7 CacheParameterGroupFamily *string `type:"string"` // Provides an identifier to allow retrieval of paginated results. @@ -16784,7 +16797,7 @@ type ModifyCacheClusterInput struct { // The network type you choose when modifying a cluster, either ipv4 | ipv6. // IPv6 is supported for workloads using Redis engine version 6.2 onward or // Memcached engine version 1.6.6 on all instances built on the Nitro system - // (https://aws.amazon.com/ec2/nitro/). + // (http://aws.amazon.com/ec2/nitro/). IpDiscovery *string `type:"string" enum:"IpDiscovery"` // Specifies the destination, format and type of the logs. @@ -17501,6 +17514,14 @@ type ModifyReplicationGroupInput struct { // not be Default. CacheSecurityGroupNames []*string `locationNameList:"CacheSecurityGroupName" type:"list"` + // Enabled or Disabled. To modify cluster mode from Disabled to Enabled, you + // must first set the cluster mode to Compatible. Compatible mode allows your + // Redis clients to connect using both cluster mode enabled and cluster mode + // disabled. After you migrate all Redis clients to use cluster mode enabled, + // you can then complete cluster mode configuration and set the cluster mode + // to Enabled. + ClusterMode *string `type:"string" enum:"ClusterMode"` + // The upgraded version of the cache engine to be run on the clusters in the // replication group. // @@ -17514,7 +17535,7 @@ type ModifyReplicationGroupInput struct { // The network type you choose when modifying a cluster, either ipv4 | ipv6. // IPv6 is supported for workloads using Redis engine version 6.2 onward or // Memcached engine version 1.6.6 on all instances built on the Nitro system - // (https://aws.amazon.com/ec2/nitro/). + // (http://aws.amazon.com/ec2/nitro/). IpDiscovery *string `type:"string" enum:"IpDiscovery"` // Specifies the destination, format and type of the logs. @@ -17625,8 +17646,8 @@ type ModifyReplicationGroupInput struct { // to required to allow encrypted connections only. // // Setting TransitEncryptionMode to required is a two-step process that requires - // you to first set the TransitEncryptionMode to preferred first, after that - // you can set TransitEncryptionMode to required. + // you to first set the TransitEncryptionMode to preferred, after that you can + // set TransitEncryptionMode to required. TransitEncryptionMode *string `type:"string" enum:"TransitEncryptionMode"` // The ID of the user group you are associating with the replication group. @@ -17716,6 +17737,12 @@ func (s *ModifyReplicationGroupInput) SetCacheSecurityGroupNames(v []*string) *M return s } +// SetClusterMode sets the ClusterMode field's value. +func (s *ModifyReplicationGroupInput) SetClusterMode(v string) *ModifyReplicationGroupInput { + s.ClusterMode = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *ModifyReplicationGroupInput) SetEngineVersion(v string) *ModifyReplicationGroupInput { s.EngineVersion = &v @@ -19868,6 +19895,14 @@ type ReplicationGroup struct { // Valid values: true | false ClusterEnabled *bool `type:"boolean"` + // Enabled or Disabled. To modify cluster mode from Disabled to Enabled, you + // must first set the cluster mode to Compatible. Compatible mode allows your + // Redis clients to connect using both cluster mode enabled and cluster mode + // disabled. After you migrate all Redis clients to use cluster mode enabled, + // you can then complete cluster mode configuration and set the cluster mode + // to Enabled. + ClusterMode *string `type:"string" enum:"ClusterMode"` + // The configuration endpoint for this replication group. Use the configuration // endpoint to connect to this replication group. ConfigurationEndpoint *Endpoint `type:"structure"` @@ -19887,7 +19922,7 @@ type ReplicationGroup struct { // The network type you choose when modifying a cluster, either ipv4 | ipv6. // IPv6 is supported for workloads using Redis engine version 6.2 onward or // Memcached engine version 1.6.6 on all instances built on the Nitro system - // (https://aws.amazon.com/ec2/nitro/). + // (http://aws.amazon.com/ec2/nitro/). IpDiscovery *string `type:"string" enum:"IpDiscovery"` // The ID of the KMS key used to encrypt the disk in the cluster. @@ -19908,7 +19943,7 @@ type ReplicationGroup struct { // Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads // using Redis engine version 6.2 onward or Memcached engine version 1.6.6 on - // all instances built on the Nitro system (https://aws.amazon.com/ec2/nitro/). + // all instances built on the Nitro system (http://aws.amazon.com/ec2/nitro/). NetworkType *string `type:"string" enum:"NetworkType"` // A list of node groups in this replication group. For Redis (cluster mode @@ -20036,6 +20071,12 @@ func (s *ReplicationGroup) SetClusterEnabled(v bool) *ReplicationGroup { return s } +// SetClusterMode sets the ClusterMode field's value. +func (s *ReplicationGroup) SetClusterMode(v string) *ReplicationGroup { + s.ClusterMode = &v + return s +} + // SetConfigurationEndpoint sets the ConfigurationEndpoint field's value. func (s *ReplicationGroup) SetConfigurationEndpoint(v *Endpoint) *ReplicationGroup { s.ConfigurationEndpoint = v @@ -20179,6 +20220,14 @@ type ReplicationGroupPendingModifiedValues struct { // Indicates the status of automatic failover for this Redis replication group. AutomaticFailoverStatus *string `type:"string" enum:"PendingAutomaticFailoverStatus"` + // Enabled or Disabled. To modify cluster mode from Disabled to Enabled, you + // must first set the cluster mode to Compatible. Compatible mode allows your + // Redis clients to connect using both cluster mode enabled and cluster mode + // disabled. After you migrate all Redis clients to use cluster mode enabled, + // you can then complete cluster mode configuration and set the cluster mode + // to Enabled. + ClusterMode *string `type:"string" enum:"ClusterMode"` + // The log delivery configurations being modified LogDeliveryConfigurations []*PendingLogDeliveryConfiguration `locationName:"PendingLogDeliveryConfiguration" type:"list"` @@ -20230,6 +20279,12 @@ func (s *ReplicationGroupPendingModifiedValues) SetAutomaticFailoverStatus(v str return s } +// SetClusterMode sets the ClusterMode field's value. +func (s *ReplicationGroupPendingModifiedValues) SetClusterMode(v string) *ReplicationGroupPendingModifiedValues { + s.ClusterMode = &v + return s +} + // SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. func (s *ReplicationGroupPendingModifiedValues) SetLogDeliveryConfigurations(v []*PendingLogDeliveryConfiguration) *ReplicationGroupPendingModifiedValues { s.LogDeliveryConfigurations = v @@ -21563,7 +21618,7 @@ type Subnet struct { // Either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Redis // engine version 6.2 onward or Memcached engine version 1.6.6 on all instances - // built on the Nitro system (https://aws.amazon.com/ec2/nitro/). + // built on the Nitro system (http://aws.amazon.com/ec2/nitro/). SupportedNetworkTypes []*string `type:"list" enum:"NetworkType"` } @@ -22500,6 +22555,26 @@ func ChangeType_Values() []string { } } +const ( + // ClusterModeEnabled is a ClusterMode enum value + ClusterModeEnabled = "enabled" + + // ClusterModeDisabled is a ClusterMode enum value + ClusterModeDisabled = "disabled" + + // ClusterModeCompatible is a ClusterMode enum value + ClusterModeCompatible = "compatible" +) + +// ClusterMode_Values returns all elements of the ClusterMode enum +func ClusterMode_Values() []string { + return []string{ + ClusterModeEnabled, + ClusterModeDisabled, + ClusterModeCompatible, + } +} + const ( // DataTieringStatusEnabled is a DataTieringStatus enum value DataTieringStatusEnabled = "enabled" diff --git a/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go b/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go index 8e53d51..7928047 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go @@ -14564,8 +14564,17 @@ type RedshiftDataParameters struct { // The SQL statement text to run. // - // Sql is a required field - Sql *string `min:"1" type:"string" required:"true"` + // Sql is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RedshiftDataParameters's + // String and GoString methods. + Sql *string `min:"1" type:"string" sensitive:"true"` + + // A list of SQLs. + // + // Sqls is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RedshiftDataParameters's + // String and GoString methods. + Sqls []*string `type:"list" sensitive:"true"` // The name of the SQL statement. You can name the SQL statement when you create // it to identify the query. @@ -14609,9 +14618,6 @@ func (s *RedshiftDataParameters) Validate() error { if s.SecretManagerArn != nil && len(*s.SecretManagerArn) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretManagerArn", 1)) } - if s.Sql == nil { - invalidParams.Add(request.NewErrParamRequired("Sql")) - } if s.Sql != nil && len(*s.Sql) < 1 { invalidParams.Add(request.NewErrParamMinLen("Sql", 1)) } @@ -14649,6 +14655,12 @@ func (s *RedshiftDataParameters) SetSql(v string) *RedshiftDataParameters { return s } +// SetSqls sets the Sqls field's value. +func (s *RedshiftDataParameters) SetSqls(v []*string) *RedshiftDataParameters { + s.Sqls = v + return s +} + // SetStatementName sets the StatementName field's value. func (s *RedshiftDataParameters) SetStatementName(v string) *RedshiftDataParameters { s.StatementName = &v diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go index 04a2b6d..510e33f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go @@ -194,7 +194,8 @@ func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInp // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -508,7 +509,8 @@ func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *reques // for an input parameter. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -918,9 +920,9 @@ func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *re // CreateAccountAlias API operation for AWS Identity and Access Management. // // Creates an alias for your Amazon Web Services account. For information about -// using an Amazon Web Services account alias, see Using an alias for your Amazon -// Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) -// in the IAM User Guide. +// using an Amazon Web Services account alias, see Creating, deleting, and listing +// an Amazon Web Services account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) +// in the Amazon Web Services Sign-In User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -931,6 +933,11 @@ func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *re // // Returned Error Codes: // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // - ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already // exists. @@ -1340,6 +1347,8 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // - A list of client IDs (also known as audiences) that identify the application // or applications allowed to authenticate using the OIDC provider // +// - A list of tags that are attached to the specified IAM OIDC provider +// // - A list of thumbprints of one or more server certificates that the IdP // uses // @@ -2361,6 +2370,11 @@ func (c *IAM) DeactivateMFADeviceRequest(input *DeactivateMFADeviceInput) (req * // The request processing has failed because of an unknown error, exception // or failure. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeactivateMFADevice func (c *IAM) DeactivateMFADevice(input *DeactivateMFADeviceInput) (*DeactivateMFADeviceOutput, error) { req, out := c.DeactivateMFADeviceRequest(input) @@ -2524,9 +2538,9 @@ func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *re // DeleteAccountAlias API operation for AWS Identity and Access Management. // // Deletes the specified Amazon Web Services account alias. For information -// about using an Amazon Web Services account alias, see Using an alias for -// your Amazon Web Services account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) -// in the IAM User Guide. +// about using an Amazon Web Services account alias, see Creating, deleting, +// and listing an Amazon Web Services account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) +// in the Amazon Web Services Sign-In User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2537,6 +2551,11 @@ func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *re // // Returned Error Codes: // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // - ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does // not exist. The error message describes the resource. @@ -3474,7 +3493,8 @@ func (c *IAM) DeleteRoleRequest(input *DeleteRoleInput) (req *request.Request, o // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -3556,6 +3576,8 @@ func (c *IAM) DeleteRolePermissionsBoundaryRequest(input *DeleteRolePermissionsB // // Deletes the permissions boundary for the specified IAM role. // +// You cannot set the boundary for a service-linked role. +// // Deleting the permissions boundary for a role might increase its permissions. // For example, it might allow anyone who assumes the role to perform all the // actions granted in its permissions policies. @@ -3574,7 +3596,8 @@ func (c *IAM) DeleteRolePermissionsBoundaryRequest(input *DeleteRolePermissionsB // not exist. The error message describes the resource. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -3676,7 +3699,8 @@ func (c *IAM) DeleteRolePolicyRequest(input *DeleteRolePolicyInput) (req *reques // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -4262,6 +4286,11 @@ func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInp // the current Amazon Web Services account limits. The error message describes // the limit exceeded. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // - ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception // or failure. @@ -4669,6 +4698,11 @@ func (c *IAM) DeleteVirtualMFADeviceRequest(input *DeleteVirtualMFADeviceInput) // The request processing has failed because of an unknown error, exception // or failure. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteVirtualMFADevice func (c *IAM) DeleteVirtualMFADevice(input *DeleteVirtualMFADeviceInput) (*DeleteVirtualMFADeviceOutput, error) { req, out := c.DeleteVirtualMFADeviceRequest(input) @@ -4864,7 +4898,8 @@ func (c *IAM) DetachRolePolicyRequest(input *DetachRolePolicyInput) (req *reques // for an input parameter. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -5078,6 +5113,11 @@ func (c *IAM) EnableMFADeviceRequest(input *EnableMFADeviceInput) (req *request. // The request processing has failed because of an unknown error, exception // or failure. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableMFADevice func (c *IAM) EnableMFADevice(input *EnableMFADeviceInput) (*EnableMFADeviceOutput, error) { req, out := c.EnableMFADeviceRequest(input) @@ -6773,7 +6813,7 @@ func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessR // permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. // -// For each service that principals in an account (root users, IAM users, or +// For each service that principals in an account (root user, IAM users, or // IAM roles) could access using SCPs, the operation returns details about the // most recent access attempt. If there was no attempt, the service is listed // without details about the most recent attempt to access the service. If the @@ -8214,9 +8254,9 @@ func (c *IAM) ListAccountAliasesRequest(input *ListAccountAliasesInput) (req *re // // Lists the account alias associated with the Amazon Web Services account (Note: // you can have only one). For information about using an Amazon Web Services -// account alias, see Using an alias for your Amazon Web Services account ID -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) in the -// IAM User Guide. +// account alias, see Creating, deleting, and listing an Amazon Web Services +// account alias (https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html) +// in the Amazon Web Services Sign-In User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10954,9 +10994,16 @@ func (c *IAM) ListRolesRequest(input *ListRolesInput) (req *request.Request, out // Working with roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). // // IAM resource-listing operations return a subset of the available attributes -// for the resource. For example, this operation does not return tags, even -// though they are an attribute of the returned object. To view all of the information -// for a role, see GetRole. +// for the resource. This operation does not return the following attributes, +// even though they are an attribute of the returned object: +// +// - PermissionsBoundary +// +// - RoleLastUsed +// +// - Tags +// +// To view all of the information for a role, see GetRole. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -12200,9 +12247,14 @@ func (c *IAM) ListUsersRequest(input *ListUsersInput) (req *request.Request, out // account. If there are none, the operation returns an empty list. // // IAM resource-listing operations return a subset of the available attributes -// for the resource. For example, this operation does not return tags, even -// though they are an attribute of the returned object. To view all of the information -// for a user, see GetUser. +// for the resource. This operation does not return the following attributes, +// even though they are an attribute of the returned object: +// +// - PermissionsBoundary +// +// - Tags +// +// To view all of the information for a user, see GetUser. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -12617,7 +12669,8 @@ func (c *IAM) PutRolePermissionsBoundaryRequest(input *PutRolePermissionsBoundar // for an input parameter. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -12743,7 +12796,8 @@ func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *request.Requ // not exist. The error message describes the resource. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -13155,7 +13209,8 @@ func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstance // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -13435,6 +13490,11 @@ func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *request. // The request processing has failed because of an unknown error, exception // or failure. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResyncMFADevice func (c *IAM) ResyncMFADevice(input *ResyncMFADeviceInput) (*ResyncMFADeviceOutput, error) { req, out := c.ResyncMFADeviceRequest(input) @@ -14323,10 +14383,10 @@ func (c *IAM) TagOpenIDConnectProviderRequest(input *TagOpenIDConnectProviderInp // Or search for all resources with the key name Cost Center and the value // 41200. // -// - Access control - Include tags in IAM user-based and resource-based policies. -// You can use tags to restrict access to only an OIDC provider that has -// a specified tag attached. For examples of policies that show how to use -// tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) +// - Access control - Include tags in IAM identity-based and resource-based +// policies. You can use tags to restrict access to only an OIDC provider +// that has a specified tag attached. For examples of policies that show +// how to use tags to control access, see Control access using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) // in the IAM User Guide. // // - If any one of the tags is invalid or if you exceed the allowed maximum @@ -14968,13 +15028,13 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // Or search for all resources with the key name Cost Center and the value // 41200. // -// - Access control - Include tags in IAM user-based and resource-based policies. -// You can use tags to restrict access to only an IAM requesting user that -// has a specified tag attached. You can also restrict access to only those -// resources that have a certain tag attached. For examples of policies that -// show how to use tags to control access, see Control access using IAM tags -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in -// the IAM User Guide. +// - Access control - Include tags in IAM identity-based and resource-based +// policies. You can use tags to restrict access to only an IAM requesting +// user that has a specified tag attached. You can also restrict access to +// only those resources that have a certain tag attached. For examples of +// policies that show how to use tags to control access, see Control access +// using IAM tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) +// in the IAM User Guide. // // - Cost allocation - Use tags to help track which individuals and teams // are using which Amazon Web Services resources. @@ -16096,7 +16156,8 @@ func (c *IAM) UpdateAssumeRolePolicyRequest(input *UpdateAssumeRolePolicyInput) // the limit exceeded. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -16505,7 +16566,8 @@ func (c *IAM) UpdateRoleRequest(input *UpdateRoleInput) (req *request.Request, o // Returned Error Codes: // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -16602,7 +16664,8 @@ func (c *IAM) UpdateRoleDescriptionRequest(input *UpdateRoleDescriptionInput) (r // not exist. The error message describes the resource. // // - ErrCodeUnmodifiableEntityException "UnmodifiableEntity" -// The request was rejected because only the service that depends on the service-linked +// The request was rejected because service-linked roles are protected Amazon +// Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. @@ -17564,6 +17627,11 @@ func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInp // The request was rejected because it referenced a resource entity that does // not exist. The error message describes the resource. // +// - ErrCodeConcurrentModificationException "ConcurrentModification" +// The request was rejected because multiple requests to change this object +// were submitted simultaneously. Wait a few minutes and submit your request +// again. +// // - ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception // or failure. @@ -17604,7 +17672,7 @@ type AccessDetail struct { // from which an authenticated principal last attempted to access the service. // Amazon Web Services does not report unauthenticated requests. // - // This field is null if no principals (IAM users, IAM roles, or root users) + // This field is null if no principals (IAM users, IAM roles, or root user) // in the reported Organizations entity attempted to access the service within // the tracking period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). EntityPath *string `min:"19" type:"string"` @@ -17641,7 +17709,7 @@ type AccessDetail struct { // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` - // The number of accounts with authenticated principals (root users, IAM users, + // The number of accounts with authenticated principals (root user, IAM users, // and IAM roles) that attempted to access the service in the tracking period. TotalAuthenticatedEntities *int64 `type:"integer"` } @@ -19368,7 +19436,7 @@ type CreateOpenIDConnectProviderInput struct { // // For more information about obtaining the OIDC provider thumbprint, see Obtaining // the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html) - // in the IAM User Guide. + // in the IAM user Guide. // // ThumbprintList is a required field ThumbprintList []*string `type:"list" required:"true"` @@ -19924,6 +19992,10 @@ type CreateRoleInput struct { // Names are not distinguished by case. For example, you cannot create resources // named both "MyResource" and "myresource". // + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- + // // RoleName is a required field RoleName *string `min:"1" type:"string" required:"true"` @@ -20626,8 +20698,8 @@ type CreateVirtualMFADeviceInput struct { // of tags, then the entire request fails and the resource is not created. Tags []*Tag `type:"list"` - // The name of the virtual MFA device. Use with path to uniquely identify a - // virtual MFA device. + // The name of the virtual MFA device, which must be unique. Use with path to + // uniquely identify a virtual MFA device. // // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) // a string of characters consisting of upper and lowercase alphanumeric characters @@ -34270,7 +34342,7 @@ type Role struct { // if your Region began supporting these features within the last year. The // role might have been used more than 400 days ago. For more information, see // Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) - // in the IAM User Guide. + // in the IAM user Guide. RoleLastUsed *RoleLastUsed `type:"structure"` // The friendly name that identifies the role. @@ -34531,7 +34603,7 @@ func (s *RoleDetail) SetTags(v []*Tag) *RoleDetail { // if your Region began supporting these features within the last year. The // role might have been used more than 400 days ago. For more information, see // Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) -// in the IAM User Guide. +// in the IAM user Guide. // // This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails // operations. @@ -40361,7 +40433,7 @@ type VirtualMFADevice struct { _ struct{} `type:"structure"` // The base32 seed defined as specified in RFC3548 (https://tools.ietf.org/html/rfc3548.txt). - // The Base32StringSeed is base64-encoded. + // The Base32StringSeed is base32-encoded. // // Base32StringSeed is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by VirtualMFADevice's diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go index 376c971..de6dfec 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go @@ -186,7 +186,8 @@ const ( // ErrCodeUnmodifiableEntityException for service response error code // "UnmodifiableEntity". // - // The request was rejected because only the service that depends on the service-linked + // The request was rejected because service-linked roles are protected Amazon + // Web Services resources. Only the service that depends on the service-linked // role can modify or delete the role on your behalf. The error message includes // the name of the service that depends on this service-linked role. You must // request the change through that service. diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index dc0252c..89e1bb5 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -1108,13 +1108,6 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes // for messages up to 4096 bytes. // -// HMAC KMS keys are not supported in all Amazon Web Services Regions. If you -// try to create an HMAC KMS key in an Amazon Web Services Region in which HMAC -// keys are not supported, the CreateKey operation returns an UnsupportedOperationException. -// For a list of Regions in which HMAC KMS keys are supported, see HMAC keys -// in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) -// in the Key Management Service Developer Guide. -// // # Multi-Region primary keys // // # Imported key material @@ -1140,18 +1133,20 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) // in the Key Management Service Developer Guide. // -// To import your own key material into a KMS key, begin by creating a symmetric -// encryption KMS key with no key material. To do this, use the Origin parameter -// of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation -// to get a public key and import token, and use the public key to encrypt your +// To import your own key material into a KMS key, begin by creating a KMS key +// with no key material. To do this, use the Origin parameter of CreateKey with +// a value of EXTERNAL. Next, use GetParametersForImport operation to get a +// public key and import token. Use the wrapping public key to encrypt your // key material. Then, use ImportKeyMaterial with your import token to import // the key material. For step-by-step instructions, see Importing Key Material // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the Key Management Service Developer Guide . // -// This feature supports only symmetric encryption KMS keys, including multi-Region -// symmetric encryption KMS keys. You cannot import key material into any other -// type of KMS key. +// You can import key material into KMS keys of all supported KMS key types: +// symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, +// and asymmetric signing KMS keys. You can also create multi-Region keys with +// imported key material. However, you can't import key material into a KMS +// key in a custom key store. // // To create a multi-Region primary key with imported key material, use the // Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion @@ -1449,28 +1444,33 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // KMS key that you intend. // // Whenever possible, use key policies to give users permission to call the -// Decrypt operation on a particular KMS key, instead of using IAM policies. -// Otherwise, you might create an IAM user policy that gives the user Decrypt -// permission on all KMS keys. This user could decrypt ciphertext that was encrypted -// by KMS keys in other accounts if the key policy for the cross-account KMS -// key permits it. If you must use an IAM policy for Decrypt permissions, limit +// Decrypt operation on a particular KMS key, instead of using &IAM; policies. +// Otherwise, you might create an &IAM; policy that gives the user Decrypt permission +// on all KMS keys. This user could decrypt ciphertext that was encrypted by +// KMS keys in other accounts if the key policy for the cross-account KMS key +// permits it. If you must use an IAM policy for Decrypt permissions, limit // the user to particular KMS keys or particular trusted accounts. For details, // see Best practices for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices) // in the Key Management Service Developer Guide. // -// Applications in Amazon Web Services Nitro Enclaves can call this operation -// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). -// For information about the supporting parameters, see How Amazon Web Services -// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) -// in the Key Management Service Developer Guide. +// Decrypt also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call Decrypt +// for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. Instead of the plaintext data, the +// response includes the plaintext data encrypted with the public key from the +// attestation document (CiphertextForRecipient).For information about the interaction +// between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services +// Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide.. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide. // -// Cross-account use: Yes. To perform this operation with a KMS key in a different -// Amazon Web Services account, specify the key ARN or alias ARN in the value -// of the KeyId parameter. +// Cross-account use: Yes. If you use the KeyId parameter to identify a KMS +// key in a different Amazon Web Services account, specify the key ARN or the +// alias ARN of the KMS key. // // Required permissions: kms:Decrypt (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (key policy) @@ -1939,18 +1939,16 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // DeleteImportedKeyMaterial API operation for AWS Key Management Service. // -// Deletes key material that you previously imported. This operation makes the -// specified KMS key unusable. For more information about importing key material -// into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// Deletes key material that was previously imported. This operation makes the +// specified KMS key temporarily unusable. To restore the usability of the KMS +// key, reimport the same key material. For more information about importing +// key material into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the Key Management Service Developer Guide. // // When the specified KMS key is in the PendingDeletion state, this operation // does not change the KMS key's state. Otherwise, it changes the KMS key's // state to PendingImport. // -// After you delete key material, you can use ImportKeyMaterial to reimport -// the same key material into the KMS key. -// // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide. @@ -3360,9 +3358,9 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data // keys, use the KeySpec parameter. // -// To generate an SM4 data key (China Regions only), specify a KeySpec value -// of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used -// in China Regions to encrypt your data key is an SM4 encryption key. +// To generate a 128-bit SM4 data key (China Regions only), specify a KeySpec +// value of AES_128 or a NumberOfBytes value of 16. The symmetric encryption +// key used in China Regions to encrypt your data key is an SM4 encryption key. // // To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. // To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext @@ -3375,11 +3373,18 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the Key Management Service Developer Guide. // -// Applications in Amazon Web Services Nitro Enclaves can call this operation -// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). -// For information about the supporting parameters, see How Amazon Web Services -// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) -// in the Key Management Service Developer Guide. +// GenerateDataKey also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateDataKey +// for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro +// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. GenerateDataKey returns a copy of the +// data key encrypted under the specified KMS key, as usual. But instead of +// a plaintext copy of the data key, the response includes a copy of the data +// key encrypted under the public key from the attestation document (CiphertextForRecipient). +// For information about the interaction between KMS and Amazon Web Services +// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide.. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -3599,6 +3604,20 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // The private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC // 5958 (https://tools.ietf.org/html/rfc5958). // +// GenerateDataKeyPair also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateDataKeyPair +// for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro +// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. GenerateDataKeyPair returns the public +// data key and a copy of the private data key encrypted under the specified +// KMS key, as usual. But instead of a plaintext copy of the private data key +// (PrivateKeyPlaintext), the response includes a copy of the private data key +// encrypted under the public key from the attestation document (CiphertextForRecipient). +// For information about the interaction between KMS and Amazon Web Services +// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide.. +// // You can use an optional encryption context to add additional security to // the encryption operation. If you specify an EncryptionContext, you must specify // the same encryption context (a case-sensitive exact match) when decrypting @@ -3987,7 +4006,7 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // keys, use the KeySpec parameter. // // To generate an SM4 data key (China Regions only), specify a KeySpec value -// of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used +// of AES_128 or NumberOfBytes value of 16. The symmetric encryption key used // in China Regions to encrypt your data key is an SM4 encryption key. // // If the operation succeeds, you will find the encrypted copy of the data key @@ -4320,10 +4339,15 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // string in the CloudHSM cluster associated with an CloudHSM key store, use // the CustomKeyStoreId parameter. // -// Applications in Amazon Web Services Nitro Enclaves can call this operation -// by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). -// For information about the supporting parameters, see How Amazon Web Services -// Nitro Enclaves use KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// GenerateRandom also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateRandom +// for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. Instead of plaintext bytes, the response +// includes the plaintext bytes encrypted under the public key from the attestation +// document (CiphertextForRecipient).For information about the interaction between +// KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro +// Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) // in the Key Management Service Developer Guide. // // For more information about entropy and random number generation, see Key @@ -4738,27 +4762,56 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // GetParametersForImport API operation for AWS Key Management Service. // -// Returns the items you need to import key material into a symmetric encryption -// KMS key. For more information about importing key material into KMS, see -// Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// Returns the public key and an import token you need to import or reimport +// key material for a KMS key. +// +// By default, KMS keys are created with key material that KMS generates. This +// operation supports Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// an advanced feature that lets you generate and import the cryptographic key +// material for a KMS key. For more information about importing key material +// into KMS, see Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the Key Management Service Developer Guide. // -// This operation returns a public key and an import token. Use the public key -// to encrypt the symmetric key material. Store the import token to send with -// a subsequent ImportKeyMaterial request. +// Before calling GetParametersForImport, use the CreateKey operation with an +// Origin value of EXTERNAL to create a KMS key with no key material. You can +// import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric +// encryption KMS key, or asymmetric signing KMS key. You can also import key +// material into a multi-Region key (kms/latest/developerguide/multi-region-keys-overview.html) +// of any supported type. However, you can't import key material into a KMS +// key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html). +// You can also use GetParametersForImport to get a public key and import token +// to reimport the original key material (kms/latest/developerguide/importing-keys.html#reimport-key-material) +// into a KMS key whose key material expired or was deleted. +// +// GetParametersForImport returns the items that you need to import your key +// material. +// +// - The public key (or "wrapping key") of an RSA key pair that KMS generates. +// You will use this public key to encrypt ("wrap") your key material while +// it's in transit to KMS. +// +// - A import token that ensures that KMS can decrypt your key material and +// associate it with the correct KMS key. +// +// The public key and its import token are permanently linked and must be used +// together. Each public key and import token set is valid for 24 hours. The +// expiration date and time appear in the ParametersValidTo field in the GetParametersForImport +// response. You cannot use an expired public key or import token in an ImportKeyMaterial +// request. If your key and token expire, send another GetParametersForImport +// request. // -// You must specify the key ID of the symmetric encryption KMS key into which -// you will import key material. The KMS key Origin must be EXTERNAL. You must -// also specify the wrapping algorithm and type of wrapping key (public key) -// that you will use to encrypt the key material. You cannot perform this operation -// on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different -// Amazon Web Services account. +// GetParametersForImport requires the following information: // -// To import key material, you must use the public key and import token from -// the same response. These items are valid for 24 hours. The expiration date -// and time appear in the GetParametersForImport response. You cannot use an -// expired token in an ImportKeyMaterial request. If your key and token expire, -// send another GetParametersForImport request. +// - The key ID of the KMS key for which you are importing the key material. +// +// - The key spec of the public key ("wrapping key") that you will use to +// encrypt your key material during import. +// +// - The wrapping algorithm that you will use with the public key to encrypt +// your key material. +// +// You can use the same or a different public key spec and wrapping algorithm +// each time you import or reimport the same key material. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -5078,44 +5131,83 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // ImportKeyMaterial API operation for AWS Key Management Service. // -// Imports key material into an existing symmetric encryption KMS key that was -// created without key material. After you successfully import key material -// into a KMS key, you can reimport the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) -// into that KMS key, but you cannot import different key material. +// Imports or reimports key material into an existing KMS key that was created +// without key material. ImportKeyMaterial also sets the expiration model and +// expiration date of the imported key material. // -// You cannot perform this operation on an asymmetric KMS key, an HMAC KMS key, -// or on any KMS key in a different Amazon Web Services account. For more information -// about creating KMS keys with no key material and then importing key material, -// see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// By default, KMS keys are created with key material that KMS generates. This +// operation supports Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// an advanced feature that lets you generate and import the cryptographic key +// material for a KMS key. For more information about importing key material +// into KMS, see Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the Key Management Service Developer Guide. // -// Before using this operation, call GetParametersForImport. Its response includes -// a public key and an import token. Use the public key to encrypt the key material. -// Then, submit the import token from the same GetParametersForImport response. -// -// When calling this operation, you must specify the following values: -// -// - The key ID or key ARN of a KMS key with no key material. Its Origin -// must be EXTERNAL. To create a KMS key with no key material, call CreateKey -// and set the value of its Origin parameter to EXTERNAL. To get the Origin -// of a KMS key, call DescribeKey.) -// -// - The encrypted key material. To get the public key to encrypt the key -// material, call GetParametersForImport. +// After you successfully import key material into a KMS key, you can reimport +// the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) +// into that KMS key, but you cannot import different key material. You might +// reimport key material to replace key material that expired or key material +// that you deleted. You might also reimport key material to change the expiration +// model or expiration date of the key material. Before reimporting key material, +// if necessary, call DeleteImportedKeyMaterial to delete the current imported +// key material. +// +// Each time you import key material into KMS, you can determine whether (ExpirationModel) +// and when (ValidTo) the key material expires. To change the expiration of +// your key material, you must import it again, either by calling ImportKeyMaterial +// or using the import features (kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-import-key-material-console) +// of the KMS console. +// +// Before calling ImportKeyMaterial: +// +// - Create or identify a KMS key with no key material. The KMS key must +// have an Origin value of EXTERNAL, which indicates that the KMS key is +// designed for imported key material. To create an new KMS key for imported +// key material, call the CreateKey operation with an Origin value of EXTERNAL. +// You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric +// encryption KMS key, or asymmetric signing KMS key. You can also import +// key material into a multi-Region key (kms/latest/developerguide/multi-region-keys-overview.html) +// of any supported type. However, you can't import key material into a KMS +// key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html). +// +// - Use the DescribeKey operation to verify that the KeyState of the KMS +// key is PendingImport, which indicates that the KMS key has no key material. +// If you are reimporting the same key material into an existing KMS key, +// you might need to call the DeleteImportedKeyMaterial to delete its existing +// key material. +// +// - Call the GetParametersForImport operation to get a public key and import +// token set for importing key material. +// +// - Use the public key in the GetParametersForImport response to encrypt +// your key material. +// +// Then, in an ImportKeyMaterial request, you submit your encrypted key material +// and import token. When calling this operation, you must specify the following +// values: +// +// - The key ID or key ARN of the KMS key to associate with the imported +// key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. +// You cannot perform this operation on a KMS key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html), +// or on a KMS key in a different Amazon Web Services account. To get the +// Origin and KeyState of a KMS key, call DescribeKey. +// +// - The encrypted key material. // // - The import token that GetParametersForImport returned. You must use // a public key and token from the same GetParametersForImport response. // // - Whether the key material expires (ExpirationModel) and, if so, when -// (ValidTo). If you set an expiration date, on the specified date, KMS deletes -// the key material from the KMS key, making the KMS key unusable. To use -// the KMS key in cryptographic operations again, you must reimport the same -// key material. The only way to change the expiration model or expiration -// date is by reimporting the same key material and specifying a new expiration -// date. +// (ValidTo). For help with this choice, see Setting an expiration time (https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration) +// in the Key Management Service Developer Guide. If you set an expiration +// date, KMS deletes the key material from the KMS key on the specified date, +// making the KMS key unusable. To use the KMS key in cryptographic operations +// again, you must reimport the same key material. However, you can delete +// and reimport the key material at any time, including before the key material +// expires. Each time you reimport, you can eliminate or reset the expiration +// time. // // When this operation is successful, the key state of the KMS key changes from -// PendingImport to Enabled, and you can use the KMS key. +// PendingImport to Enabled, and you can use the KMS key in cryptographic operations. // // If this operation fails, use the exception to help determine the problem. // If the error is related to the key material, the import token, or wrapping @@ -7235,8 +7327,10 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // // Deleting a KMS key is a destructive and potentially dangerous operation. // When a KMS key is deleted, all data that was encrypted under the KMS key -// is unrecoverable. (The only exception is a multi-Region replica key.) To -// prevent the use of a KMS key without deleting it, use DisableKey. +// is unrecoverable. (The only exception is a multi-Region replica key (kms/latest/developerguide/multi-region-keys-delete.html), +// or an asymmetric or HMAC KMS key with imported key material[BUGBUG-link to +// importing-keys-managing.html#import-delete-key.) To prevent the use of a +// KMS key without deleting it, use DisableKey. // // You can schedule the deletion of a multi-Region primary key and its replica // keys at any time. However, KMS will not delete a multi-Region primary key @@ -8661,9 +8755,11 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Key Management Service Developer Guide. // -// To verify a digital signature, you can use the Verify operation. Specify -// the same asymmetric KMS key, message, and signing algorithm that were used -// to produce the signature. +// To use the Verify operation, specify the same asymmetric KMS key, message, +// and signing algorithm that were used to produce the signature. The message +// type does not need to be the same as the one used for signing, but it must +// indicate whether the value of the Message parameter should be hashed as part +// of the verification process. // // You can also verify the digital signature by using the public key of the // KMS key outside of KMS. Use the GetPublicKey operation to download the public @@ -9618,6 +9714,9 @@ type CreateAliasInput struct { // Specifies the alias name. This value must begin with alias/ followed by a // name, such as alias/ExampleAlias. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // The AliasName value must be string of 1-256 characters. It can contain only // alphanumeric characters, forward slashes (/), underscores (_), and dashes // (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is @@ -9739,6 +9838,9 @@ type CreateCustomKeyStoreInput struct { // in your Amazon Web Services account and Region. This parameter is required // for all custom key stores. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // CustomKeyStoreName is a required field CustomKeyStoreName *string `min:"1" type:"string" required:"true"` @@ -10034,19 +10136,13 @@ type CreateGrantInput struct { // Specifies a grant constraint. // - // KMS supports the EncryptionContextEquals and EncryptionContextSubset grant - // constraints. Each constraint value can include up to 8 encryption context - // pairs. The encryption context value in each constraint cannot exceed 384 - // characters. For information about grant constraints, see Using grant constraints - // (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints) - // in the Key Management Service Developer Guide. For more information about - // encryption context, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the Key Management Service Developer Guide . + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // - // The encryption context grant constraints allow the permissions in the grant - // only when the encryption context in the request matches (EncryptionContextEquals) - // or includes (EncryptionContextSubset) the encryption context specified in - // this structure. + // KMS supports the EncryptionContextEquals and EncryptionContextSubset grant + // constraints, which allow the permissions in the grant only when the encryption + // context in the request matches (EncryptionContextEquals) or includes (EncryptionContextSubset) + // the encryption context specified in the constraint. // // The encryption context grant constraints are supported only on grant operations // (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations) @@ -10058,8 +10154,15 @@ type CreateGrantInput struct { // permission have an equally strict or stricter encryption context constraint. // // You cannot use an encryption context grant constraint for cryptographic operations - // with asymmetric KMS keys or HMAC KMS keys. These keys don't support an encryption - // context. + // with asymmetric KMS keys or HMAC KMS keys. Operations with these keys don't + // support an encryption context. + // + // Each constraint value can include up to 8 encryption context pairs. The encryption + // context value in each constraint cannot exceed 384 characters. For information + // about grant constraints, see Using grant constraints (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints) + // in the Key Management Service Developer Guide. For more information about + // encryption context, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide . Constraints *GrantConstraints `type:"structure"` // A list of grant tokens. @@ -10073,13 +10176,11 @@ type CreateGrantInput struct { // The identity that gets the permissions specified in the grant. // - // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an Amazon Web Services principal. Valid Amazon Web Services principals - // include Amazon Web Services accounts (root), IAM users, IAM roles, federated - // users, and assumed role users. For examples of the ARN syntax to use for - // specifying a principal, see Amazon Web Services Identity and Access Management - // (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) - // in the Example ARNs section of the Amazon Web Services General Reference. + // To specify the grantee principal, use the Amazon Resource Name (ARN) of an + // Amazon Web Services principal. Valid principals include Amazon Web Services + // accounts, IAM users, IAM roles, federated users, and assumed role users. + // For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) + // in the Identity and Access Management User Guide . // // GranteePrincipal is a required field GranteePrincipal *string `min:"1" type:"string" required:"true"` @@ -10104,6 +10205,9 @@ type CreateGrantInput struct { // A friendly name for the grant. Use this value to prevent the unintended creation // of duplicate grants when retrying this request. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // When this value is absent, all CreateGrant requests result in a new grant // with a unique GrantId even if all the supplied parameters are identical. // This can result in unintended duplicates when you retry the CreateGrant request. @@ -10132,12 +10236,10 @@ type CreateGrantInput struct { // the grant. // // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an Amazon Web Services principal. Valid Amazon Web Services principals - // include Amazon Web Services accounts (root), IAM users, federated users, - // and assumed role users. For examples of the ARN syntax to use for specifying - // a principal, see Amazon Web Services Identity and Access Management (IAM) - // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) - // in the Example ARNs section of the Amazon Web Services General Reference. + // of an Amazon Web Services principal. Valid principals include Amazon Web + // Services accounts, IAM users, IAM roles, federated users, and assumed role + // users. For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) + // in the Identity and Access Management User Guide . // // The grant determines the retiring principal. Other principals might have // permission to retire the grant or revoke the grant. For details, see RevokeGrant @@ -10288,19 +10390,18 @@ func (s *CreateGrantOutput) SetGrantToken(v string) *CreateGrantOutput { type CreateKeyInput struct { _ struct{} `type:"structure"` - // A flag to indicate whether to bypass the key policy lockout safety check. + // Skips ("bypasses") the key policy lockout safety check. The default value + // is false. // // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // - // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the Key Management Service Developer Guide . - // - // Use this parameter only when you include a policy in the request and you - // intend to prevent the principal that is making the request from making a - // subsequent PutKeyPolicy request on the KMS key. + // For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. // - // The default value is false. + // Use this parameter only when you intend to prevent the principal that is + // making the request from making a subsequent PutKeyPolicy request on the KMS + // key. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). @@ -10326,10 +10427,12 @@ type CreateKeyInput struct { // Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter. CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` - // A description of the KMS key. + // A description of the KMS key. Use a description that helps you decide whether + // the KMS key is appropriate for a task. The default value is an empty string + // (no description). // - // Use a description that helps you decide whether the KMS key is appropriate - // for a task. The default value is an empty string (no description). + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // // To set or change the description after the key is created, use UpdateKeyDescription. Description *string `type:"string"` @@ -10442,24 +10545,23 @@ type CreateKeyInput struct { // // If you provide a key policy, it must meet the following criteria: // - // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy - // must allow the principal that is making the CreateKey request to make - // a subsequent PutKeyPolicy request on the KMS key. This reduces the risk - // that the KMS key becomes unmanageable. For more information, refer to - // the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the Key Management Service Developer Guide . + // * The key policy must allow the calling principal to make a subsequent + // PutKeyPolicy request on the KMS key. This reduces the risk that the KMS + // key becomes unmanageable. For more information, see Default key policy + // (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. (To omit this condition, + // set BypassPolicyLockoutSafetyCheck to true.) // // * Each statement in the key policy must contain one or more principals. // The principals in the key policy must exist and be visible to KMS. When - // you create a new Amazon Web Services principal (for example, an IAM user - // or role), you might need to enforce a delay before including the new principal - // in a key policy because the new principal might not be immediately visible - // to KMS. For more information, see Changes that I make are not always immediately - // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // you create a new Amazon Web Services principal, you might need to enforce + // a delay before including the new principal in a key policy because the + // new principal might not be immediately visible to KMS. For more information, + // see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the Amazon Web Services Identity and Access Management User Guide. // // If you do not provide a key policy, KMS attaches a default key policy to - // the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // the KMS key. For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) // in the Key Management Service Developer Guide. // // The key policy size quota is 32 kilobytes (32768 bytes). @@ -10472,6 +10574,9 @@ type CreateKeyInput struct { // Assigns one or more tags to the KMS key. Use this parameter to tag the KMS // key when it is created. To tag an existing KMS key, use the TagResource operation. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. @@ -11292,6 +11397,27 @@ type DecryptInput struct { // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // To get the alias name and alias ARN, use ListAliases. KeyId *string `min:"1" type:"string"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning the plaintext data, KMS + // encrypts the plaintext data with the public key in the attestation document, + // and returns the resulting ciphertext in the CiphertextForRecipient field + // in the response. This ciphertext can be decrypted only with the private key + // in the enclave. The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } // String returns the string representation. @@ -11324,6 +11450,11 @@ func (s *DecryptInput) Validate() error { if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -11361,9 +11492,26 @@ func (s *DecryptInput) SetKeyId(v string) *DecryptInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *DecryptInput) SetRecipient(v *RecipientInfo) *DecryptInput { + s.Recipient = v + return s +} + type DecryptOutput struct { _ struct{} `type:"structure"` + // The plaintext data encrypted with the public key in the attestation document. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The encryption algorithm that was used to decrypt the ciphertext. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` @@ -11374,6 +11522,9 @@ type DecryptOutput struct { // Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // // Plaintext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DecryptOutput's // String and GoString methods. @@ -11400,6 +11551,12 @@ func (s DecryptOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *DecryptOutput) SetCiphertextForRecipient(v []byte) *DecryptOutput { + s.CiphertextForRecipient = v + return s +} + // SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. func (s *DecryptOutput) SetEncryptionAlgorithm(v string) *DecryptOutput { s.EncryptionAlgorithm = &v @@ -12465,6 +12622,9 @@ type EncryptInput struct { // with a symmetric encryption KMS key. The standard asymmetric encryption algorithms // and HMAC algorithms that KMS uses do not support an encryption context. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -12717,6 +12877,9 @@ type GenerateDataKeyInput struct { // Specifies the encryption context that will be used when encrypting the data // key. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -12777,6 +12940,29 @@ type GenerateDataKeyInput struct { // You must specify either the KeySpec or the NumberOfBytes parameter (but not // both) in every GenerateDataKey request. NumberOfBytes *int64 `min:"1" type:"integer"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning the plaintext data key, + // KMS encrypts the plaintext data key under the public key in the attestation + // document, and returns the resulting ciphertext in the CiphertextForRecipient + // field in the response. This ciphertext can be decrypted only with the private + // key in the enclave. The CiphertextBlob field in the response contains a copy + // of the data key encrypted under the KMS key specified by the KeyId parameter. + // The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } // String returns the string representation. @@ -12809,6 +12995,11 @@ func (s *GenerateDataKeyInput) Validate() error { if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -12846,6 +13037,12 @@ func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateDataKeyInput) SetRecipient(v *RecipientInfo) *GenerateDataKeyInput { + s.Recipient = v + return s +} + type GenerateDataKeyOutput struct { _ struct{} `type:"structure"` @@ -12854,6 +13051,19 @@ type GenerateDataKeyOutput struct { // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` + // The plaintext data key encrypted with the public key from the Nitro enclave. + // This ciphertext can be decrypted only by using a private key in the Nitro + // enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) // of the KMS key that encrypted the data key. KeyId *string `min:"1" type:"string"` @@ -12863,6 +13073,9 @@ type GenerateDataKeyOutput struct { // this data key to encrypt your data outside of KMS. Then, remove it from memory // as soon as possible. // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // // Plaintext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GenerateDataKeyOutput's // String and GoString methods. @@ -12895,6 +13108,12 @@ func (s *GenerateDataKeyOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyOutp return s } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateDataKeyOutput) SetCiphertextForRecipient(v []byte) *GenerateDataKeyOutput { + s.CiphertextForRecipient = v + return s +} + // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyOutput) SetKeyId(v string) *GenerateDataKeyOutput { s.KeyId = &v @@ -12913,6 +13132,9 @@ type GenerateDataKeyPairInput struct { // Specifies the encryption context that will be used when encrypting the private // key in the data key pair. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -12970,6 +13192,30 @@ type GenerateDataKeyPairInput struct { // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning a plaintext copy of the + // private data key, KMS encrypts the plaintext private data key under the public + // key in the attestation document, and returns the resulting ciphertext in + // the CiphertextForRecipient field in the response. This ciphertext can be + // decrypted only with the private key in the enclave. The CiphertextBlob field + // in the response contains a copy of the private data key encrypted under the + // KMS key specified by the KeyId parameter. The PrivateKeyPlaintext field in + // the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } // String returns the string representation. @@ -13002,6 +13248,11 @@ func (s *GenerateDataKeyPairInput) Validate() error { if s.KeyPairSpec == nil { invalidParams.Add(request.NewErrParamRequired("KeyPairSpec")) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -13033,9 +13284,28 @@ func (s *GenerateDataKeyPairInput) SetKeyPairSpec(v string) *GenerateDataKeyPair return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateDataKeyPairInput) SetRecipient(v *RecipientInfo) *GenerateDataKeyPairInput { + s.Recipient = v + return s +} + type GenerateDataKeyPairOutput struct { _ struct{} `type:"structure"` + // The plaintext private data key encrypted with the public key from the Nitro + // enclave. This ciphertext can be decrypted only by using a private key in + // the Nitro enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) // of the KMS key that encrypted the private key. KeyId *string `min:"1" type:"string"` @@ -13051,6 +13321,9 @@ type GenerateDataKeyPairOutput struct { // The plaintext copy of the private key. When you use the HTTP API or the Amazon // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // + // If the response includes the CiphertextForRecipient field, the PrivateKeyPlaintext + // field is null or empty. + // // PrivateKeyPlaintext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GenerateDataKeyPairOutput's // String and GoString methods. @@ -13082,6 +13355,12 @@ func (s GenerateDataKeyPairOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateDataKeyPairOutput) SetCiphertextForRecipient(v []byte) *GenerateDataKeyPairOutput { + s.CiphertextForRecipient = v + return s +} + // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyPairOutput) SetKeyId(v string) *GenerateDataKeyPairOutput { s.KeyId = &v @@ -13118,6 +13397,9 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // Specifies the encryption context that will be used when encrypting the private // key in the data key pair. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -13307,6 +13589,9 @@ type GenerateDataKeyWithoutPlaintextInput struct { // Specifies the encryption context that will be used when encrypting the data // key. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) @@ -13653,6 +13938,27 @@ type GenerateRandomInput struct { // The length of the random byte string. This parameter is required. NumberOfBytes *int64 `min:"1" type:"integer"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning plaintext bytes, KMS encrypts + // the plaintext bytes under the public key in the attestation document, and + // returns the resulting ciphertext in the CiphertextForRecipient field in the + // response. This ciphertext can be decrypted only with the private key in the + // enclave. The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } // String returns the string representation. @@ -13682,6 +13988,11 @@ func (s *GenerateRandomInput) Validate() error { if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -13701,12 +14012,34 @@ func (s *GenerateRandomInput) SetNumberOfBytes(v int64) *GenerateRandomInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateRandomInput) SetRecipient(v *RecipientInfo) *GenerateRandomInput { + s.Recipient = v + return s +} + type GenerateRandomOutput struct { _ struct{} `type:"structure"` + // The plaintext random bytes encrypted with the public key from the Nitro enclave. + // This ciphertext can be decrypted only by using a private key in the Nitro + // enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The random byte string. When you use the HTTP API or the Amazon Web Services // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // // Plaintext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GenerateRandomOutput's // String and GoString methods. @@ -13733,6 +14066,12 @@ func (s GenerateRandomOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateRandomOutput) SetCiphertextForRecipient(v []byte) *GenerateRandomOutput { + s.CiphertextForRecipient = v + return s +} + // SetPlaintext sets the Plaintext field's value. func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { s.Plaintext = v @@ -13941,8 +14280,11 @@ func (s *GetKeyRotationStatusOutput) SetKeyRotationEnabled(v bool) *GetKeyRotati type GetParametersForImportInput struct { _ struct{} `type:"structure"` - // The identifier of the symmetric encryption KMS key into which you will import - // key material. The Origin of the KMS key must be EXTERNAL. + // The identifier of the KMS key that will be associated with the imported key + // material. The Origin of the KMS key must be EXTERNAL. + // + // All KMS key types are supported, including multi-Region keys. However, you + // cannot import key material into a KMS key in a custom key store. // // Specify the key ID or key ARN of the KMS key. // @@ -13957,16 +14299,50 @@ type GetParametersForImportInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The algorithm you will use to encrypt the key material before importing it - // with ImportKeyMaterial. For more information, see Encrypt the Key Material - // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) + // The algorithm you will use with the RSA public key (PublicKey) in the response + // to protect your key material during import. For more information, see Select + // a wrapping algorithm (kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm) // in the Key Management Service Developer Guide. // + // For RSA_AES wrapping algorithms, you encrypt your key material with an AES + // key that you generate, then encrypt your AES key with the RSA public key + // from KMS. For RSAES wrapping algorithms, you encrypt your key material directly + // with the RSA public key from KMS. + // + // The wrapping algorithms that you can use depend on the type of key material + // that you are importing. To import an RSA private key, you must use an RSA_AES + // wrapping algorithm. + // + // * RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key + // material. + // + // * RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material. + // + // * RSAES_OAEP_SHA_256 — Supported for all types of key material, except + // RSA key material (private key). You cannot use the RSAES_OAEP_SHA_256 + // wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 + // key material. + // + // * RSAES_OAEP_SHA_1 — Supported for all types of key material, except + // RSA key material (private key). You cannot use the RSAES_OAEP_SHA_1 wrapping + // algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key + // material. + // + // * RSAES_PKCS1_V1_5 (Deprecated) — Supported only for symmetric encryption + // key material (and only in legacy mode). + // // WrappingAlgorithm is a required field WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` - // The type of wrapping key (public key) to return in the response. Only 2048-bit - // RSA public keys are supported. + // The type of RSA public key to return in the response. You will use this wrapping + // key with the specified wrapping algorithm to protect your key material during + // import. + // + // Use the longest RSA wrapping key that is practical. + // + // You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private + // key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public + // key. // // WrappingKeySpec is a required field WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"` @@ -14479,7 +14855,7 @@ type ImportKeyMaterialInput struct { _ struct{} `type:"structure"` // The encrypted key material to import. The key material must be encrypted - // with the public wrapping key that GetParametersForImport returned, using + // under the public wrapping key that GetParametersForImport returned, using // the wrapping algorithm that you specified in the same GetParametersForImport // request. // EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK. @@ -14488,14 +14864,16 @@ type ImportKeyMaterialInput struct { EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"` // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. + // For help with this choice, see Setting an expiration time (https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration) + // in the Key Management Service Developer Guide. // // When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify // a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, // you must omit the ValidTo parameter. // // You cannot change the ExpirationModel or ValidTo values for the current import - // after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) - // and reimport the key material. + // after the request completes. To change either value, you must reimport the + // key material. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` // The import token that you received in the response to a previous GetParametersForImport @@ -14506,12 +14884,16 @@ type ImportKeyMaterialInput struct { // ImportToken is a required field ImportToken []byte `min:"1" type:"blob" required:"true"` - // The identifier of the symmetric encryption KMS key that receives the imported - // key material. This must be the same KMS key specified in the KeyID parameter + // The identifier of the KMS key that will be associated with the imported key + // material. This must be the same KMS key specified in the KeyID parameter // of the corresponding GetParametersForImport request. The Origin of the KMS - // key must be EXTERNAL. You cannot perform this operation on an asymmetric - // KMS key, an HMAC KMS key, a KMS key in a custom key store, or on a KMS key - // in a different Amazon Web Services account + // key must be EXTERNAL and its KeyState must be PendingImport. + // + // The KMS key can be a symmetric encryption KMS key, HMAC KMS key, asymmetric + // encryption KMS key, or asymmetric signing KMS key, including a multi-Region + // key (kms/latest/developerguide/multi-region-keys-overview.html) of any supported + // type. You cannot perform this operation on a KMS key in a custom key store, + // or on a KMS key in a different Amazon Web Services account. // // Specify the key ID or key ARN of the KMS key. // @@ -16893,11 +17275,10 @@ type ListRetirableGrantsInput struct { // Amazon Web Services account. // // To specify the retiring principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an Amazon Web Services principal. Valid Amazon Web Services principals - // include Amazon Web Services accounts (root), IAM users, federated users, - // and assumed role users. For examples of the ARN syntax for specifying a principal, - // see Amazon Web Services Identity and Access Management (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) - // in the Example ARNs section of the Amazon Web Services General Reference. + // of an Amazon Web Services principal. Valid principals include Amazon Web + // Services accounts, IAM users, IAM roles, federated users, and assumed role + // users. For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) + // in the Identity and Access Management User Guide . // // RetiringPrincipal is a required field RetiringPrincipal *string `min:"1" type:"string" required:"true"` @@ -17191,19 +17572,18 @@ func (s *NotFoundException) RequestID() string { type PutKeyPolicyInput struct { _ struct{} `type:"structure"` - // A flag to indicate whether to bypass the key policy lockout safety check. + // Skips ("bypasses") the key policy lockout safety check. The default value + // is false. // // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // - // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the Key Management Service Developer Guide. + // For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is // making the request from making a subsequent PutKeyPolicy request on the KMS // key. - // - // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` // Sets the key policy on the specified KMS key. @@ -17225,20 +17605,19 @@ type PutKeyPolicyInput struct { // // The key policy must meet the following criteria: // - // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy - // must allow the principal that is making the PutKeyPolicy request to make - // a subsequent PutKeyPolicy request on the KMS key. This reduces the risk - // that the KMS key becomes unmanageable. For more information, refer to - // the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the Key Management Service Developer Guide. + // * The key policy must allow the calling principal to make a subsequent + // PutKeyPolicy request on the KMS key. This reduces the risk that the KMS + // key becomes unmanageable. For more information, see Default key policy + // (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. (To omit this condition, + // set BypassPolicyLockoutSafetyCheck to true.) // // * Each statement in the key policy must contain one or more principals. // The principals in the key policy must exist and be visible to KMS. When - // you create a new Amazon Web Services principal (for example, an IAM user - // or role), you might need to enforce a delay before including the new principal - // in a key policy because the new principal might not be immediately visible - // to KMS. For more information, see Changes that I make are not always immediately - // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // you create a new Amazon Web Services principal, you might need to enforce + // a delay before including the new principal in a key policy because the + // new principal might not be immediately visible to KMS. For more information, + // see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the Amazon Web Services Identity and Access Management User Guide. // // A key policy document can include only the following characters: @@ -17377,6 +17756,9 @@ type ReEncryptInput struct { // Specifies that encryption context to use when the reencrypting the data. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // A destination encryption context is valid only when the destination KMS key // is a symmetric encryption KMS key. The standard ciphertext format for asymmetric // KMS keys does not include fields for metadata. @@ -17648,26 +18030,93 @@ func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput { return s } +// Contains information about the party that receives the response from the +// API operation. +// +// This data type is designed to support Amazon Web Services Nitro Enclaves, +// which lets you create an isolated compute environment in Amazon EC2. For +// information about the interaction between KMS and Amazon Web Services Nitro +// Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. +type RecipientInfo struct { + _ struct{} `type:"structure"` + + // The attestation document for an Amazon Web Services Nitro Enclave. This document + // includes the enclave's public key. + // AttestationDocument is automatically base64 encoded/decoded by the SDK. + AttestationDocument []byte `min:"1" type:"blob"` + + // The encryption algorithm that KMS should use with the public key for an Amazon + // Web Services Nitro Enclave to encrypt plaintext values for the response. + // The only valid value is RSAES_OAEP_SHA_256. + KeyEncryptionAlgorithm *string `type:"string" enum:"KeyEncryptionMechanism"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecipientInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecipientInfo) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RecipientInfo) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RecipientInfo"} + if s.AttestationDocument != nil && len(s.AttestationDocument) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AttestationDocument", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAttestationDocument sets the AttestationDocument field's value. +func (s *RecipientInfo) SetAttestationDocument(v []byte) *RecipientInfo { + s.AttestationDocument = v + return s +} + +// SetKeyEncryptionAlgorithm sets the KeyEncryptionAlgorithm field's value. +func (s *RecipientInfo) SetKeyEncryptionAlgorithm(v string) *RecipientInfo { + s.KeyEncryptionAlgorithm = &v + return s +} + type ReplicateKeyInput struct { _ struct{} `type:"structure"` - // A flag to indicate whether to bypass the key policy lockout safety check. + // Skips ("bypasses") the key policy lockout safety check. The default value + // is false. // // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // - // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the Key Management Service Developer Guide. + // For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is // making the request from making a subsequent PutKeyPolicy request on the KMS // key. - // - // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` // A description of the KMS key. The default value is an empty string (no description). // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // The description is not a shared property of multi-Region keys. You can specify // the same description or a different description for each key in a set of // related multi-Region keys. KMS does not synchronize this property. @@ -17700,20 +18149,20 @@ type ReplicateKeyInput struct { // // If you provide a key policy, it must meet the following criteria: // - // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy - // must give the caller kms:PutKeyPolicy permission on the replica key. This - // reduces the risk that the KMS key becomes unmanageable. For more information, - // refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the Key Management Service Developer Guide . + // * The key policy must allow the calling principal to make a subsequent + // PutKeyPolicy request on the KMS key. This reduces the risk that the KMS + // key becomes unmanageable. For more information, see Default key policy + // (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. (To omit this condition, + // set BypassPolicyLockoutSafetyCheck to true.) // // * Each statement in the key policy must contain one or more principals. // The principals in the key policy must exist and be visible to KMS. When - // you create a new Amazon Web Services principal (for example, an IAM user - // or role), you might need to enforce a delay before including the new principal - // in a key policy because the new principal might not be immediately visible - // to KMS. For more information, see Changes that I make are not always immediately - // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) - // in the Identity and Access Management User Guide . + // you create a new Amazon Web Services principal, you might need to enforce + // a delay before including the new principal in a key policy because the + // new principal might not be immediately visible to KMS. For more information, + // see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the Amazon Web Services Identity and Access Management User Guide. // // A key policy document can include only the following characters: // @@ -17764,6 +18213,9 @@ type ReplicateKeyInput struct { // KMS key when it is created. To tag an existing KMS key, use the TagResource // operation. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. @@ -18161,7 +18613,10 @@ type ScheduleKeyDeletionInput struct { // waiting period begins immediately. // // This value is optional. If you include a value, it must be between 7 and - // 30, inclusive. If you do not include a value, it defaults to 30. + // 30, inclusive. If you do not include a value, it defaults to 30. You can + // use the kms:ScheduleKeyDeletionPendingWindowInDays (https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-pending-deletion-window) + // condition key to further constrain the values that principals can specify + // in the PendingWindowInDays parameter. PendingWindowInDays *int64 `min:"1" type:"integer"` } @@ -18323,10 +18778,10 @@ type SignInput struct { KeyId *string `min:"1" type:"string" required:"true"` // Specifies the message or message digest to sign. Messages can be 0-4096 bytes. - // To sign a larger message, provide the message digest. + // To sign a larger message, provide a message digest. // - // If you provide a message, KMS generates a hash digest of the message and - // then signs it. + // If you provide a message digest, use the DIGEST value of MessageType to prevent + // the digest from being hashed again while signing. // // Message is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SignInput's @@ -18337,15 +18792,44 @@ type SignInput struct { // Message is a required field Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` - // Tells KMS whether the value of the Message parameter is a message or message - // digest. The default value, RAW, indicates a message. To indicate a message - // digest, enter DIGEST. + // Tells KMS whether the value of the Message parameter should be hashed as + // part of the signing algorithm. Use RAW for unhashed messages; use DIGEST + // for message digests, which are already hashed. + // + // When the value of MessageType is RAW, KMS uses the standard signing algorithm, + // which begins with a hash function. When the value is DIGEST, KMS skips the + // hashing step in the signing algorithm. + // + // Use the DIGEST value only when the value of the Message parameter is a message + // digest. If you use the DIGEST value with an unhashed message, the security + // of the signing operation can be compromised. + // + // When the value of MessageTypeis DIGEST, the length of the Message value must + // match the length of hashed messages for the specified signing algorithm. + // + // You can submit a message digest and omit the MessageType or specify RAW so + // the digest is hashed again while signing. However, this can cause verification + // failures when verifying with a system that assumes a single hash. + // + // The hashing algorithm in that Sign uses is based on the SigningAlgorithm + // value. + // + // * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. + // + // * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. + // + // * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. + // + // * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification + // with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). MessageType *string `type:"string" enum:"MessageType"` // Specifies the signing algorithm to use when signing the message. // // Choose an algorithm that is compatible with the type and size of the specified - // asymmetric KMS key. + // asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS algorithms + // are preferred. We include RSASSA-PKCS1-v1_5 algorithms for compatibility + // with existing applications. // // SigningAlgorithm is a required field SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"` @@ -18437,7 +18921,7 @@ type SignOutput struct { // this value is defined by PKCS #1 in RFC 8017 (https://tools.ietf.org/html/rfc8017). // // * When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing - // algorithms, this value is a DER-encoded object as defined by ANS X9.62–2005 + // algorithms, this value is a DER-encoded object as defined by ANSI X9.62–2005 // and RFC 3279 Section 2.2.3 (https://tools.ietf.org/html/rfc3279#section-2.2.3). // This is the most commonly used signature format and is appropriate for // most uses. @@ -18490,6 +18974,9 @@ func (s *SignOutput) SetSigningAlgorithm(v string) *SignOutput { // A key-value pair. A tag consists of a tag key and a tag value. Tag keys and // tag values are both required, but tag values can be empty (null) strings. // +// Do not include confidential or sensitive information in this field. This +// field may be displayed in plaintext in CloudTrail logs and other output. +// // For information about the rules that apply to tag keys and tag values, see // User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) // in the Amazon Web Services Billing and Cost Management User Guide. @@ -18638,10 +19125,11 @@ type TagResourceInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // One or more tags. + // One or more tags. Each tag consists of a tag key and a tag value. The tag + // value can be an empty (null) string. // - // Each tag consists of a tag key and a tag value. The tag value can be an empty - // (null) string. + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // // You cannot have more than one tag on a KMS key with the same tag key. If // you specify an existing tag key with a different tag value, KMS replaces @@ -18899,6 +19387,9 @@ type UpdateAliasInput struct { // with alias/ followed by the alias name, such as alias/ExampleAlias. You cannot // use UpdateAlias to change the alias name. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` @@ -19044,6 +19535,9 @@ type UpdateCustomKeyStoreInput struct { // Changes the friendly name of the custom key store to the value that you specify. // The custom key store name must be unique in the Amazon Web Services account. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // To change this value, an CloudHSM key store must be disconnected. An external // key store can be connected or disconnected. NewCustomKeyStoreName *string `min:"1" type:"string"` @@ -19259,6 +19753,9 @@ type UpdateKeyDescriptionInput struct { // New description for the KMS key. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // Description is a required field Description *string `type:"string" required:"true"` @@ -19507,13 +20004,37 @@ type VerifyInput struct { // Message is a required field Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` - // Tells KMS whether the value of the Message parameter is a message or message - // digest. The default value, RAW, indicates a message. To indicate a message - // digest, enter DIGEST. + // Tells KMS whether the value of the Message parameter should be hashed as + // part of the signing algorithm. Use RAW for unhashed messages; use DIGEST + // for message digests, which are already hashed. + // + // When the value of MessageType is RAW, KMS uses the standard signing algorithm, + // which begins with a hash function. When the value is DIGEST, KMS skips the + // hashing step in the signing algorithm. // // Use the DIGEST value only when the value of the Message parameter is a message - // digest. If you use the DIGEST value with a raw message, the security of the - // verification operation can be compromised. + // digest. If you use the DIGEST value with an unhashed message, the security + // of the verification operation can be compromised. + // + // When the value of MessageTypeis DIGEST, the length of the Message value must + // match the length of hashed messages for the specified signing algorithm. + // + // You can submit a message digest and omit the MessageType or specify RAW so + // the digest is hashed again while signing. However, if the signed message + // is hashed once while signing, but twice while verifying, verification fails, + // even when the message hasn't changed. + // + // The hashing algorithm in that Verify uses is based on the SigningAlgorithm + // value. + // + // * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. + // + // * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. + // + // * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. + // + // * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification + // with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). MessageType *string `type:"string" enum:"MessageType"` // The signature that the Sign operation generated. @@ -20884,6 +21405,12 @@ const ( // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" + + // AlgorithmSpecRsaAesKeyWrapSha1 is a AlgorithmSpec enum value + AlgorithmSpecRsaAesKeyWrapSha1 = "RSA_AES_KEY_WRAP_SHA_1" + + // AlgorithmSpecRsaAesKeyWrapSha256 is a AlgorithmSpec enum value + AlgorithmSpecRsaAesKeyWrapSha256 = "RSA_AES_KEY_WRAP_SHA_256" ) // AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum @@ -20892,6 +21419,8 @@ func AlgorithmSpec_Values() []string { AlgorithmSpecRsaesPkcs1V15, AlgorithmSpecRsaesOaepSha1, AlgorithmSpecRsaesOaepSha256, + AlgorithmSpecRsaAesKeyWrapSha1, + AlgorithmSpecRsaAesKeyWrapSha256, } } @@ -21247,6 +21776,18 @@ func GrantOperation_Values() []string { } } +const ( + // KeyEncryptionMechanismRsaesOaepSha256 is a KeyEncryptionMechanism enum value + KeyEncryptionMechanismRsaesOaepSha256 = "RSAES_OAEP_SHA_256" +) + +// KeyEncryptionMechanism_Values returns all elements of the KeyEncryptionMechanism enum +func KeyEncryptionMechanism_Values() []string { + return []string{ + KeyEncryptionMechanismRsaesOaepSha256, + } +} + const ( // KeyManagerTypeAws is a KeyManagerType enum value KeyManagerTypeAws = "AWS" @@ -21514,12 +22055,20 @@ func SigningAlgorithmSpec_Values() []string { const ( // WrappingKeySpecRsa2048 is a WrappingKeySpec enum value WrappingKeySpecRsa2048 = "RSA_2048" + + // WrappingKeySpecRsa3072 is a WrappingKeySpec enum value + WrappingKeySpecRsa3072 = "RSA_3072" + + // WrappingKeySpecRsa4096 is a WrappingKeySpec enum value + WrappingKeySpecRsa4096 = "RSA_4096" ) // WrappingKeySpec_Values returns all elements of the WrappingKeySpec enum func WrappingKeySpec_Values() []string { return []string{ WrappingKeySpecRsa2048, + WrappingKeySpecRsa3072, + WrappingKeySpecRsa4096, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go index 7dc9bd4..babb91f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go @@ -38,14 +38,14 @@ // // # Signing Requests // -// Requests must be signed by using an access key ID and a secret access key. -// We strongly recommend that you do not use your Amazon Web Services account -// (root) access key ID and secret access key for everyday work with KMS. Instead, -// use the access key ID and secret access key for an IAM user. You can also -// use the Amazon Web Services Security Token Service to generate temporary -// security credentials that you can use to sign requests. -// -// All KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). +// Requests must be signed using an access key ID and a secret access key. We +// strongly recommend that you do not use your Amazon Web Services account root +// access key ID and secret access key for everyday work. You can use the access +// key ID and secret access key for an IAM user or you can use the Security +// Token Service (STS) to generate temporary security credentials and use those +// to sign requests. +// +// All KMS requests must be signed with Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // // # Logging API Requests // diff --git a/vendor/github.com/aws/aws-sdk-go/service/lambda/api.go b/vendor/github.com/aws/aws-sdk-go/service/lambda/api.go index d1f54bd..a9c094b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/lambda/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/lambda/api.go @@ -3,14 +3,21 @@ package lambda import ( + "bytes" "fmt" "io" + "sync" "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/eventstream" + "github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi" + "github.com/aws/aws-sdk-go/private/protocol/rest" "github.com/aws/aws-sdk-go/private/protocol/restjson" ) @@ -484,6 +491,8 @@ func (c *Lambda) CreateEventSourceMappingRequest(input *CreateEventSourceMapping // // - Apache Kafka (https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html) // +// - Amazon DocumentDB (https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html) +// // The following error handling options are available only for stream sources // (DynamoDB and Kinesis): // @@ -518,6 +527,8 @@ func (c *Lambda) CreateEventSourceMappingRequest(input *CreateEventSourceMapping // // - Apache Kafka (https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-kafka-parms) // +// - Amazon DocumentDB (https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html#docdb-configuration) +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3393,6 +3404,10 @@ func (c *Lambda) InvokeRequest(input *InvokeInput) (req *request.Request, output // The function is inactive and its VPC connection is no longer available. Wait // for the VPC connection to reestablish and try again. // +// - RecursiveInvocationException +// Lambda has detected your function being invoked in a recursive loop with +// other Amazon Web Services resources and stopped your function's invocation. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/Invoke func (c *Lambda) Invoke(input *InvokeInput) (*InvokeOutput, error) { req, out := c.InvokeRequest(input) @@ -3517,6 +3532,354 @@ func (c *Lambda) InvokeAsyncWithContext(ctx aws.Context, input *InvokeAsyncInput return out, req.Send() } +const opInvokeWithResponseStream = "InvokeWithResponseStream" + +// InvokeWithResponseStreamRequest generates a "aws/request.Request" representing the +// client's request for the InvokeWithResponseStream operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See InvokeWithResponseStream for more information on using the InvokeWithResponseStream +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the InvokeWithResponseStreamRequest method. +// req, resp := client.InvokeWithResponseStreamRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/InvokeWithResponseStream +func (c *Lambda) InvokeWithResponseStreamRequest(input *InvokeWithResponseStreamInput) (req *request.Request, output *InvokeWithResponseStreamOutput) { + op := &request.Operation{ + Name: opInvokeWithResponseStream, + HTTPMethod: "POST", + HTTPPath: "/2021-11-15/functions/{FunctionName}/response-streaming-invocations", + } + + if input == nil { + input = &InvokeWithResponseStreamInput{} + } + + output = &InvokeWithResponseStreamOutput{} + req = c.newRequest(op, input, output) + + es := NewInvokeWithResponseStreamEventStream() + output.eventStream = es + + req.Handlers.Send.Swap(client.LogHTTPResponseHandler.Name, client.LogHTTPResponseHeaderHandler) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, rest.UnmarshalHandler) + req.Handlers.Unmarshal.PushBack(es.runOutputStream) + req.Handlers.Unmarshal.PushBack(es.runOnStreamPartClose) + return +} + +// InvokeWithResponseStream API operation for AWS Lambda. +// +// Configure your Lambda functions to stream response payloads back to clients. +// For more information, see Configuring a Lambda function to stream responses +// (https://docs.aws.amazon.com/lambda/latest/dg/configuration-response-streaming.html). +// +// This operation requires permission for the lambda:InvokeFunction (https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awslambda.html) +// action. For details on how to set up permissions for cross-account invocations, +// see Granting function access to other accounts (https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-xaccountinvoke). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Lambda's +// API operation InvokeWithResponseStream for usage and error information. +// +// Returned Error Types: +// +// - ServiceException +// The Lambda service encountered an internal error. +// +// - ResourceNotFoundException +// The resource specified in the request does not exist. +// +// - InvalidRequestContentException +// The request body could not be parsed as JSON. +// +// - RequestTooLargeException +// The request payload exceeded the Invoke request body JSON input quota. For +// more information, see Lambda quotas (https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html). +// +// - UnsupportedMediaTypeException +// The content type of the Invoke request body is not JSON. +// +// - TooManyRequestsException +// The request throughput limit was exceeded. For more information, see Lambda +// quotas (https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html#api-requests). +// +// - InvalidParameterValueException +// One of the parameters in the request is not valid. +// +// - EC2UnexpectedException +// Lambda received an unexpected Amazon EC2 client exception while setting up +// for the Lambda function. +// +// - SubnetIPAddressLimitReachedException +// Lambda couldn't set up VPC access for the Lambda function because one or +// more configured subnets has no available IP addresses. +// +// - ENILimitReachedException +// Lambda couldn't create an elastic network interface in the VPC, specified +// as part of Lambda function configuration, because the limit for network interfaces +// has been reached. For more information, see Lambda quotas (https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html). +// +// - EFSMountConnectivityException +// The Lambda function couldn't make a network connection to the configured +// file system. +// +// - EFSMountFailureException +// The Lambda function couldn't mount the configured file system due to a permission +// or configuration issue. +// +// - EFSMountTimeoutException +// The Lambda function made a network connection to the configured file system, +// but the mount operation timed out. +// +// - EFSIOException +// An error occurred when reading from or writing to a connected file system. +// +// - SnapStartException +// The afterRestore() runtime hook (https://docs.aws.amazon.com/lambda/latest/dg/snapstart-runtime-hooks.html) +// encountered an error. For more information, check the Amazon CloudWatch logs. +// +// - SnapStartTimeoutException +// Lambda couldn't restore the snapshot within the timeout limit. +// +// - SnapStartNotReadyException +// Lambda is initializing your function. You can invoke the function when the +// function state (https://docs.aws.amazon.com/lambda/latest/dg/functions-states.html) +// becomes Active. +// +// - EC2ThrottledException +// Amazon EC2 throttled Lambda during Lambda function initialization using the +// execution role provided for the function. +// +// - EC2AccessDeniedException +// Need additional permissions to configure VPC settings. +// +// - InvalidSubnetIDException +// The subnet ID provided in the Lambda function VPC configuration is not valid. +// +// - InvalidSecurityGroupIDException +// The security group ID provided in the Lambda function VPC configuration is +// not valid. +// +// - InvalidZipFileException +// Lambda could not unzip the deployment package. +// +// - KMSDisabledException +// Lambda couldn't decrypt the environment variables because the KMS key used +// is disabled. Check the Lambda function's KMS key settings. +// +// - KMSInvalidStateException +// Lambda couldn't decrypt the environment variables because the state of the +// KMS key used is not valid for Decrypt. Check the function's KMS key settings. +// +// - KMSAccessDeniedException +// Lambda couldn't decrypt the environment variables because KMS access was +// denied. Check the Lambda function's KMS permissions. +// +// - KMSNotFoundException +// Lambda couldn't decrypt the environment variables because the KMS key was +// not found. Check the function's KMS key settings. +// +// - InvalidRuntimeException +// The runtime or runtime version specified is not supported. +// +// - ResourceConflictException +// The resource already exists, or another operation is in progress. +// +// - ResourceNotReadyException +// The function is inactive and its VPC connection is no longer available. Wait +// for the VPC connection to reestablish and try again. +// +// - RecursiveInvocationException +// Lambda has detected your function being invoked in a recursive loop with +// other Amazon Web Services resources and stopped your function's invocation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/InvokeWithResponseStream +func (c *Lambda) InvokeWithResponseStream(input *InvokeWithResponseStreamInput) (*InvokeWithResponseStreamOutput, error) { + req, out := c.InvokeWithResponseStreamRequest(input) + return out, req.Send() +} + +// InvokeWithResponseStreamWithContext is the same as InvokeWithResponseStream with the addition of +// the ability to pass a context and additional request options. +// +// See InvokeWithResponseStream for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Lambda) InvokeWithResponseStreamWithContext(ctx aws.Context, input *InvokeWithResponseStreamInput, opts ...request.Option) (*InvokeWithResponseStreamOutput, error) { + req, out := c.InvokeWithResponseStreamRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +var _ awserr.Error + +// InvokeWithResponseStreamEventStream provides the event stream handling for the InvokeWithResponseStream. +// +// For testing and mocking the event stream this type should be initialized via +// the NewInvokeWithResponseStreamEventStream constructor function. Using the functional options +// to pass in nested mock behavior. +type InvokeWithResponseStreamEventStream struct { + + // Reader is the EventStream reader for the InvokeWithResponseStreamResponseEvent + // events. This value is automatically set by the SDK when the API call is made + // Use this member when unit testing your code with the SDK to mock out the + // EventStream Reader. + // + // Must not be nil. + Reader InvokeWithResponseStreamResponseEventReader + + outputReader io.ReadCloser + + done chan struct{} + closeOnce sync.Once + err *eventstreamapi.OnceError +} + +// NewInvokeWithResponseStreamEventStream initializes an InvokeWithResponseStreamEventStream. +// This function should only be used for testing and mocking the InvokeWithResponseStreamEventStream +// stream within your application. +// +// The Reader member must be set before reading events from the stream. +// +// es := NewInvokeWithResponseStreamEventStream(func(o *InvokeWithResponseStreamEventStream){ +// es.Reader = myMockStreamReader +// }) +func NewInvokeWithResponseStreamEventStream(opts ...func(*InvokeWithResponseStreamEventStream)) *InvokeWithResponseStreamEventStream { + es := &InvokeWithResponseStreamEventStream{ + done: make(chan struct{}), + err: eventstreamapi.NewOnceError(), + } + + for _, fn := range opts { + fn(es) + } + + return es +} + +func (es *InvokeWithResponseStreamEventStream) runOnStreamPartClose(r *request.Request) { + if es.done == nil { + return + } + go es.waitStreamPartClose() + +} + +func (es *InvokeWithResponseStreamEventStream) waitStreamPartClose() { + var outputErrCh <-chan struct{} + if v, ok := es.Reader.(interface{ ErrorSet() <-chan struct{} }); ok { + outputErrCh = v.ErrorSet() + } + var outputClosedCh <-chan struct{} + if v, ok := es.Reader.(interface{ Closed() <-chan struct{} }); ok { + outputClosedCh = v.Closed() + } + + select { + case <-es.done: + case <-outputErrCh: + es.err.SetError(es.Reader.Err()) + es.Close() + case <-outputClosedCh: + if err := es.Reader.Err(); err != nil { + es.err.SetError(es.Reader.Err()) + } + es.Close() + } +} + +// Events returns a channel to read events from. +// +// These events are: +// +// - InvokeWithResponseStreamCompleteEvent +// - InvokeResponseStreamUpdate +// - InvokeWithResponseStreamResponseEventUnknownEvent +func (es *InvokeWithResponseStreamEventStream) Events() <-chan InvokeWithResponseStreamResponseEventEvent { + return es.Reader.Events() +} + +func (es *InvokeWithResponseStreamEventStream) runOutputStream(r *request.Request) { + var opts []func(*eventstream.Decoder) + if r.Config.Logger != nil && r.Config.LogLevel.Matches(aws.LogDebugWithEventStreamBody) { + opts = append(opts, eventstream.DecodeWithLogger(r.Config.Logger)) + } + + unmarshalerForEvent := unmarshalerForInvokeWithResponseStreamResponseEventEvent{ + metadata: protocol.ResponseMetadata{ + StatusCode: r.HTTPResponse.StatusCode, + RequestID: r.RequestID, + }, + }.UnmarshalerForEventName + + decoder := eventstream.NewDecoder(r.HTTPResponse.Body, opts...) + eventReader := eventstreamapi.NewEventReader(decoder, + protocol.HandlerPayloadUnmarshal{ + Unmarshalers: r.Handlers.UnmarshalStream, + }, + unmarshalerForEvent, + ) + + es.outputReader = r.HTTPResponse.Body + es.Reader = newReadInvokeWithResponseStreamResponseEvent(eventReader) +} + +// Close closes the stream. This will also cause the stream to be closed. +// Close must be called when done using the stream API. Not calling Close +// may result in resource leaks. +// +// You can use the closing of the Reader's Events channel to terminate your +// application's read from the API's stream. +func (es *InvokeWithResponseStreamEventStream) Close() (err error) { + es.closeOnce.Do(es.safeClose) + return es.Err() +} + +func (es *InvokeWithResponseStreamEventStream) safeClose() { + if es.done != nil { + close(es.done) + } + + es.Reader.Close() + if es.outputReader != nil { + es.outputReader.Close() + } +} + +// Err returns any error that occurred while reading or writing EventStream +// Events from the service API's response. Returns nil if there were no errors. +func (es *InvokeWithResponseStreamEventStream) Err() error { + if err := es.err.Err(); err != nil { + return err + } + if err := es.Reader.Err(); err != nil { + return err + } + + return nil +} + const opListAliases = "ListAliases" // ListAliasesRequest generates a "aws/request.Request" representing the @@ -6553,6 +6916,8 @@ func (c *Lambda) UpdateEventSourceMappingRequest(input *UpdateEventSourceMapping // // - Apache Kafka (https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html) // +// - Amazon DocumentDB (https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html) +// // The following error handling options are available only for stream sources // (DynamoDB and Kinesis): // @@ -6587,6 +6952,8 @@ func (c *Lambda) UpdateEventSourceMappingRequest(input *UpdateEventSourceMapping // // - Apache Kafka (https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-kafka-parms) // +// - Amazon DocumentDB (https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html#docdb-configuration) +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7404,9 +7771,9 @@ type AddPermissionInput struct { FunctionName *string `location:"uri" locationName:"FunctionName" min:"1" type:"string" required:"true"` // The type of authentication that your function URL uses. Set to AWS_IAM if - // you want to restrict access to authenticated IAM users only. Set to NONE - // if you want to bypass IAM authentication to create a public endpoint. For - // more information, see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + // you want to restrict access to authenticated users only. Set to NONE if you + // want to bypass IAM authentication to create a public endpoint. For more information, + // see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). FunctionUrlAuthType *string `type:"string" enum:"FunctionUrlAuthType"` // The Amazon Web Service or Amazon Web Services account that invokes the function. @@ -8468,16 +8835,21 @@ type CreateEventSourceMappingInput struct { // * Self-managed Apache Kafka – Default 100. Max 10,000. // // * Amazon MQ (ActiveMQ and RabbitMQ) – Default 100. Max 10,000. + // + // * DocumentDB – Default 100. Max 10,000. BatchSize *int64 `min:"1" type:"integer"` - // (Streams only) If the function returns an error, split the batch in two and - // retry. + // (Kinesis and DynamoDB Streams only) If the function returns an error, split + // the batch in two and retry. BisectBatchOnFunctionError *bool `type:"boolean"` - // (Streams only) An Amazon SQS queue or Amazon SNS topic destination for discarded - // records. + // (Kinesis and DynamoDB Streams only) A standard Amazon SQS queue or standard + // Amazon SNS topic destination for discarded records. DestinationConfig *DestinationConfig `type:"structure"` + // Specific configuration settings for a DocumentDB event source. + DocumentDBEventSourceConfig *DocumentDBEventSourceConfig `type:"structure"` + // When true, the event source mapping is active. When false, Lambda pauses // polling and invocation. // @@ -8495,6 +8867,8 @@ type CreateEventSourceMappingInput struct { // * Amazon Managed Streaming for Apache Kafka – The ARN of the cluster. // // * Amazon MQ – The ARN of the broker. + // + // * Amazon DocumentDB – The ARN of the DocumentDB change stream. EventSourceArn *string `type:"string"` // An object that defines the filter criteria that determine whether Lambda @@ -8520,8 +8894,8 @@ type CreateEventSourceMappingInput struct { // FunctionName is a required field FunctionName *string `min:"1" type:"string" required:"true"` - // (Streams and Amazon SQS) A list of current response type enums applied to - // the event source mapping. + // (Kinesis, DynamoDB Streams, and Amazon SQS) A list of current response type + // enums applied to the event source mapping. FunctionResponseTypes []*string `type:"list" enum:"FunctionResponseType"` // The maximum amount of time, in seconds, that Lambda spends gathering records @@ -8529,28 +8903,29 @@ type CreateEventSourceMappingInput struct { // to any value from 0 seconds to 300 seconds in increments of seconds. // // For streams and Amazon SQS event sources, the default batching window is - // 0 seconds. For Amazon MSK, Self-managed Apache Kafka, and Amazon MQ event - // sources, the default batching window is 500 ms. Note that because you can - // only change MaximumBatchingWindowInSeconds in increments of seconds, you - // cannot revert back to the 500 ms default batching window after you have changed - // it. To restore the default batching window, you must create a new event source - // mapping. + // 0 seconds. For Amazon MSK, Self-managed Apache Kafka, Amazon MQ, and DocumentDB + // event sources, the default batching window is 500 ms. Note that because you + // can only change MaximumBatchingWindowInSeconds in increments of seconds, + // you cannot revert back to the 500 ms default batching window after you have + // changed it. To restore the default batching window, you must create a new + // event source mapping. // // Related setting: For streams and Amazon SQS event sources, when you set BatchSize // to a value greater than 10, you must set MaximumBatchingWindowInSeconds to // at least 1. MaximumBatchingWindowInSeconds *int64 `type:"integer"` - // (Streams only) Discard records older than the specified age. The default - // value is infinite (-1). + // (Kinesis and DynamoDB Streams only) Discard records older than the specified + // age. The default value is infinite (-1). MaximumRecordAgeInSeconds *int64 `type:"integer"` - // (Streams only) Discard records after the specified number of retries. The - // default value is infinite (-1). When set to infinite (-1), failed records - // are retried until the record expires. + // (Kinesis and DynamoDB Streams only) Discard records after the specified number + // of retries. The default value is infinite (-1). When set to infinite (-1), + // failed records are retried until the record expires. MaximumRetryAttempts *int64 `type:"integer"` - // (Streams only) The number of batches to process from each shard concurrently. + // (Kinesis and DynamoDB Streams only) The number of batches to process from + // each shard concurrently. ParallelizationFactor *int64 `min:"1" type:"integer"` // (MQ) The name of the Amazon MQ broker destination queue to consume. @@ -8573,7 +8948,7 @@ type CreateEventSourceMappingInput struct { // The position in a stream from which to start reading. Required for Amazon // Kinesis, Amazon DynamoDB, and Amazon MSK Streams sources. AT_TIMESTAMP is - // supported only for Amazon Kinesis streams. + // supported only for Amazon Kinesis streams and Amazon DocumentDB. StartingPosition *string `type:"string" enum:"EventSourcePosition"` // With StartingPosition set to AT_TIMESTAMP, the time from which to start reading. @@ -8582,8 +8957,9 @@ type CreateEventSourceMappingInput struct { // The name of the Kafka topic. Topics []*string `min:"1" type:"list"` - // (Streams only) The duration in seconds of a processing window. The range - // is between 1 second and 900 seconds. + // (Kinesis and DynamoDB Streams only) The duration in seconds of a processing + // window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds + // indicates no tumbling window. TumblingWindowInSeconds *int64 `type:"integer"` } @@ -8637,6 +9013,11 @@ func (s *CreateEventSourceMappingInput) Validate() error { invalidParams.AddNested("AmazonManagedKafkaEventSourceConfig", err.(request.ErrInvalidParams)) } } + if s.DocumentDBEventSourceConfig != nil { + if err := s.DocumentDBEventSourceConfig.Validate(); err != nil { + invalidParams.AddNested("DocumentDBEventSourceConfig", err.(request.ErrInvalidParams)) + } + } if s.ScalingConfig != nil { if err := s.ScalingConfig.Validate(); err != nil { invalidParams.AddNested("ScalingConfig", err.(request.ErrInvalidParams)) @@ -8693,6 +9074,12 @@ func (s *CreateEventSourceMappingInput) SetDestinationConfig(v *DestinationConfi return s } +// SetDocumentDBEventSourceConfig sets the DocumentDBEventSourceConfig field's value. +func (s *CreateEventSourceMappingInput) SetDocumentDBEventSourceConfig(v *DocumentDBEventSourceConfig) *CreateEventSourceMappingInput { + s.DocumentDBEventSourceConfig = v + return s +} + // SetEnabled sets the Enabled field's value. func (s *CreateEventSourceMappingInput) SetEnabled(v bool) *CreateEventSourceMappingInput { s.Enabled = &v @@ -8864,9 +9251,15 @@ type CreateFunctionInput struct { // that override the values in the container image Dockerfile. ImageConfig *ImageConfig `type:"structure"` - // The ARN of the Key Management Service (KMS) key that's used to encrypt your - // function's environment variables. If it's not provided, Lambda uses a default - // service key. + // The ARN of the Key Management Service (KMS) customer managed key that's used + // to encrypt your function's environment variables (https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). + // When Lambda SnapStart (https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) + // is activated, Lambda also uses this key is to encrypt your function's snapshot. + // If you deploy your function using a container image, Lambda also uses this + // key to encrypt your function when it's deployed. Note that this is not the + // same key that's used to protect your container image in the Amazon Elastic + // Container Registry (Amazon ECR). If you don't provide a customer managed + // key, Lambda uses a default service key. KMSKeyArn *string `type:"string"` // A list of function layers (https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) @@ -8893,6 +9286,9 @@ type CreateFunctionInput struct { // The identifier of the function's runtime (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). // Runtime is required if the deployment package is a .zip file archive. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). Runtime *string `type:"string" enum:"Runtime"` // The function's SnapStart (https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) @@ -9131,9 +9527,9 @@ type CreateFunctionUrlConfigInput struct { _ struct{} `type:"structure"` // The type of authentication that your function URL uses. Set to AWS_IAM if - // you want to restrict access to authenticated IAM users only. Set to NONE - // if you want to bypass IAM authentication to create a public endpoint. For - // more information, see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + // you want to restrict access to authenticated users only. Set to NONE if you + // want to bypass IAM authentication to create a public endpoint. For more information, + // see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). // // AuthType is a required field AuthType *string `type:"string" required:"true" enum:"FunctionUrlAuthType"` @@ -9158,6 +9554,18 @@ type CreateFunctionUrlConfigInput struct { // FunctionName is a required field FunctionName *string `location:"uri" locationName:"FunctionName" min:"1" type:"string" required:"true"` + // Use one of the following options: + // + // * BUFFERED – This is the default option. Lambda invokes your function + // using the Invoke API operation. Invocation results are available when + // the payload is complete. The maximum payload size is 6 MB. + // + // * RESPONSE_STREAM – Your function streams payload results as they become + // available. Lambda invokes your function using the InvokeWithResponseStream + // API operation. The maximum response payload size is 20 MB, however, you + // can request a quota increase (https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html). + InvokeMode *string `type:"string" enum:"InvokeMode"` + // The alias name. Qualifier *string `location:"querystring" locationName:"Qualifier" min:"1" type:"string"` } @@ -9220,6 +9628,12 @@ func (s *CreateFunctionUrlConfigInput) SetFunctionName(v string) *CreateFunction return s } +// SetInvokeMode sets the InvokeMode field's value. +func (s *CreateFunctionUrlConfigInput) SetInvokeMode(v string) *CreateFunctionUrlConfigInput { + s.InvokeMode = &v + return s +} + // SetQualifier sets the Qualifier field's value. func (s *CreateFunctionUrlConfigInput) SetQualifier(v string) *CreateFunctionUrlConfigInput { s.Qualifier = &v @@ -9230,9 +9644,9 @@ type CreateFunctionUrlConfigOutput struct { _ struct{} `type:"structure"` // The type of authentication that your function URL uses. Set to AWS_IAM if - // you want to restrict access to authenticated IAM users only. Set to NONE - // if you want to bypass IAM authentication to create a public endpoint. For - // more information, see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + // you want to restrict access to authenticated users only. Set to NONE if you + // want to bypass IAM authentication to create a public endpoint. For more information, + // see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). // // AuthType is a required field AuthType *string `type:"string" required:"true" enum:"FunctionUrlAuthType"` @@ -9256,6 +9670,18 @@ type CreateFunctionUrlConfigOutput struct { // // FunctionUrl is a required field FunctionUrl *string `min:"40" type:"string" required:"true"` + + // Use one of the following options: + // + // * BUFFERED – This is the default option. Lambda invokes your function + // using the Invoke API operation. Invocation results are available when + // the payload is complete. The maximum payload size is 6 MB. + // + // * RESPONSE_STREAM – Your function streams payload results as they become + // available. Lambda invokes your function using the InvokeWithResponseStream + // API operation. The maximum response payload size is 20 MB, however, you + // can request a quota increase (https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html). + InvokeMode *string `type:"string" enum:"InvokeMode"` } // String returns the string representation. @@ -9306,6 +9732,12 @@ func (s *CreateFunctionUrlConfigOutput) SetFunctionUrl(v string) *CreateFunction return s } +// SetInvokeMode sets the InvokeMode field's value. +func (s *CreateFunctionUrlConfigOutput) SetInvokeMode(v string) *CreateFunctionUrlConfigOutput { + s.InvokeMode = &v + return s +} + // The dead-letter queue (https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq) // for failed asynchronous invocations. type DeadLetterConfig struct { @@ -10232,14 +10664,22 @@ func (s *DestinationConfig) SetOnSuccess(v *OnSuccess) *DestinationConfig { return s } -// Need additional permissions to configure VPC settings. -type EC2AccessDeniedException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` +// Specific configuration settings for a DocumentDB event source. +type DocumentDBEventSourceConfig struct { + _ struct{} `type:"structure"` - Message_ *string `locationName:"Message" type:"string"` + // The name of the collection to consume within the database. If you do not + // specify a collection, Lambda consumes all collections. + CollectionName *string `min:"1" type:"string"` - Type *string `type:"string"` + // The name of the database to consume within the DocumentDB cluster. + DatabaseName *string `min:"1" type:"string"` + + // Determines what DocumentDB sends to your event stream during document update + // operations. If set to UpdateLookup, DocumentDB sends a delta describing the + // changes, along with a copy of the entire document. Otherwise, DocumentDB + // sends only a partial document that contains the changes. + FullDocument *string `type:"string" enum:"FullDocument"` } // String returns the string representation. @@ -10247,7 +10687,69 @@ type EC2AccessDeniedException struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s EC2AccessDeniedException) String() string { +func (s DocumentDBEventSourceConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DocumentDBEventSourceConfig) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DocumentDBEventSourceConfig) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DocumentDBEventSourceConfig"} + if s.CollectionName != nil && len(*s.CollectionName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CollectionName", 1)) + } + if s.DatabaseName != nil && len(*s.DatabaseName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DatabaseName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCollectionName sets the CollectionName field's value. +func (s *DocumentDBEventSourceConfig) SetCollectionName(v string) *DocumentDBEventSourceConfig { + s.CollectionName = &v + return s +} + +// SetDatabaseName sets the DatabaseName field's value. +func (s *DocumentDBEventSourceConfig) SetDatabaseName(v string) *DocumentDBEventSourceConfig { + s.DatabaseName = &v + return s +} + +// SetFullDocument sets the FullDocument field's value. +func (s *DocumentDBEventSourceConfig) SetFullDocument(v string) *DocumentDBEventSourceConfig { + s.FullDocument = &v + return s +} + +// Need additional permissions to configure VPC settings. +type EC2AccessDeniedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` + + Type *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EC2AccessDeniedException) String() string { return awsutil.Prettify(s) } @@ -10973,14 +11475,17 @@ type EventSourceMappingConfiguration struct { // set MaximumBatchingWindowInSeconds to at least 1. BatchSize *int64 `min:"1" type:"integer"` - // (Streams only) If the function returns an error, split the batch in two and - // retry. The default value is false. + // (Kinesis and DynamoDB Streams only) If the function returns an error, split + // the batch in two and retry. The default value is false. BisectBatchOnFunctionError *bool `type:"boolean"` - // (Streams only) An Amazon SQS queue or Amazon SNS topic destination for discarded - // records. + // (Kinesis and DynamoDB Streams only) An Amazon SQS queue or Amazon SNS topic + // destination for discarded records. DestinationConfig *DestinationConfig `type:"structure"` + // Specific configuration settings for a DocumentDB event source. + DocumentDBEventSourceConfig *DocumentDBEventSourceConfig `type:"structure"` + // The Amazon Resource Name (ARN) of the event source. EventSourceArn *string `type:"string"` @@ -10992,8 +11497,8 @@ type EventSourceMappingConfiguration struct { // The ARN of the Lambda function. FunctionArn *string `type:"string"` - // (Streams and Amazon SQS) A list of current response type enums applied to - // the event source mapping. + // (Kinesis, DynamoDB Streams, and Amazon SQS) A list of current response type + // enums applied to the event source mapping. FunctionResponseTypes []*string `type:"list" enum:"FunctionResponseType"` // The date that the event source mapping was last updated or that its state @@ -11008,31 +11513,35 @@ type EventSourceMappingConfiguration struct { // to any value from 0 seconds to 300 seconds in increments of seconds. // // For streams and Amazon SQS event sources, the default batching window is - // 0 seconds. For Amazon MSK, Self-managed Apache Kafka, and Amazon MQ event - // sources, the default batching window is 500 ms. Note that because you can - // only change MaximumBatchingWindowInSeconds in increments of seconds, you - // cannot revert back to the 500 ms default batching window after you have changed - // it. To restore the default batching window, you must create a new event source - // mapping. + // 0 seconds. For Amazon MSK, Self-managed Apache Kafka, Amazon MQ, and DocumentDB + // event sources, the default batching window is 500 ms. Note that because you + // can only change MaximumBatchingWindowInSeconds in increments of seconds, + // you cannot revert back to the 500 ms default batching window after you have + // changed it. To restore the default batching window, you must create a new + // event source mapping. // // Related setting: For streams and Amazon SQS event sources, when you set BatchSize // to a value greater than 10, you must set MaximumBatchingWindowInSeconds to // at least 1. MaximumBatchingWindowInSeconds *int64 `type:"integer"` - // (Streams only) Discard records older than the specified age. The default - // value is -1, which sets the maximum age to infinite. When the value is set - // to infinite, Lambda never discards old records. + // (Kinesis and DynamoDB Streams only) Discard records older than the specified + // age. The default value is -1, which sets the maximum age to infinite. When + // the value is set to infinite, Lambda never discards old records. + // + // The minimum valid value for maximum record age is 60s. Although values less + // than 60 and greater than -1 fall within the parameter's absolute range, they + // are not allowed MaximumRecordAgeInSeconds *int64 `type:"integer"` - // (Streams only) Discard records after the specified number of retries. The - // default value is -1, which sets the maximum number of retries to infinite. - // When MaximumRetryAttempts is infinite, Lambda retries failed records until - // the record expires in the event source. + // (Kinesis and DynamoDB Streams only) Discard records after the specified number + // of retries. The default value is -1, which sets the maximum number of retries + // to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed + // records until the record expires in the event source. MaximumRetryAttempts *int64 `type:"integer"` - // (Streams only) The number of batches to process concurrently from each shard. - // The default value is 1. + // (Kinesis and DynamoDB Streams only) The number of batches to process concurrently + // from each shard. The default value is 1. ParallelizationFactor *int64 `min:"1" type:"integer"` // (Amazon MQ) The name of the Amazon MQ broker destination queue to consume. @@ -11055,7 +11564,7 @@ type EventSourceMappingConfiguration struct { // The position in a stream from which to start reading. Required for Amazon // Kinesis, Amazon DynamoDB, and Amazon MSK stream sources. AT_TIMESTAMP is - // supported only for Amazon Kinesis streams. + // supported only for Amazon Kinesis streams and Amazon DocumentDB. StartingPosition *string `type:"string" enum:"EventSourcePosition"` // With StartingPosition set to AT_TIMESTAMP, the time from which to start reading. @@ -11072,8 +11581,9 @@ type EventSourceMappingConfiguration struct { // The name of the Kafka topic. Topics []*string `min:"1" type:"list"` - // (Streams only) The duration in seconds of a processing window. The range - // is 1–900 seconds. + // (Kinesis and DynamoDB Streams only) The duration in seconds of a processing + // window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds + // indicates no tumbling window. TumblingWindowInSeconds *int64 `type:"integer"` // The identifier of the event source mapping. @@ -11122,6 +11632,12 @@ func (s *EventSourceMappingConfiguration) SetDestinationConfig(v *DestinationCon return s } +// SetDocumentDBEventSourceConfig sets the DocumentDBEventSourceConfig field's value. +func (s *EventSourceMappingConfiguration) SetDocumentDBEventSourceConfig(v *DocumentDBEventSourceConfig) *EventSourceMappingConfiguration { + s.DocumentDBEventSourceConfig = v + return s +} + // SetEventSourceArn sets the EventSourceArn field's value. func (s *EventSourceMappingConfiguration) SetEventSourceArn(v string) *EventSourceMappingConfiguration { s.EventSourceArn = &v @@ -11584,8 +12100,10 @@ type FunctionConfiguration struct { // The function's image configuration values. ImageConfigResponse *ImageConfigResponse `type:"structure"` - // The KMS key that's used to encrypt the function's environment variables. - // This key is returned only if you've configured a customer managed key. + // The KMS key that's used to encrypt the function's environment variables (https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). + // When Lambda SnapStart (https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) + // is activated, this key is also used to encrypt the function's snapshot. This + // key is returned only if you've configured a customer managed key. KMSKeyArn *string `type:"string"` // The date and time that the function was last updated, in ISO-8601 format @@ -11621,7 +12139,11 @@ type FunctionConfiguration struct { // The function's execution role. Role *string `type:"string"` - // The runtime environment for the Lambda function. + // The identifier of the function's runtime (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). + // Runtime is required if the deployment package is a .zip file archive. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). Runtime *string `type:"string" enum:"Runtime"` // The ARN of the runtime and any errors that occured. @@ -11900,9 +12422,9 @@ type FunctionEventInvokeConfig struct { // // * Function - The Amazon Resource Name (ARN) of a Lambda function. // - // * Queue - The ARN of an SQS queue. + // * Queue - The ARN of a standard SQS queue. // - // * Topic - The ARN of an SNS topic. + // * Topic - The ARN of a standard SNS topic. // // * Event Bus - The ARN of an Amazon EventBridge event bus. DestinationConfig *DestinationConfig `type:"structure"` @@ -11973,9 +12495,9 @@ type FunctionUrlConfig struct { _ struct{} `type:"structure"` // The type of authentication that your function URL uses. Set to AWS_IAM if - // you want to restrict access to authenticated IAM users only. Set to NONE - // if you want to bypass IAM authentication to create a public endpoint. For - // more information, see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + // you want to restrict access to authenticated users only. Set to NONE if you + // want to bypass IAM authentication to create a public endpoint. For more information, + // see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). // // AuthType is a required field AuthType *string `type:"string" required:"true" enum:"FunctionUrlAuthType"` @@ -12000,6 +12522,18 @@ type FunctionUrlConfig struct { // FunctionUrl is a required field FunctionUrl *string `min:"40" type:"string" required:"true"` + // Use one of the following options: + // + // * BUFFERED – This is the default option. Lambda invokes your function + // using the Invoke API operation. Invocation results are available when + // the payload is complete. The maximum payload size is 6 MB. + // + // * RESPONSE_STREAM – Your function streams payload results as they become + // available. Lambda invokes your function using the InvokeWithResponseStream + // API operation. The maximum response payload size is 20 MB, however, you + // can request a quota increase (https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html). + InvokeMode *string `type:"string" enum:"InvokeMode"` + // When the function URL configuration was last updated, in ISO-8601 format // (https://www.w3.org/TR/NOTE-datetime) (YYYY-MM-DDThh:mm:ss.sTZD). // @@ -12055,6 +12589,12 @@ func (s *FunctionUrlConfig) SetFunctionUrl(v string) *FunctionUrlConfig { return s } +// SetInvokeMode sets the InvokeMode field's value. +func (s *FunctionUrlConfig) SetInvokeMode(v string) *FunctionUrlConfig { + s.InvokeMode = &v + return s +} + // SetLastModifiedTime sets the LastModifiedTime field's value. func (s *FunctionUrlConfig) SetLastModifiedTime(v string) *FunctionUrlConfig { s.LastModifiedTime = &v @@ -12693,9 +13233,9 @@ type GetFunctionEventInvokeConfigOutput struct { // // * Function - The Amazon Resource Name (ARN) of a Lambda function. // - // * Queue - The ARN of an SQS queue. + // * Queue - The ARN of a standard SQS queue. // - // * Topic - The ARN of an SNS topic. + // * Topic - The ARN of a standard SNS topic. // // * Event Bus - The ARN of an Amazon EventBridge event bus. DestinationConfig *DestinationConfig `type:"structure"` @@ -12969,9 +13509,9 @@ type GetFunctionUrlConfigOutput struct { _ struct{} `type:"structure"` // The type of authentication that your function URL uses. Set to AWS_IAM if - // you want to restrict access to authenticated IAM users only. Set to NONE - // if you want to bypass IAM authentication to create a public endpoint. For - // more information, see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + // you want to restrict access to authenticated users only. Set to NONE if you + // want to bypass IAM authentication to create a public endpoint. For more information, + // see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). // // AuthType is a required field AuthType *string `type:"string" required:"true" enum:"FunctionUrlAuthType"` @@ -12996,6 +13536,18 @@ type GetFunctionUrlConfigOutput struct { // FunctionUrl is a required field FunctionUrl *string `min:"40" type:"string" required:"true"` + // Use one of the following options: + // + // * BUFFERED – This is the default option. Lambda invokes your function + // using the Invoke API operation. Invocation results are available when + // the payload is complete. The maximum payload size is 6 MB. + // + // * RESPONSE_STREAM – Your function streams payload results as they become + // available. Lambda invokes your function using the InvokeWithResponseStream + // API operation. The maximum response payload size is 20 MB, however, you + // can request a quota increase (https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html). + InvokeMode *string `type:"string" enum:"InvokeMode"` + // When the function URL configuration was last updated, in ISO-8601 format // (https://www.w3.org/TR/NOTE-datetime) (YYYY-MM-DDThh:mm:ss.sTZD). // @@ -13051,6 +13603,12 @@ func (s *GetFunctionUrlConfigOutput) SetFunctionUrl(v string) *GetFunctionUrlCon return s } +// SetInvokeMode sets the InvokeMode field's value. +func (s *GetFunctionUrlConfigOutput) SetInvokeMode(v string) *GetFunctionUrlConfigOutput { + s.InvokeMode = &v + return s +} + // SetLastModifiedTime sets the LastModifiedTime field's value. func (s *GetFunctionUrlConfigOutput) SetLastModifiedTime(v string) *GetFunctionUrlConfigOutput { s.LastModifiedTime = &v @@ -13113,6 +13671,9 @@ type GetLayerVersionByArnOutput struct { CompatibleArchitectures []*string `type:"list" enum:"Architecture"` // The layer's compatible runtimes. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). CompatibleRuntimes []*string `type:"list" enum:"Runtime"` // Details about the layer version. @@ -13280,6 +13841,9 @@ type GetLayerVersionOutput struct { CompatibleArchitectures []*string `type:"list" enum:"Architecture"` // The layer's compatible runtimes. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). CompatibleRuntimes []*string `type:"list" enum:"Runtime"` // Details about the layer version. @@ -13827,6 +14391,9 @@ func (s *GetRuntimeManagementConfigInput) SetQualifier(v string) *GetRuntimeMana type GetRuntimeManagementConfigOutput struct { _ struct{} `type:"structure"` + // The Amazon Resource Name (ARN) of your function. + FunctionArn *string `type:"string"` + // The ARN of the runtime the function is configured to use. If the runtime // update mode is Manual, the ARN is returned, otherwise null is returned. RuntimeVersionArn *string `min:"26" type:"string"` @@ -13853,6 +14420,12 @@ func (s GetRuntimeManagementConfigOutput) GoString() string { return s.String() } +// SetFunctionArn sets the FunctionArn field's value. +func (s *GetRuntimeManagementConfigOutput) SetFunctionArn(v string) *GetRuntimeManagementConfigOutput { + s.FunctionArn = &v + return s +} + // SetRuntimeVersionArn sets the RuntimeVersionArn field's value. func (s *GetRuntimeManagementConfigOutput) SetRuntimeVersionArn(v string) *GetRuntimeManagementConfigOutput { s.RuntimeVersionArn = &v @@ -14787,6 +15360,487 @@ func (s *InvokeOutput) SetStatusCode(v int64) *InvokeOutput { return s } +// A chunk of the streamed response payload. +type InvokeResponseStreamUpdate struct { + _ struct{} `type:"structure" payload:"Payload"` + + // Data returned by your Lambda function. + // + // Payload is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by InvokeResponseStreamUpdate's + // String and GoString methods. + // + // Payload is automatically base64 encoded/decoded by the SDK. + Payload []byte `type:"blob" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvokeResponseStreamUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvokeResponseStreamUpdate) GoString() string { + return s.String() +} + +// SetPayload sets the Payload field's value. +func (s *InvokeResponseStreamUpdate) SetPayload(v []byte) *InvokeResponseStreamUpdate { + s.Payload = v + return s +} + +// The InvokeResponseStreamUpdate is and event in the InvokeWithResponseStreamResponseEvent group of events. +func (s *InvokeResponseStreamUpdate) eventInvokeWithResponseStreamResponseEvent() {} + +// UnmarshalEvent unmarshals the EventStream Message into the InvokeResponseStreamUpdate value. +// This method is only used internally within the SDK's EventStream handling. +func (s *InvokeResponseStreamUpdate) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + s.Payload = make([]byte, len(msg.Payload)) + copy(s.Payload, msg.Payload) + return nil +} + +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (s *InvokeResponseStreamUpdate) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + msg.Headers.Set(":content-type", eventstream.StringValue("application/octet-stream")) + msg.Payload = s.Payload + return msg, err +} + +// A response confirming that the event stream is complete. +type InvokeWithResponseStreamCompleteEvent struct { + _ struct{} `type:"structure"` + + // An error code. + ErrorCode *string `type:"string"` + + // The details of any returned error. + ErrorDetails *string `type:"string"` + + // The last 4 KB of the execution log, which is base64-encoded. + LogResult *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvokeWithResponseStreamCompleteEvent) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvokeWithResponseStreamCompleteEvent) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *InvokeWithResponseStreamCompleteEvent) SetErrorCode(v string) *InvokeWithResponseStreamCompleteEvent { + s.ErrorCode = &v + return s +} + +// SetErrorDetails sets the ErrorDetails field's value. +func (s *InvokeWithResponseStreamCompleteEvent) SetErrorDetails(v string) *InvokeWithResponseStreamCompleteEvent { + s.ErrorDetails = &v + return s +} + +// SetLogResult sets the LogResult field's value. +func (s *InvokeWithResponseStreamCompleteEvent) SetLogResult(v string) *InvokeWithResponseStreamCompleteEvent { + s.LogResult = &v + return s +} + +// The InvokeWithResponseStreamCompleteEvent is and event in the InvokeWithResponseStreamResponseEvent group of events. +func (s *InvokeWithResponseStreamCompleteEvent) eventInvokeWithResponseStreamResponseEvent() {} + +// UnmarshalEvent unmarshals the EventStream Message into the InvokeWithResponseStreamCompleteEvent value. +// This method is only used internally within the SDK's EventStream handling. +func (s *InvokeWithResponseStreamCompleteEvent) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + if err := payloadUnmarshaler.UnmarshalPayload( + bytes.NewReader(msg.Payload), s, + ); err != nil { + return err + } + return nil +} + +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (s *InvokeWithResponseStreamCompleteEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err + } + msg.Payload = buf.Bytes() + return msg, err +} + +type InvokeWithResponseStreamInput struct { + _ struct{} `type:"structure" payload:"Payload"` + + // Up to 3,583 bytes of base64-encoded data about the invoking client to pass + // to the function in the context object. + ClientContext *string `location:"header" locationName:"X-Amz-Client-Context" type:"string"` + + // The name of the Lambda function. + // + // Name formats + // + // * Function name – my-function. + // + // * Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function. + // + // * Partial ARN – 123456789012:function:my-function. + // + // The length constraint applies only to the full ARN. If you specify only the + // function name, it is limited to 64 characters in length. + // + // FunctionName is a required field + FunctionName *string `location:"uri" locationName:"FunctionName" min:"1" type:"string" required:"true"` + + // Use one of the following options: + // + // * RequestResponse (default) – Invoke the function synchronously. Keep + // the connection open until the function returns a response or times out. + // The API operation response includes the function response and additional + // data. + // + // * DryRun – Validate parameter values and verify that the IAM user or + // role has permission to invoke the function. + InvocationType *string `location:"header" locationName:"X-Amz-Invocation-Type" type:"string" enum:"ResponseStreamingInvocationType"` + + // Set to Tail to include the execution log in the response. Applies to synchronously + // invoked functions only. + LogType *string `location:"header" locationName:"X-Amz-Log-Type" type:"string" enum:"LogType"` + + // The JSON that you want to provide to your Lambda function as input. + // + // You can enter the JSON directly. For example, --payload '{ "key": "value" + // }'. You can also specify a file path. For example, --payload file://payload.json. + // + // Payload is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by InvokeWithResponseStreamInput's + // String and GoString methods. + Payload []byte `type:"blob" sensitive:"true"` + + // The alias name. + Qualifier *string `location:"querystring" locationName:"Qualifier" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvokeWithResponseStreamInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvokeWithResponseStreamInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *InvokeWithResponseStreamInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "InvokeWithResponseStreamInput"} + if s.FunctionName == nil { + invalidParams.Add(request.NewErrParamRequired("FunctionName")) + } + if s.FunctionName != nil && len(*s.FunctionName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FunctionName", 1)) + } + if s.Qualifier != nil && len(*s.Qualifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Qualifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientContext sets the ClientContext field's value. +func (s *InvokeWithResponseStreamInput) SetClientContext(v string) *InvokeWithResponseStreamInput { + s.ClientContext = &v + return s +} + +// SetFunctionName sets the FunctionName field's value. +func (s *InvokeWithResponseStreamInput) SetFunctionName(v string) *InvokeWithResponseStreamInput { + s.FunctionName = &v + return s +} + +// SetInvocationType sets the InvocationType field's value. +func (s *InvokeWithResponseStreamInput) SetInvocationType(v string) *InvokeWithResponseStreamInput { + s.InvocationType = &v + return s +} + +// SetLogType sets the LogType field's value. +func (s *InvokeWithResponseStreamInput) SetLogType(v string) *InvokeWithResponseStreamInput { + s.LogType = &v + return s +} + +// SetPayload sets the Payload field's value. +func (s *InvokeWithResponseStreamInput) SetPayload(v []byte) *InvokeWithResponseStreamInput { + s.Payload = v + return s +} + +// SetQualifier sets the Qualifier field's value. +func (s *InvokeWithResponseStreamInput) SetQualifier(v string) *InvokeWithResponseStreamInput { + s.Qualifier = &v + return s +} + +type InvokeWithResponseStreamOutput struct { + _ struct{} `type:"structure" payload:"EventStream"` + + eventStream *InvokeWithResponseStreamEventStream + + // The version of the function that executed. When you invoke a function with + // an alias, this indicates which version the alias resolved to. + ExecutedVersion *string `location:"header" locationName:"X-Amz-Executed-Version" min:"1" type:"string"` + + // The type of data the stream is returning. + ResponseStreamContentType *string `location:"header" locationName:"Content-Type" type:"string"` + + // For a successful request, the HTTP status code is in the 200 range. For the + // RequestResponse invocation type, this status code is 200. For the DryRun + // invocation type, this status code is 204. + StatusCode *int64 `location:"statusCode" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvokeWithResponseStreamOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvokeWithResponseStreamOutput) GoString() string { + return s.String() +} + +// SetExecutedVersion sets the ExecutedVersion field's value. +func (s *InvokeWithResponseStreamOutput) SetExecutedVersion(v string) *InvokeWithResponseStreamOutput { + s.ExecutedVersion = &v + return s +} + +// SetResponseStreamContentType sets the ResponseStreamContentType field's value. +func (s *InvokeWithResponseStreamOutput) SetResponseStreamContentType(v string) *InvokeWithResponseStreamOutput { + s.ResponseStreamContentType = &v + return s +} + +// SetStatusCode sets the StatusCode field's value. +func (s *InvokeWithResponseStreamOutput) SetStatusCode(v int64) *InvokeWithResponseStreamOutput { + s.StatusCode = &v + return s +} + +// GetStream returns the type to interact with the event stream. +func (s *InvokeWithResponseStreamOutput) GetStream() *InvokeWithResponseStreamEventStream { + return s.eventStream +} + +// InvokeWithResponseStreamResponseEventEvent groups together all EventStream +// events writes for InvokeWithResponseStreamResponseEvent. +// +// These events are: +// +// - InvokeWithResponseStreamCompleteEvent +// - InvokeResponseStreamUpdate +type InvokeWithResponseStreamResponseEventEvent interface { + eventInvokeWithResponseStreamResponseEvent() + eventstreamapi.Marshaler + eventstreamapi.Unmarshaler +} + +// InvokeWithResponseStreamResponseEventReader provides the interface for reading to the stream. The +// default implementation for this interface will be InvokeWithResponseStreamResponseEvent. +// +// The reader's Close method must allow multiple concurrent calls. +// +// These events are: +// +// - InvokeWithResponseStreamCompleteEvent +// - InvokeResponseStreamUpdate +// - InvokeWithResponseStreamResponseEventUnknownEvent +type InvokeWithResponseStreamResponseEventReader interface { + // Returns a channel of events as they are read from the event stream. + Events() <-chan InvokeWithResponseStreamResponseEventEvent + + // Close will stop the reader reading events from the stream. + Close() error + + // Returns any error that has occurred while reading from the event stream. + Err() error +} + +type readInvokeWithResponseStreamResponseEvent struct { + eventReader *eventstreamapi.EventReader + stream chan InvokeWithResponseStreamResponseEventEvent + err *eventstreamapi.OnceError + + done chan struct{} + closeOnce sync.Once +} + +func newReadInvokeWithResponseStreamResponseEvent(eventReader *eventstreamapi.EventReader) *readInvokeWithResponseStreamResponseEvent { + r := &readInvokeWithResponseStreamResponseEvent{ + eventReader: eventReader, + stream: make(chan InvokeWithResponseStreamResponseEventEvent), + done: make(chan struct{}), + err: eventstreamapi.NewOnceError(), + } + go r.readEventStream() + + return r +} + +// Close will close the underlying event stream reader. +func (r *readInvokeWithResponseStreamResponseEvent) Close() error { + r.closeOnce.Do(r.safeClose) + return r.Err() +} + +func (r *readInvokeWithResponseStreamResponseEvent) ErrorSet() <-chan struct{} { + return r.err.ErrorSet() +} + +func (r *readInvokeWithResponseStreamResponseEvent) Closed() <-chan struct{} { + return r.done +} + +func (r *readInvokeWithResponseStreamResponseEvent) safeClose() { + close(r.done) +} + +func (r *readInvokeWithResponseStreamResponseEvent) Err() error { + return r.err.Err() +} + +func (r *readInvokeWithResponseStreamResponseEvent) Events() <-chan InvokeWithResponseStreamResponseEventEvent { + return r.stream +} + +func (r *readInvokeWithResponseStreamResponseEvent) readEventStream() { + defer r.Close() + defer close(r.stream) + + for { + event, err := r.eventReader.ReadEvent() + if err != nil { + if err == io.EOF { + return + } + select { + case <-r.done: + // If closed already ignore the error + return + default: + } + if _, ok := err.(*eventstreamapi.UnknownMessageTypeError); ok { + continue + } + r.err.SetError(err) + return + } + + select { + case r.stream <- event.(InvokeWithResponseStreamResponseEventEvent): + case <-r.done: + return + } + } +} + +type unmarshalerForInvokeWithResponseStreamResponseEventEvent struct { + metadata protocol.ResponseMetadata +} + +func (u unmarshalerForInvokeWithResponseStreamResponseEventEvent) UnmarshalerForEventName(eventType string) (eventstreamapi.Unmarshaler, error) { + switch eventType { + case "InvokeComplete": + return &InvokeWithResponseStreamCompleteEvent{}, nil + case "PayloadChunk": + return &InvokeResponseStreamUpdate{}, nil + default: + return &InvokeWithResponseStreamResponseEventUnknownEvent{Type: eventType}, nil + } +} + +// InvokeWithResponseStreamResponseEventUnknownEvent provides a failsafe event for the +// InvokeWithResponseStreamResponseEvent group of events when an unknown event is received. +type InvokeWithResponseStreamResponseEventUnknownEvent struct { + Type string + Message eventstream.Message +} + +// The InvokeWithResponseStreamResponseEventUnknownEvent is and event in the InvokeWithResponseStreamResponseEvent +// group of events. +func (s *InvokeWithResponseStreamResponseEventUnknownEvent) eventInvokeWithResponseStreamResponseEvent() { +} + +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (e *InvokeWithResponseStreamResponseEventUnknownEvent) MarshalEvent(pm protocol.PayloadMarshaler) ( + msg eventstream.Message, err error, +) { + return e.Message.Clone(), nil +} + +// UnmarshalEvent unmarshals the EventStream Message into the InvokeWithResponseStreamResponseEvent value. +// This method is only used internally within the SDK's EventStream handling. +func (e *InvokeWithResponseStreamResponseEventUnknownEvent) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + e.Message = msg.Clone() + return nil +} + // Lambda couldn't decrypt the environment variables because KMS access was // denied. Check the Lambda function's KMS permissions. type KMSAccessDeniedException struct { @@ -15276,6 +16330,9 @@ type LayerVersionsListItem struct { CompatibleArchitectures []*string `type:"list" enum:"Architecture"` // The layer's compatible runtimes. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). CompatibleRuntimes []*string `type:"list" enum:"Runtime"` // The date that the version was created, in ISO 8601 format. For example, 2018-11-27T15:10:45.123+0000. @@ -15646,6 +16703,8 @@ type ListEventSourceMappingsInput struct { // * Amazon Managed Streaming for Apache Kafka – The ARN of the cluster. // // * Amazon MQ – The ARN of the broker. + // + // * Amazon DocumentDB – The ARN of the DocumentDB change stream. EventSourceArn *string `location:"querystring" locationName:"EventSourceArn" type:"string"` // The name of the Lambda function. @@ -16256,6 +17315,9 @@ type ListLayerVersionsInput struct { CompatibleArchitecture *string `location:"querystring" locationName:"CompatibleArchitecture" type:"string" enum:"Architecture"` // A runtime identifier. For example, go1.x. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). CompatibleRuntime *string `location:"querystring" locationName:"CompatibleRuntime" type:"string" enum:"Runtime"` // The name or Amazon Resource Name (ARN) of the layer. @@ -16384,6 +17446,9 @@ type ListLayersInput struct { CompatibleArchitecture *string `location:"querystring" locationName:"CompatibleArchitecture" type:"string" enum:"Architecture"` // A runtime identifier. For example, go1.x. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). CompatibleRuntime *string `location:"querystring" locationName:"CompatibleRuntime" type:"string" enum:"Runtime"` // A pagination token returned by a previous call. @@ -17181,6 +18246,9 @@ type PublishLayerVersionInput struct { // A list of compatible function runtimes (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). // Used for filtering with ListLayers and ListLayerVersions. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). CompatibleRuntimes []*string `type:"list" enum:"Runtime"` // The function layer archive. @@ -17292,6 +18360,9 @@ type PublishLayerVersionOutput struct { CompatibleArchitectures []*string `type:"list" enum:"Architecture"` // The layer's compatible runtimes. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). CompatibleRuntimes []*string `type:"list" enum:"Runtime"` // Details about the layer version. @@ -17726,9 +18797,9 @@ type PutFunctionEventInvokeConfigInput struct { // // * Function - The Amazon Resource Name (ARN) of a Lambda function. // - // * Queue - The ARN of an SQS queue. + // * Queue - The ARN of a standard SQS queue. // - // * Topic - The ARN of an SNS topic. + // * Topic - The ARN of a standard SNS topic. // // * Event Bus - The ARN of an Amazon EventBridge event bus. DestinationConfig *DestinationConfig `type:"structure"` @@ -17839,9 +18910,9 @@ type PutFunctionEventInvokeConfigOutput struct { // // * Function - The Amazon Resource Name (ARN) of a Lambda function. // - // * Queue - The ARN of an SQS queue. + // * Queue - The ARN of a standard SQS queue. // - // * Topic - The ARN of an SNS topic. + // * Topic - The ARN of a standard SNS topic. // // * Event Bus - The ARN of an Amazon EventBridge event bus. DestinationConfig *DestinationConfig `type:"structure"` @@ -18256,6 +19327,75 @@ func (s *PutRuntimeManagementConfigOutput) SetUpdateRuntimeOn(v string) *PutRunt return s } +// Lambda has detected your function being invoked in a recursive loop with +// other Amazon Web Services resources and stopped your function's invocation. +type RecursiveInvocationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // The exception message. + Message_ *string `locationName:"Message" type:"string"` + + // The exception type. + Type *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecursiveInvocationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecursiveInvocationException) GoString() string { + return s.String() +} + +func newErrorRecursiveInvocationException(v protocol.ResponseMetadata) error { + return &RecursiveInvocationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *RecursiveInvocationException) Code() string { + return "RecursiveInvocationException" +} + +// Message returns the exception's message. +func (s *RecursiveInvocationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *RecursiveInvocationException) OrigErr() error { + return nil +} + +func (s *RecursiveInvocationException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *RecursiveInvocationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *RecursiveInvocationException) RequestID() string { + return s.RespMetadata.RequestID +} + type RemoveLayerVersionPermissionInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -20195,16 +21335,21 @@ type UpdateEventSourceMappingInput struct { // * Self-managed Apache Kafka – Default 100. Max 10,000. // // * Amazon MQ (ActiveMQ and RabbitMQ) – Default 100. Max 10,000. + // + // * DocumentDB – Default 100. Max 10,000. BatchSize *int64 `min:"1" type:"integer"` - // (Streams only) If the function returns an error, split the batch in two and - // retry. + // (Kinesis and DynamoDB Streams only) If the function returns an error, split + // the batch in two and retry. BisectBatchOnFunctionError *bool `type:"boolean"` - // (Streams only) An Amazon SQS queue or Amazon SNS topic destination for discarded - // records. + // (Kinesis and DynamoDB Streams only) A standard Amazon SQS queue or standard + // Amazon SNS topic destination for discarded records. DestinationConfig *DestinationConfig `type:"structure"` + // Specific configuration settings for a DocumentDB event source. + DocumentDBEventSourceConfig *DocumentDBEventSourceConfig `type:"structure"` + // When true, the event source mapping is active. When false, Lambda pauses // polling and invocation. // @@ -20232,8 +21377,8 @@ type UpdateEventSourceMappingInput struct { // function name, it's limited to 64 characters in length. FunctionName *string `min:"1" type:"string"` - // (Streams and Amazon SQS) A list of current response type enums applied to - // the event source mapping. + // (Kinesis, DynamoDB Streams, and Amazon SQS) A list of current response type + // enums applied to the event source mapping. FunctionResponseTypes []*string `type:"list" enum:"FunctionResponseType"` // The maximum amount of time, in seconds, that Lambda spends gathering records @@ -20241,28 +21386,29 @@ type UpdateEventSourceMappingInput struct { // to any value from 0 seconds to 300 seconds in increments of seconds. // // For streams and Amazon SQS event sources, the default batching window is - // 0 seconds. For Amazon MSK, Self-managed Apache Kafka, and Amazon MQ event - // sources, the default batching window is 500 ms. Note that because you can - // only change MaximumBatchingWindowInSeconds in increments of seconds, you - // cannot revert back to the 500 ms default batching window after you have changed - // it. To restore the default batching window, you must create a new event source - // mapping. + // 0 seconds. For Amazon MSK, Self-managed Apache Kafka, Amazon MQ, and DocumentDB + // event sources, the default batching window is 500 ms. Note that because you + // can only change MaximumBatchingWindowInSeconds in increments of seconds, + // you cannot revert back to the 500 ms default batching window after you have + // changed it. To restore the default batching window, you must create a new + // event source mapping. // // Related setting: For streams and Amazon SQS event sources, when you set BatchSize // to a value greater than 10, you must set MaximumBatchingWindowInSeconds to // at least 1. MaximumBatchingWindowInSeconds *int64 `type:"integer"` - // (Streams only) Discard records older than the specified age. The default - // value is infinite (-1). + // (Kinesis and DynamoDB Streams only) Discard records older than the specified + // age. The default value is infinite (-1). MaximumRecordAgeInSeconds *int64 `type:"integer"` - // (Streams only) Discard records after the specified number of retries. The - // default value is infinite (-1). When set to infinite (-1), failed records - // are retried until the record expires. + // (Kinesis and DynamoDB Streams only) Discard records after the specified number + // of retries. The default value is infinite (-1). When set to infinite (-1), + // failed records are retried until the record expires. MaximumRetryAttempts *int64 `type:"integer"` - // (Streams only) The number of batches to process from each shard concurrently. + // (Kinesis and DynamoDB Streams only) The number of batches to process from + // each shard concurrently. ParallelizationFactor *int64 `min:"1" type:"integer"` // (Amazon SQS only) The scaling configuration for the event source. For more @@ -20274,8 +21420,9 @@ type UpdateEventSourceMappingInput struct { // your event source. SourceAccessConfigurations []*SourceAccessConfiguration `type:"list"` - // (Streams only) The duration in seconds of a processing window. The range - // is between 1 second and 900 seconds. + // (Kinesis and DynamoDB Streams only) The duration in seconds of a processing + // window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds + // indicates no tumbling window. TumblingWindowInSeconds *int64 `type:"integer"` // The identifier of the event source mapping. @@ -20326,6 +21473,11 @@ func (s *UpdateEventSourceMappingInput) Validate() error { if s.UUID != nil && len(*s.UUID) < 1 { invalidParams.Add(request.NewErrParamMinLen("UUID", 1)) } + if s.DocumentDBEventSourceConfig != nil { + if err := s.DocumentDBEventSourceConfig.Validate(); err != nil { + invalidParams.AddNested("DocumentDBEventSourceConfig", err.(request.ErrInvalidParams)) + } + } if s.ScalingConfig != nil { if err := s.ScalingConfig.Validate(); err != nil { invalidParams.AddNested("ScalingConfig", err.(request.ErrInvalidParams)) @@ -20366,6 +21518,12 @@ func (s *UpdateEventSourceMappingInput) SetDestinationConfig(v *DestinationConfi return s } +// SetDocumentDBEventSourceConfig sets the DocumentDBEventSourceConfig field's value. +func (s *UpdateEventSourceMappingInput) SetDocumentDBEventSourceConfig(v *DocumentDBEventSourceConfig) *UpdateEventSourceMappingInput { + s.DocumentDBEventSourceConfig = v + return s +} + // SetEnabled sets the Enabled field's value. func (s *UpdateEventSourceMappingInput) SetEnabled(v bool) *UpdateEventSourceMappingInput { s.Enabled = &v @@ -20657,9 +21815,15 @@ type UpdateFunctionConfigurationInput struct { // that override the values in the container image Docker file. ImageConfig *ImageConfig `type:"structure"` - // The ARN of the Key Management Service (KMS) key that's used to encrypt your - // function's environment variables. If it's not provided, Lambda uses a default - // service key. + // The ARN of the Key Management Service (KMS) customer managed key that's used + // to encrypt your function's environment variables (https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). + // When Lambda SnapStart (https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) + // is activated, Lambda also uses this key is to encrypt your function's snapshot. + // If you deploy your function using a container image, Lambda also uses this + // key to encrypt your function when it's deployed. Note that this is not the + // same key that's used to protect your container image in the Amazon Elastic + // Container Registry (Amazon ECR). If you don't provide a customer managed + // key, Lambda uses a default service key. KMSKeyArn *string `type:"string"` // A list of function layers (https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) @@ -20682,6 +21846,9 @@ type UpdateFunctionConfigurationInput struct { // The identifier of the function's runtime (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). // Runtime is required if the deployment package is a .zip file archive. + // + // The following list includes deprecated runtimes. For more information, see + // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). Runtime *string `type:"string" enum:"Runtime"` // The function's SnapStart (https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) @@ -20877,9 +22044,9 @@ type UpdateFunctionEventInvokeConfigInput struct { // // * Function - The Amazon Resource Name (ARN) of a Lambda function. // - // * Queue - The ARN of an SQS queue. + // * Queue - The ARN of a standard SQS queue. // - // * Topic - The ARN of an SNS topic. + // * Topic - The ARN of a standard SNS topic. // // * Event Bus - The ARN of an Amazon EventBridge event bus. DestinationConfig *DestinationConfig `type:"structure"` @@ -20990,9 +22157,9 @@ type UpdateFunctionEventInvokeConfigOutput struct { // // * Function - The Amazon Resource Name (ARN) of a Lambda function. // - // * Queue - The ARN of an SQS queue. + // * Queue - The ARN of a standard SQS queue. // - // * Topic - The ARN of an SNS topic. + // * Topic - The ARN of a standard SNS topic. // // * Event Bus - The ARN of an Amazon EventBridge event bus. DestinationConfig *DestinationConfig `type:"structure"` @@ -21062,9 +22229,9 @@ type UpdateFunctionUrlConfigInput struct { _ struct{} `type:"structure"` // The type of authentication that your function URL uses. Set to AWS_IAM if - // you want to restrict access to authenticated IAM users only. Set to NONE - // if you want to bypass IAM authentication to create a public endpoint. For - // more information, see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + // you want to restrict access to authenticated users only. Set to NONE if you + // want to bypass IAM authentication to create a public endpoint. For more information, + // see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). AuthType *string `type:"string" enum:"FunctionUrlAuthType"` // The cross-origin resource sharing (CORS) (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) @@ -21087,6 +22254,18 @@ type UpdateFunctionUrlConfigInput struct { // FunctionName is a required field FunctionName *string `location:"uri" locationName:"FunctionName" min:"1" type:"string" required:"true"` + // Use one of the following options: + // + // * BUFFERED – This is the default option. Lambda invokes your function + // using the Invoke API operation. Invocation results are available when + // the payload is complete. The maximum payload size is 6 MB. + // + // * RESPONSE_STREAM – Your function streams payload results as they become + // available. Lambda invokes your function using the InvokeWithResponseStream + // API operation. The maximum response payload size is 20 MB, however, you + // can request a quota increase (https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html). + InvokeMode *string `type:"string" enum:"InvokeMode"` + // The alias name. Qualifier *string `location:"querystring" locationName:"Qualifier" min:"1" type:"string"` } @@ -21146,6 +22325,12 @@ func (s *UpdateFunctionUrlConfigInput) SetFunctionName(v string) *UpdateFunction return s } +// SetInvokeMode sets the InvokeMode field's value. +func (s *UpdateFunctionUrlConfigInput) SetInvokeMode(v string) *UpdateFunctionUrlConfigInput { + s.InvokeMode = &v + return s +} + // SetQualifier sets the Qualifier field's value. func (s *UpdateFunctionUrlConfigInput) SetQualifier(v string) *UpdateFunctionUrlConfigInput { s.Qualifier = &v @@ -21156,9 +22341,9 @@ type UpdateFunctionUrlConfigOutput struct { _ struct{} `type:"structure"` // The type of authentication that your function URL uses. Set to AWS_IAM if - // you want to restrict access to authenticated IAM users only. Set to NONE - // if you want to bypass IAM authentication to create a public endpoint. For - // more information, see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). + // you want to restrict access to authenticated users only. Set to NONE if you + // want to bypass IAM authentication to create a public endpoint. For more information, + // see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). // // AuthType is a required field AuthType *string `type:"string" required:"true" enum:"FunctionUrlAuthType"` @@ -21183,6 +22368,18 @@ type UpdateFunctionUrlConfigOutput struct { // FunctionUrl is a required field FunctionUrl *string `min:"40" type:"string" required:"true"` + // Use one of the following options: + // + // * BUFFERED – This is the default option. Lambda invokes your function + // using the Invoke API operation. Invocation results are available when + // the payload is complete. The maximum payload size is 6 MB. + // + // * RESPONSE_STREAM – Your function streams payload results as they become + // available. Lambda invokes your function using the InvokeWithResponseStream + // API operation. The maximum response payload size is 20 MB, however, you + // can request a quota increase (https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html). + InvokeMode *string `type:"string" enum:"InvokeMode"` + // When the function URL configuration was last updated, in ISO-8601 format // (https://www.w3.org/TR/NOTE-datetime) (YYYY-MM-DDThh:mm:ss.sTZD). // @@ -21238,6 +22435,12 @@ func (s *UpdateFunctionUrlConfigOutput) SetFunctionUrl(v string) *UpdateFunction return s } +// SetInvokeMode sets the InvokeMode field's value. +func (s *UpdateFunctionUrlConfigOutput) SetInvokeMode(v string) *UpdateFunctionUrlConfigOutput { + s.InvokeMode = &v + return s +} + // SetLastModifiedTime sets the LastModifiedTime field's value. func (s *UpdateFunctionUrlConfigOutput) SetLastModifiedTime(v string) *UpdateFunctionUrlConfigOutput { s.LastModifiedTime = &v @@ -21401,6 +22604,22 @@ func EventSourcePosition_Values() []string { } } +const ( + // FullDocumentUpdateLookup is a FullDocument enum value + FullDocumentUpdateLookup = "UpdateLookup" + + // FullDocumentDefault is a FullDocument enum value + FullDocumentDefault = "Default" +) + +// FullDocument_Values returns all elements of the FullDocument enum +func FullDocument_Values() []string { + return []string{ + FullDocumentUpdateLookup, + FullDocumentDefault, + } +} + const ( // FunctionResponseTypeReportBatchItemFailures is a FunctionResponseType enum value FunctionResponseTypeReportBatchItemFailures = "ReportBatchItemFailures" @@ -21461,6 +22680,22 @@ func InvocationType_Values() []string { } } +const ( + // InvokeModeBuffered is a InvokeMode enum value + InvokeModeBuffered = "BUFFERED" + + // InvokeModeResponseStream is a InvokeMode enum value + InvokeModeResponseStream = "RESPONSE_STREAM" +) + +// InvokeMode_Values returns all elements of the InvokeMode enum +func InvokeMode_Values() []string { + return []string{ + InvokeModeBuffered, + InvokeModeResponseStream, + } +} + const ( // LastUpdateStatusSuccessful is a LastUpdateStatus enum value LastUpdateStatusSuccessful = "Successful" @@ -21625,6 +22860,22 @@ func ProvisionedConcurrencyStatusEnum_Values() []string { } } +const ( + // ResponseStreamingInvocationTypeRequestResponse is a ResponseStreamingInvocationType enum value + ResponseStreamingInvocationTypeRequestResponse = "RequestResponse" + + // ResponseStreamingInvocationTypeDryRun is a ResponseStreamingInvocationType enum value + ResponseStreamingInvocationTypeDryRun = "DryRun" +) + +// ResponseStreamingInvocationType_Values returns all elements of the ResponseStreamingInvocationType enum +func ResponseStreamingInvocationType_Values() []string { + return []string{ + ResponseStreamingInvocationTypeRequestResponse, + ResponseStreamingInvocationTypeDryRun, + } +} + const ( // RuntimeNodejs is a Runtime enum value RuntimeNodejs = "nodejs" @@ -21709,6 +22960,15 @@ const ( // RuntimeNodejs18X is a Runtime enum value RuntimeNodejs18X = "nodejs18.x" + + // RuntimePython310 is a Runtime enum value + RuntimePython310 = "python3.10" + + // RuntimeJava17 is a Runtime enum value + RuntimeJava17 = "java17" + + // RuntimeRuby32 is a Runtime enum value + RuntimeRuby32 = "ruby3.2" ) // Runtime_Values returns all elements of the Runtime enum @@ -21742,6 +23002,9 @@ func Runtime_Values() []string { RuntimeProvided, RuntimeProvidedAl2, RuntimeNodejs18X, + RuntimePython310, + RuntimeJava17, + RuntimeRuby32, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/lambda/errors.go b/vendor/github.com/aws/aws-sdk-go/service/lambda/errors.go index 59bd155..98b8900 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/lambda/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/lambda/errors.go @@ -178,6 +178,13 @@ const ( // The specified configuration does not exist. ErrCodeProvisionedConcurrencyConfigNotFoundException = "ProvisionedConcurrencyConfigNotFoundException" + // ErrCodeRecursiveInvocationException for service response error code + // "RecursiveInvocationException". + // + // Lambda has detected your function being invoked in a recursive loop with + // other Amazon Web Services resources and stopped your function's invocation. + ErrCodeRecursiveInvocationException = "RecursiveInvocationException" + // ErrCodeRequestTooLargeException for service response error code // "RequestTooLargeException". // @@ -286,6 +293,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "PolicyLengthExceededException": newErrorPolicyLengthExceededException, "PreconditionFailedException": newErrorPreconditionFailedException, "ProvisionedConcurrencyConfigNotFoundException": newErrorProvisionedConcurrencyConfigNotFoundException, + "RecursiveInvocationException": newErrorRecursiveInvocationException, "RequestTooLargeException": newErrorRequestTooLargeException, "ResourceConflictException": newErrorResourceConflictException, "ResourceInUseException": newErrorResourceInUseException, diff --git a/vendor/github.com/aws/aws-sdk-go/service/lambda/service.go b/vendor/github.com/aws/aws-sdk-go/service/lambda/service.go index 8937161..355a67b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/lambda/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/lambda/service.go @@ -85,6 +85,9 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), ) + svc.Handlers.BuildStream.PushBackNamed(restjson.BuildHandler) + svc.Handlers.UnmarshalStream.PushBackNamed(restjson.UnmarshalHandler) + // Run custom client initialization if present if initClient != nil { initClient(svc.Client) diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go index b09fd7c..1409058 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go @@ -388,6 +388,10 @@ func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *requ // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -899,7 +903,8 @@ func (c *Organizations) CloseAccountRequest(input *CloseAccountInput) (req *requ // CloseAccount API operation for AWS Organizations. // // Closes an Amazon Web Services member account within an organization. You -// can't close the management account with this API. This is an asynchronous +// can close an account when all features are enabled (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html). +// You can't close the management account with this API. This is an asynchronous // request that Amazon Web Services performs in the background. Because CloseAccount // operates asynchronously, it can return a successful completion message even // though account closure might still be in progress. You need to wait a few @@ -917,10 +922,12 @@ func (c *Organizations) CloseAccountRequest(input *CloseAccountInput) (req *requ // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration) // in the Organizations User Guide. // -// - You can only close 10% of active member accounts within a rolling 30 -// day period. This quota is not bound by a calendar month, but starts when -// you close an account. Within 30 days of that initial account closure, -// you can't exceed the 10% account closure limit. +// - You can close only 10% of member accounts, between 10 and 200, within +// a rolling 30 day period. This quota is not bound by a calendar month, +// but starts when you close an account. After you reach this limit, you +// can close additional accounts in the Billing console. For more information, +// see Closing an account (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/close-account.html) +// in the Amazon Web Services Billing and Cost Management User Guide. // // - To reinstate a closed account, contact Amazon Web Services Support within // the 90-day grace period while the account is in SUSPENDED status. @@ -997,6 +1004,10 @@ func (c *Organizations) CloseAccountRequest(input *CloseAccountInput) (req *requ // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -1408,6 +1419,10 @@ func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *re // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -1868,6 +1883,10 @@ func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccoun // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -2232,6 +2251,10 @@ func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -2590,6 +2613,10 @@ func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizatio // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -2946,6 +2973,10 @@ func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *requ // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -4094,6 +4125,10 @@ func (c *Organizations) DeleteResourcePolicyRequest(input *DeleteResourcePolicyI // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -4376,6 +4411,10 @@ func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *Deregiste // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -5104,6 +5143,10 @@ func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectiveP // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -6077,7 +6120,8 @@ func (c *Organizations) DescribeResourcePolicyRequest(input *DescribeResourcePol // Retrieves information about a resource policy. // // You can only call this operation from the organization's management account -// or by a member account that is a delegated administrator for an AWS service. +// or by a member account that is a delegated administrator for an Amazon Web +// Services service. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6143,6 +6187,10 @@ func (c *Organizations) DescribeResourcePolicyRequest(input *DescribeResourcePol // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -6411,6 +6459,10 @@ func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *requ // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -6824,6 +6876,10 @@ func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceA // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -7183,6 +7239,10 @@ func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -7561,6 +7621,10 @@ func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAcc // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -8173,6 +8237,10 @@ func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (r // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -8614,6 +8682,10 @@ func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountT // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -9011,6 +9083,10 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -9371,6 +9447,10 @@ func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAW // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -10763,6 +10843,10 @@ func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedA // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -11174,6 +11258,10 @@ func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelega // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -14104,6 +14192,10 @@ func (c *Organizations) PutResourcePolicyRequest(input *PutResourcePolicyInput) // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -14380,6 +14472,10 @@ func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDel // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -14764,6 +14860,10 @@ func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccoun // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -15126,6 +15226,10 @@ func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *reques // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -15483,6 +15587,10 @@ func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *re // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -16019,6 +16127,10 @@ func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *requ // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -17589,6 +17701,10 @@ func (s *ConflictException) RequestID() string { // - ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // +// - ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or +// your account isn't fully active. You must complete the account setup before +// you create an organization. +// // - ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) @@ -17876,9 +17992,9 @@ type CreateAccountInput struct { // information about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) // in the Organizations User Guide. // - // If any one of the tags is invalid or if you exceed the maximum allowed number - // of tags for an account, then the entire request fails and the account is - // not created. + // If any one of the tags is not valid or if you exceed the maximum allowed + // number of tags for an account, then the entire request fails and the account + // is not created. Tags []*Tag `type:"list"` } @@ -18325,9 +18441,9 @@ type CreateGovCloudAccountInput struct { // information about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) // in the Organizations User Guide. // - // If any one of the tags is invalid or if you exceed the maximum allowed number - // of tags for an account, then the entire request fails and the account is - // not created. + // If any one of the tags is not valid or if you exceed the maximum allowed + // number of tags for an account, then the entire request fails and the account + // is not created. Tags []*Tag `type:"list"` } @@ -18551,7 +18667,7 @@ type CreateOrganizationalUnitInput struct { // about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) // in the Organizations User Guide. // - // If any one of the tags is invalid or if you exceed the allowed number of + // If any one of the tags is not valid or if you exceed the allowed number of // tags for an OU, then the entire request fails and the OU is not created. Tags []*Tag `type:"list"` } @@ -18681,7 +18797,7 @@ type CreatePolicyInput struct { // about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) // in the Organizations User Guide. // - // If any one of the tags is invalid or if you exceed the allowed number of + // If any one of the tags is not valid or if you exceed the allowed number of // tags for a policy, then the entire request fails and the policy is not created. Tags []*Tag `type:"list"` @@ -21941,7 +22057,7 @@ type InviteAccountToOrganizationInput struct { // policy changes between the invitation and the acceptance, then that tags // could potentially be non-compliant. // - // If any one of the tags is invalid or if you exceed the allowed number of + // If any one of the tags is not valid or if you exceed the allowed number of // tags for an account, then the entire request fails and invitations are not // sent. Tags []*Tag `type:"list"` @@ -25583,14 +25699,14 @@ type PutResourcePolicyInput struct { // Content is a required field Content *string `min:"1" type:"string" required:"true"` - // Updates the list of tags that you want to attach to the newly-created resource - // policy. For each tag in the list, you must specify both a tag key and a value. - // You can set the value to an empty string, but you can't set it to null. For - // more information about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) + // A list of tags that you want to attach to the newly created resource policy. + // For each tag in the list, you must specify both a tag key and a value. You + // can set the value to an empty string, but you can't set it to null. For more + // information about tagging, see Tagging Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) // in the Organizations User Guide. // // Calls with tags apply to the initial creation of the resource policy, otherwise - // an exception is thrown. If any one of the tags is invalid or if you exceed + // an exception is thrown. If any one of the tags is not valid or if you exceed // the allowed number of tags for the resource policy, then the entire request // fails and the resource policy is not created. Tags []*Tag `type:"list"` @@ -26361,8 +26477,8 @@ type TagResourceInput struct { // For each tag in the list, you must specify both a tag key and a value. The // value can be an empty string, but you can't set it to null. // - // If any one of the tags is invalid or if you exceed the maximum allowed number - // of tags for a resource, then the entire request fails. + // If any one of the tags is not valid or if you exceed the maximum allowed + // number of tags for a resource, then the entire request fails. // // Tags is a required field Tags []*Tag `type:"list" required:"true"` @@ -27149,6 +27265,9 @@ const ( // ConstraintViolationExceptionReasonInvalidPaymentInstrument is a ConstraintViolationExceptionReason enum value ConstraintViolationExceptionReasonInvalidPaymentInstrument = "INVALID_PAYMENT_INSTRUMENT" + + // ConstraintViolationExceptionReasonAccountCreationNotComplete is a ConstraintViolationExceptionReason enum value + ConstraintViolationExceptionReasonAccountCreationNotComplete = "ACCOUNT_CREATION_NOT_COMPLETE" ) // ConstraintViolationExceptionReason_Values returns all elements of the ConstraintViolationExceptionReason enum @@ -27187,6 +27306,7 @@ func ConstraintViolationExceptionReason_Values() []string { ConstraintViolationExceptionReasonCloseAccountRequestsLimitExceeded, ConstraintViolationExceptionReasonServiceAccessNotEnabled, ConstraintViolationExceptionReasonInvalidPaymentInstrument, + ConstraintViolationExceptionReasonAccountCreationNotComplete, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go index 9174ef3..70a0d29 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go @@ -126,6 +126,10 @@ const ( // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number // of accounts that you can create in one day. // + // * ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or + // your account isn't fully active. You must complete the account setup before + // you create an organization. + // // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on // the number of accounts in an organization. If you need more accounts, // contact Amazon Web Services Support (https://docs.aws.amazon.com/support/home#/) diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/api.go b/vendor/github.com/aws/aws-sdk-go/service/rds/api.go index 724871c..4331fbd 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/api.go @@ -711,8 +711,9 @@ func (c *RDS) CancelExportTaskRequest(input *CancelExportTaskInput) (req *reques // CancelExportTask API operation for Amazon Relational Database Service. // -// Cancels an export task in progress that is exporting a snapshot to Amazon -// S3. Any data that has already been written to the S3 bucket isn't removed. +// Cancels an export task in progress that is exporting a snapshot or cluster +// to Amazon S3. Any data that has already been written to the S3 bucket isn't +// removed. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -916,8 +917,8 @@ func (c *RDS) CopyDBClusterSnapshotRequest(input *CopyDBClusterSnapshotInput) (r // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1443,6 +1444,9 @@ func (c *RDS) CreateCustomDBEngineVersionRequest(input *CreateCustomDBEngineVers // - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" // An error occurred accessing an Amazon Web Services KMS key. // +// - ErrCodeCreateCustomDBEngineVersionFault "CreateCustomDBEngineVersionFault" +// An error occurred while trying to create the CEV. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateCustomDBEngineVersion func (c *RDS) CreateCustomDBEngineVersion(input *CreateCustomDBEngineVersionInput) (*CreateCustomDBEngineVersionOutput, error) { req, out := c.CreateCustomDBEngineVersionRequest(input) @@ -1510,15 +1514,22 @@ func (c *RDS) CreateDBClusterRequest(input *CreateDBClusterInput) (req *request. // // Creates a new Amazon Aurora DB cluster or Multi-AZ DB cluster. // -// You can use the ReplicationSourceIdentifier parameter to create an Amazon -// Aurora DB cluster as a read replica of another DB cluster or Amazon RDS MySQL -// or PostgreSQL DB instance. +// If you create an Aurora DB cluster, the request creates an empty cluster. +// You must explicitly create the writer instance for your DB cluster using +// the CreateDBInstance (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) +// operation. If you create a Multi-AZ DB cluster, the request creates a writer +// and two reader DB instances for you, each in a different Availability Zone. // -// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// You can use the ReplicationSourceIdentifier parameter to create an Amazon +// Aurora DB cluster as a read replica of another DB cluster or Amazon RDS for +// MySQL or PostgreSQL DB instance. For more information about Amazon Aurora, +// see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// You can also use the ReplicationSourceIdentifier parameter to create a Multi-AZ +// DB cluster read replica with an RDS for MySQL or PostgreSQL DB instance as +// the source. For more information about Multi-AZ DB clusters, see Multi-AZ +// DB cluster deployments (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1790,8 +1801,8 @@ func (c *RDS) CreateDBClusterParameterGroupRequest(input *CreateDBClusterParamet // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1880,8 +1891,8 @@ func (c *RDS) CreateDBClusterSnapshotRequest(input *CreateDBClusterSnapshotInput // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2044,7 +2055,7 @@ func (c *RDS) CreateDBInstanceRequest(input *CreateDBInstanceInput) (req *reques // DBClusterIdentifier doesn't refer to an existing DB cluster. // // - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// The specified StorageType can't be associated with the DB instance. // // - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" // The specified CIDR IP range or Amazon EC2 security group might not be authorized @@ -2134,19 +2145,22 @@ func (c *RDS) CreateDBInstanceReadReplicaRequest(input *CreateDBInstanceReadRepl // CreateDBInstanceReadReplica API operation for Amazon Relational Database Service. // // Creates a new DB instance that acts as a read replica for an existing source -// DB instance. You can create a read replica for a DB instance running MySQL, -// MariaDB, Oracle, PostgreSQL, or SQL Server. For more information, see Working -// with Read Replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) +// DB instance or Multi-AZ DB cluster. You can create a read replica for a DB +// instance running MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server. You can +// create a read replica for a Multi-AZ DB cluster running MySQL or PostgreSQL. +// For more information, see Working with read replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) +// and Migrating from a Multi-AZ DB cluster to a DB instance using a read replica +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html#multi-az-db-clusters-migrating-to-instance-with-read-replica) // in the Amazon RDS User Guide. // // Amazon Aurora doesn't support this operation. Call the CreateDBInstance operation // to create a DB instance for an Aurora DB cluster. // // All read replica DB instances are created with backups disabled. All other -// DB instance attributes (including DB security groups and DB parameter groups) -// are inherited from the source DB instance, except as specified. +// attributes (including DB security groups and DB parameter groups) are inherited +// from the source DB instance or cluster, except as specified. // -// Your source DB instance must have backup retention enabled. +// Your source DB instance or cluster must have backup retention enabled. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2180,9 +2194,15 @@ func (c *RDS) CreateDBInstanceReadReplicaRequest(input *CreateDBInstanceReadRepl // - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" // DBInstanceIdentifier doesn't refer to an existing DB instance. // +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// // - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" // The DB instance isn't in a valid state. // +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// // - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" // DBSubnetGroupName doesn't refer to an existing DB subnet group. // @@ -2213,7 +2233,7 @@ func (c *RDS) CreateDBInstanceReadReplicaRequest(input *CreateDBInstanceReadRepl // read replica of the same source instance. // // - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// The specified StorageType can't be associated with the DB instance. // // - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" // An error occurred accessing an Amazon Web Services KMS key. @@ -3369,11 +3389,14 @@ func (c *RDS) DeleteDBClusterRequest(input *DeleteDBClusterInput) (req *request. // and can't be recovered. Manual DB cluster snapshots of the specified DB cluster // are not deleted. // +// If you're deleting a Multi-AZ DB cluster with read replicas, all cluster +// members are terminated and read replicas are promoted to standalone instances. +// // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3560,8 +3583,8 @@ func (c *RDS) DeleteDBClusterParameterGroupRequest(input *DeleteDBClusterParamet // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3654,8 +3677,8 @@ func (c *RDS) DeleteDBClusterSnapshotRequest(input *DeleteDBClusterSnapshotInput // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5465,8 +5488,8 @@ func (c *RDS) DescribeDBClusterParameterGroupsRequest(input *DescribeDBClusterPa // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5608,8 +5631,8 @@ func (c *RDS) DescribeDBClusterParametersRequest(input *DescribeDBClusterParamet // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5842,8 +5865,8 @@ func (c *RDS) DescribeDBClusterSnapshotsRequest(input *DescribeDBClusterSnapshot // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5979,15 +6002,15 @@ func (c *RDS) DescribeDBClustersRequest(input *DescribeDBClustersInput) (req *re // DescribeDBClusters API operation for Amazon Relational Database Service. // -// Returns information about Amazon Aurora DB clusters and Multi-AZ DB clusters. -// This API supports pagination. +// Describes existing Amazon Aurora DB clusters and Multi-AZ DB clusters. This +// API supports pagination. // // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // This operation can also return information for Amazon Neptune DB instances @@ -6397,7 +6420,7 @@ func (c *RDS) DescribeDBInstancesRequest(input *DescribeDBInstancesInput) (req * // DescribeDBInstances API operation for Amazon Relational Database Service. // -// Returns information about provisioned RDS instances. This API supports pagination. +// Describes provisioned RDS instances. This API supports pagination. // // This operation can also return information for Amazon Neptune DB instances // and Amazon DocumentDB instances. @@ -8587,8 +8610,8 @@ func (c *RDS) DescribeExportTasksRequest(input *DescribeExportTasksInput) (req * // DescribeExportTasks API operation for Amazon Relational Database Service. // -// Returns information about a snapshot export to Amazon S3. This API operation -// supports pagination. +// Returns information about a snapshot or cluster export to Amazon S3. This +// API operation supports pagination. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10053,8 +10076,8 @@ func (c *RDS) FailoverDBClusterRequest(input *FailoverDBClusterInput) (req *requ // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -10354,7 +10377,7 @@ func (c *RDS) ModifyActivityStreamRequest(input *ModifyActivityStreamInput) (req // Modifying a database activity stream (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/DBActivityStreams.Modifying.html) // in the Amazon RDS User Guide. // -// This operation is supported for RDS for Oracle only. +// This operation is supported for RDS for Oracle and Microsoft SQL Server. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10743,7 +10766,7 @@ func (c *RDS) ModifyDBClusterRequest(input *ModifyDBClusterInput) (req *request. // ModifyDBCluster API operation for Amazon Relational Database Service. // -// Modify the settings for an Amazon Aurora DB cluster or a Multi-AZ DB cluster. +// Modifies the settings of an Amazon Aurora DB cluster or a Multi-AZ DB cluster. // You can change one or more settings by specifying these parameters and the // new values in the request. // @@ -10751,8 +10774,8 @@ func (c *RDS) ModifyDBClusterRequest(input *ModifyDBClusterInput) (req *request. // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -10801,9 +10824,16 @@ func (c *RDS) ModifyDBClusterRequest(input *ModifyDBClusterInput) (req *request. // - ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" // The user already has a DB cluster with the given identifier. // +// - ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" +// The user already has a DB instance with the given identifier. +// // - ErrCodeDomainNotFoundFault "DomainNotFoundFault" // Domain doesn't refer to an existing Active Directory domain. // +// - ErrCodeStorageTypeNotAvailableFault "StorageTypeNotAvailableFault" +// The aurora-iopt1 storage type isn't available, because you modified the DB +// cluster to use this storage type less than one month ago. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBCluster func (c *RDS) ModifyDBCluster(input *ModifyDBClusterInput) (*ModifyDBClusterOutput, error) { req, out := c.ModifyDBClusterRequest(input) @@ -10988,8 +11018,8 @@ func (c *RDS) ModifyDBClusterParameterGroupRequest(input *ModifyDBClusterParamet // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -11236,7 +11266,7 @@ func (c *RDS) ModifyDBInstanceRequest(input *ModifyDBInstanceInput) (req *reques // The DB upgrade failed because a resource the DB depends on can't be modified. // // - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// The specified StorageType can't be associated with the DB instance. // // - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" // The specified CIDR IP range or Amazon EC2 security group might not be authorized @@ -12524,8 +12554,8 @@ func (c *RDS) RebootDBClusterRequest(input *RebootDBClusterInput) (req *request. // // Use this operation only for a non-Aurora Multi-AZ DB cluster. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -12916,8 +12946,8 @@ func (c *RDS) RemoveRoleFromDBClusterRequest(input *RemoveRoleFromDBClusterInput // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -13290,8 +13320,8 @@ func (c *RDS) ResetDBClusterParameterGroupRequest(input *ResetDBClusterParameter // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -13544,6 +13574,9 @@ func (c *RDS) RestoreDBClusterFromS3Request(input *RestoreDBClusterFromS3Input) // be able to resolve this error by updating your subnet group to use different // Availability Zones that have more storage available. // +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterFromS3 func (c *RDS) RestoreDBClusterFromS3(input *RestoreDBClusterFromS3Input) (*RestoreDBClusterFromS3Output, error) { req, out := c.RestoreDBClusterFromS3Request(input) @@ -13625,8 +13658,8 @@ func (c *RDS) RestoreDBClusterFromSnapshotRequest(input *RestoreDBClusterFromSna // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -13788,8 +13821,8 @@ func (c *RDS) RestoreDBClusterToPointInTimeRequest(input *RestoreDBClusterToPoin // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with -// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -14004,7 +14037,7 @@ func (c *RDS) RestoreDBInstanceFromDBSnapshotRequest(input *RestoreDBInstanceFro // The specified option group could not be found. // // - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// The specified StorageType can't be associated with the DB instance. // // - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" // The specified CIDR IP range or Amazon EC2 security group might not be authorized @@ -14165,7 +14198,7 @@ func (c *RDS) RestoreDBInstanceFromS3Request(input *RestoreDBInstanceFromS3Input // The specified option group could not be found. // // - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// The specified StorageType can't be associated with the DB instance. // // - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" // The specified CIDR IP range or Amazon EC2 security group might not be authorized @@ -14322,7 +14355,7 @@ func (c *RDS) RestoreDBInstanceToPointInTimeRequest(input *RestoreDBInstanceToPo // The specified option group could not be found. // // - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// The specified StorageType can't be associated with the DB instance. // // - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" // The specified CIDR IP range or Amazon EC2 security group might not be authorized @@ -14865,7 +14898,7 @@ func (c *RDS) StartDBInstanceAutomatedBackupsReplicationRequest(input *StartDBIn // quota is the same as your DB Instance quota. // // - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// The specified StorageType can't be associated with the DB instance. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplication func (c *RDS) StartDBInstanceAutomatedBackupsReplication(input *StartDBInstanceAutomatedBackupsReplicationInput) (*StartDBInstanceAutomatedBackupsReplicationOutput, error) { @@ -14932,10 +14965,22 @@ func (c *RDS) StartExportTaskRequest(input *StartExportTaskInput) (req *request. // StartExportTask API operation for Amazon Relational Database Service. // -// Starts an export of a snapshot to Amazon S3. The provided IAM role must have -// access to the S3 bucket. +// Starts an export of DB snapshot or DB cluster data to Amazon S3. The provided +// IAM role must have access to the S3 bucket. // -// This command doesn't apply to RDS Custom. +// You can't export snapshot data from RDS Custom DB instances. +// +// You can't export cluster data from Multi-AZ DB clusters. +// +// For more information on exporting DB snapshot data, see Exporting DB snapshot +// data to Amazon S3 (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ExportSnapshot.html) +// in the Amazon RDS User Guide or Exporting DB cluster snapshot data to Amazon +// S3 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-export-snapshot.html) +// in the Amazon Aurora User Guide. +// +// For more information on exporting DB cluster data, see Exporting DB cluster +// data to Amazon S3 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/export-cluster-data.html) +// in the Amazon Aurora User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16830,7 +16875,7 @@ func (s *BlueGreenDeploymentTask) SetStatus(v string) *BlueGreenDeploymentTask { type CancelExportTaskInput struct { _ struct{} `type:"structure"` - // The identifier of the snapshot export task to cancel. + // The identifier of the snapshot or cluster export task to cancel. // // ExportTaskIdentifier is a required field ExportTaskIdentifier *string `type:"string" required:"true"` @@ -16873,75 +16918,90 @@ func (s *CancelExportTaskInput) SetExportTaskIdentifier(v string) *CancelExportT return s } -// Contains the details of a snapshot export to Amazon S3. +// Contains the details of a snapshot or cluster export to Amazon S3. // // This data type is used as a response element in the DescribeExportTasks action. type CancelExportTaskOutput struct { _ struct{} `type:"structure"` - // The data exported from the snapshot. Valid values are the following: + // The data exported from the snapshot or cluster. Valid values are the following: // // * database - Export all the data from a specified database. // - // * database.table table-name - Export a table of the snapshot. This format - // is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL. + // * database.table table-name - Export a table of the snapshot or cluster. + // This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora + // MySQL. // - // * database.schema schema-name - Export a database schema of the snapshot. - // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. + // * database.schema schema-name - Export a database schema of the snapshot + // or cluster. This format is valid only for RDS for PostgreSQL and Aurora + // PostgreSQL. // // * database.schema.table table-name - Export a table of the database schema. // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. ExportOnly []*string `type:"list"` - // A unique identifier for the snapshot export task. This ID isn't an identifier - // for the Amazon S3 bucket where the snapshot is exported to. + // A unique identifier for the snapshot or cluster export task. This ID isn't + // an identifier for the Amazon S3 bucket where the data is exported. ExportTaskIdentifier *string `type:"string"` // The reason the export failed, if it failed. FailureCause *string `type:"string"` // The name of the IAM role that is used to write to Amazon S3 when exporting - // a snapshot. + // a snapshot or cluster. IamRoleArn *string `type:"string"` // The key identifier of the Amazon Web Services KMS key that is used to encrypt - // the snapshot when it's exported to Amazon S3. The KMS key identifier is its - // key ARN, key ID, alias ARN, or alias name. The IAM role used for the snapshot - // export must have encryption and decryption permissions to use this KMS key. + // the data when it's exported to Amazon S3. The KMS key identifier is its key + // ARN, key ID, alias ARN, or alias name. The IAM role used for the export must + // have encryption and decryption permissions to use this KMS key. KmsKeyId *string `type:"string"` - // The progress of the snapshot export task as a percentage. + // The progress of the snapshot or cluster export task as a percentage. PercentProgress *int64 `type:"integer"` - // The Amazon S3 bucket that the snapshot is exported to. + // The Amazon S3 bucket that the snapshot or cluster is exported to. S3Bucket *string `type:"string"` // The Amazon S3 bucket prefix that is the file name and path of the exported - // snapshot. + // data. S3Prefix *string `type:"string"` // The time that the snapshot was created. SnapshotTime *time.Time `type:"timestamp"` - // The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster exported to Amazon + // S3. SourceArn *string `type:"string"` // The type of source for the export. SourceType *string `type:"string" enum:"ExportSourceType"` - // The progress status of the export task. + // The progress status of the export task. The status can be one of the following: + // + // * CANCELED + // + // * CANCELING + // + // * COMPLETE + // + // * FAILED + // + // * IN_PROGRESS + // + // * STARTING Status *string `type:"string"` - // The time that the snapshot export task completed. + // The time that the snapshot or cluster export task ended. TaskEndTime *time.Time `type:"timestamp"` - // The time that the snapshot export task started. + // The time that the snapshot or cluster export task started. TaskStartTime *time.Time `type:"timestamp"` // The total amount of data exported, in gigabytes. TotalExtractedDataInGB *int64 `type:"integer"` - // A warning about the snapshot export task. + // A warning about the snapshot or cluster export task. WarningMessage *string `type:"string"` } @@ -17338,6 +17398,9 @@ type ClusterPendingModifiedValues struct { // A list of the log types whose configuration is still pending. In other words, // these log types are in the process of being activated or deactivated. PendingCloudwatchLogsExports *PendingCloudwatchLogsExports `type:"structure"` + + // The storage type for the DB cluster. + StorageType *string `type:"string"` } // String returns the string representation. @@ -17406,6 +17469,12 @@ func (s *ClusterPendingModifiedValues) SetPendingCloudwatchLogsExports(v *Pendin return s } +// SetStorageType sets the StorageType field's value. +func (s *ClusterPendingModifiedValues) SetStorageType(v string) *ClusterPendingModifiedValues { + s.StorageType = &v + return s +} + // Specifies the settings that control the size and behavior of the connection // pool associated with a DBProxyTargetGroup. type ConnectionPoolConfiguration struct { @@ -18740,8 +18809,12 @@ type CreateCustomDBEngineVersionInput struct { // EngineVersion is a required field EngineVersion *string `min:"1" type:"string" required:"true"` - // The ID of the AMI. An AMI ID is required to create a CEV for RDS Custom for - // SQL Server. + // The ID of the Amazon Machine Image (AMI). For RDS Custom for SQL Server, + // an AMI ID is required to create a CEV. For RDS Custom for Oracle, the default + // is the most recent AMI available, but you can specify an AMI ID that was + // used in a different Oracle CEV. Find the AMIs used by your CEVs by calling + // the DescribeDBEngineVersions (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBEngineVersions.html) + // operation. ImageId *string `min:"1" type:"string"` // The Amazon Web Services KMS key identifier for an encrypted CEV. A symmetric @@ -19495,16 +19568,16 @@ type CreateDBClusterInput struct { // The amount of storage in gibibytes (GiB) to allocate to each DB instance // in the Multi-AZ DB cluster. // - // This setting is required to create a Multi-AZ DB cluster. + // Valid for Cluster Type: Multi-AZ DB clusters only // - // Valid for: Multi-AZ DB clusters only + // This setting is required to create a Multi-AZ DB cluster. AllocatedStorage *int64 `type:"integer"` - // A value that indicates whether minor engine upgrades are applied automatically - // to the DB cluster during the maintenance window. By default, minor engine - // upgrades are applied automatically. + // Specifies whether minor engine upgrades are applied automatically to the + // DB cluster during the maintenance window. By default, minor engine upgrades + // are applied automatically. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only AutoMinorVersionUpgrade *bool `type:"boolean"` // A list of Availability Zones (AZs) where DB instances in the DB cluster can @@ -19514,46 +19587,49 @@ type CreateDBClusterInput struct { // Choosing the Regions and Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only AvailabilityZones []*string `locationNameList:"AvailabilityZone" type:"list"` // The target backtrack window, in seconds. To disable backtracking, set this // value to 0. // + // Valid for Cluster Type: Aurora MySQL DB clusters only + // // Default: 0 // // Constraints: // // * If specified, this value must be set to a number from 0 to 259,200 (72 // hours). - // - // Valid for: Aurora MySQL DB clusters only BacktrackWindow *int64 `type:"long"` // The number of days for which automated backups are retained. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Default: 1 // // Constraints: // - // * Must be a value from 1 to 35 - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // * Must be a value from 1 to 35. BackupRetentionPeriod *int64 `type:"integer"` - // A value that indicates that the DB cluster should be associated with the - // specified CharacterSet. + // The name of the character set (CharacterSet) to associate the DB cluster + // with. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only CharacterSetName *string `type:"string"` - // A value that indicates whether to copy all tags from the DB cluster to snapshots - // of the DB cluster. The default is not to copy them. + // Specifies whether to copy all tags from the DB cluster to snapshots of the + // DB cluster. The default is not to copy them. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters CopyTagsToSnapshot *bool `type:"boolean"` - // The DB cluster identifier. This parameter is stored as a lowercase string. + // The identifier for this DB cluster. This parameter is stored as a lowercase + // string. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // Constraints: // @@ -19565,8 +19641,6 @@ type CreateDBClusterInput struct { // // Example: my-cluster1 // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters - // // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` @@ -19580,48 +19654,51 @@ type CreateDBClusterInput struct { // // This setting is required to create a Multi-AZ DB cluster. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only DBClusterInstanceClass *string `type:"string"` // The name of the DB cluster parameter group to associate with this DB cluster. - // If you do not specify a value, then the default DB cluster parameter group + // If you don't specify a value, then the default DB cluster parameter group // for the specified DB engine and version is used. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // // * If supplied, must match the name of an existing DB cluster parameter // group. - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters DBClusterParameterGroupName *string `type:"string"` // A DB subnet group to associate with this DB cluster. // // This setting is required to create a Multi-AZ DB cluster. // - // Constraints: Must match the name of an existing DBSubnetGroup. Must not be - // default. + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Example: mydbsubnetgroup + // Constraints: // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // * Must match the name of an existing DB subnet group. + // + // * Must not be default. + // + // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` // Reserved for future use. DBSystemId *string `type:"string"` - // The name for your database of up to 64 alphanumeric characters. If you do - // not provide a name, Amazon RDS doesn't create a database in the DB cluster - // you are creating. + // The name for your database of up to 64 alphanumeric characters. If you don't + // provide a name, Amazon RDS doesn't create a database in the DB cluster you + // are creating. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters DatabaseName *string `type:"string"` - // A value that indicates whether the DB cluster has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection isn't enabled. + // Specifies whether the DB cluster has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters DeletionProtection *bool `type:"boolean"` // DestinationRegion is used for presigning the request to a given region. @@ -19635,33 +19712,28 @@ type CreateDBClusterInput struct { // For more information, see Kerberos authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The name of the IAM role to use when making API calls to the Directory Service. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only DomainIAMRoleName *string `type:"string"` // The list of log types that need to be enabled for exporting to CloudWatch - // Logs. The values in the list depend on the DB engine being used. - // - // RDS for MySQL + // Logs. // - // Possible values are error, general, and slowquery. + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // RDS for PostgreSQL + // The following values are valid for each DB engine: // - // Possible values are postgresql and upgrade. + // * Aurora MySQL - audit | error | general | slowquery // - // Aurora MySQL + // * Aurora PostgreSQL - postgresql // - // Possible values are audit, error, general, and slowquery. + // * RDS for MySQL - error | general | slowquery // - // Aurora PostgreSQL - // - // Possible value is postgresql. + // * RDS for PostgreSQL - postgresql | upgrade // // For more information about exporting CloudWatch Logs for Amazon RDS, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) @@ -19670,27 +19742,25 @@ type CreateDBClusterInput struct { // For more information about exporting CloudWatch Logs for Amazon Aurora, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon Aurora User Guide. - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable this DB cluster to forward write - // operations to the primary cluster of an Aurora global database (GlobalCluster). - // By default, write operations are not allowed on Aurora DB clusters that are - // secondary clusters in an Aurora global database. + // Specifies whether to enable this DB cluster to forward write operations to + // the primary cluster of a global cluster (Aurora global database). By default, + // write operations are not allowed on Aurora DB clusters that are secondary + // clusters in an Aurora global database. // // You can set this value only on Aurora DB clusters that are members of an // Aurora global database. With this parameter enabled, a secondary cluster - // can forward writes to the current primary cluster and the resulting changes + // can forward writes to the current primary cluster, and the resulting changes // are replicated back to this cluster. For the primary DB cluster of an Aurora // global database, this value is used immediately if the primary is demoted - // by the FailoverGlobalCluster API operation, but it does nothing until then. + // by a global cluster API operation, but it does nothing until then. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only EnableGlobalWriteForwarding *bool `type:"boolean"` - // A value that indicates whether to enable the HTTP endpoint for an Aurora - // Serverless v1 DB cluster. By default, the HTTP endpoint is disabled. + // Specifies whether to enable the HTTP endpoint for an Aurora Serverless v1 + // DB cluster. By default, the HTTP endpoint is disabled. // // When enabled, the HTTP endpoint provides a connectionless web service API // for running SQL queries on the Aurora Serverless v1 DB cluster. You can also @@ -19699,92 +19769,60 @@ type CreateDBClusterInput struct { // For more information, see Using the Data API for Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only EnableHttpEndpoint *bool `type:"boolean"` - // A value that indicates whether to enable mapping of Amazon Web Services Identity - // and Access Management (IAM) accounts to database accounts. By default, mapping - // isn't enabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // A value that indicates whether to turn on Performance Insights for the DB - // cluster. + // Specifies whether to turn on Performance Insights for the DB cluster. // // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) // in the Amazon RDS User Guide. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only EnablePerformanceInsights *bool `type:"boolean"` - // The name of the database engine to be used for this DB cluster. - // - // Valid Values: - // - // * aurora (for MySQL 5.6-compatible Aurora) - // - // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + // The database engine to use for this DB cluster. // - // * aurora-postgresql + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // * mysql - // - // * postgres - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid Values: aurora-mysql | aurora-postgresql | mysql | postgres // // Engine is a required field Engine *string `type:"string" required:"true"` - // The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, - // global, or multimaster. - // - // The parallelquery engine mode isn't required for Aurora MySQL version 1.23 - // and higher 1.x versions, and version 2.09 and higher 2.x versions. - // - // The global engine mode isn't required for Aurora MySQL version 1.22 and higher - // 1.x versions, and global engine mode isn't required for any 2.x versions. - // - // The multimaster engine mode only applies for DB clusters created with Aurora - // MySQL version 5.6.10a. + // The DB engine mode of the DB cluster, either provisioned or serverless. // // The serverless engine mode only applies for Aurora Serverless v1 DB clusters. // - // For Aurora PostgreSQL, the global engine mode isn't required, and both the - // parallelquery and the multimaster engine modes currently aren't supported. - // - // Limitations and requirements apply to some DB engine modes. For more information, + // For information about limitations and requirements for Serverless DB clusters, // see the following sections in the Amazon Aurora User Guide: // // * Limitations of Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations) // // * Requirements for Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html) // - // * Limitations of Parallel Query (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations) - // - // * Limitations of Aurora Global Databases (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations) - // - // * Limitations of Multi-Master Clusters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-multi-master.html#aurora-multi-master-limitations) - // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only EngineMode *string `type:"string"` // The version number of the database engine to use. // - // To list all of the available engine versions for MySQL 5.6-compatible Aurora, - // use the following command: - // - // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion" - // - // To list all of the available engine versions for MySQL 5.7-compatible and - // MySQL 8.0-compatible Aurora, use the following command: + // To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) + // and version 3 (MySQL 8.0-compatible), use the following command: // // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // + // You can supply either 5.7 or 8.0 to use the default engine version for Aurora + // MySQL version 2 or version 3, respectively. + // // To list all of the available engine versions for Aurora PostgreSQL, use the // following command: // @@ -19800,49 +19838,44 @@ type CreateDBClusterInput struct { // // aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion" // - // Aurora MySQL - // - // For information, see MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) - // in the Amazon Aurora User Guide. - // - // Aurora PostgreSQL - // - // For information, see Amazon Aurora PostgreSQL releases and engine versions - // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) - // in the Amazon Aurora User Guide. + // For information about a specific engine, see the following topics: // - // MySQL + // * Aurora MySQL - see Database engine updates for Amazon Aurora MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) + // in the Amazon Aurora User Guide. // - // For information, see MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) - // in the Amazon RDS User Guide. + // * Aurora PostgreSQL - see Amazon Aurora PostgreSQL releases and engine + // versions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) + // in the Amazon Aurora User Guide. // - // PostgreSQL + // * RDS for MySQL - see Amazon RDS for MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + // in the Amazon RDS User Guide. // - // For information, see Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) - // in the Amazon RDS User Guide. + // * RDS for PostgreSQL - see Amazon RDS for PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) + // in the Amazon RDS User Guide. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters EngineVersion *string `type:"string"` // The global cluster ID of an Aurora cluster that becomes the primary cluster // in the new global database cluster. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only GlobalClusterIdentifier *string `type:"string"` // The amount of Provisioned IOPS (input/output operations per second) to be // initially allocated for each DB instance in the Multi-AZ DB cluster. // - // For information about valid IOPS values, see Amazon RDS Provisioned IOPS - // storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + // For information about valid IOPS values, see Provisioned IOPS storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) // in the Amazon RDS User Guide. // // This setting is required to create a Multi-AZ DB cluster. // - // Constraints: Must be a multiple between .5 and 50 of the storage amount for - // the DB cluster. + // Valid for Cluster Type: Multi-AZ DB clusters only // - // Valid for: Multi-AZ DB clusters only + // Constraints: + // + // * Must be a multiple between .5 and 50 of the storage amount for the DB + // cluster. Iops *int64 `type:"integer"` // The Amazon Web Services KMS key identifier for an encrypted DB cluster. @@ -19854,26 +19887,26 @@ type CreateDBClusterInput struct { // When a KMS key isn't specified in KmsKeyId: // // * If ReplicationSourceIdentifier identifies an encrypted source, then - // Amazon RDS will use the KMS key used to encrypt the source. Otherwise, - // Amazon RDS will use your default KMS key. + // Amazon RDS uses the KMS key used to encrypt the source. Otherwise, Amazon + // RDS uses your default KMS key. // // * If the StorageEncrypted parameter is enabled and ReplicationSourceIdentifier - // isn't specified, then Amazon RDS will use your default KMS key. + // isn't specified, then Amazon RDS uses your default KMS key. // // There is a default KMS key for your Amazon Web Services account. Your Amazon // Web Services account has a different default KMS key for each Amazon Web // Services Region. // // If you create a read replica of an encrypted DB cluster in another Amazon - // Web Services Region, you must set KmsKeyId to a KMS key identifier that is - // valid in the destination Amazon Web Services Region. This KMS key is used + // Web Services Region, make sure to set KmsKeyId to a KMS key identifier that + // is valid in the destination Amazon Web Services Region. This KMS key is used // to encrypt the read replica in that Amazon Web Services Region. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters KmsKeyId *string `type:"string"` - // A value that indicates whether to manage the master user password with Amazon - // Web Services Secrets Manager. + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. // // For more information, see Password management with Amazon Web Services Secrets // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) @@ -19881,24 +19914,25 @@ type CreateDBClusterInput struct { // Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) // in the Amazon Aurora User Guide. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // // * Can't manage the master user password with Amazon Web Services Secrets // Manager if MasterUserPassword is specified. - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters ManageMasterUserPassword *bool `type:"boolean"` - // The password for the master database user. This password can contain any - // printable ASCII character except "/", """, or "@". + // The password for the master database user. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // Constraints: // // * Must contain from 8 to 41 characters. // - // * Can't be specified if ManageMasterUserPassword is turned on. + // * Can contain any printable ASCII character except "/", """, or "@". // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // * Can't be specified if ManageMasterUserPassword is turned on. MasterUserPassword *string `type:"string"` // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically @@ -19920,11 +19954,13 @@ type CreateDBClusterInput struct { // Web Services account has a different default KMS key for each Amazon Web // Services Region. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters MasterUserSecretKmsKeyId *string `type:"string"` // The name of the master user for the DB cluster. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // // * Must be 1 to 16 letters or numbers. @@ -19932,20 +19968,20 @@ type CreateDBClusterInput struct { // * First character must be a letter. // // * Can't be a reserved word for the chosen database engine. - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters MasterUsername *string `type:"string"` // The interval, in seconds, between points when Enhanced Monitoring metrics // are collected for the DB cluster. To turn off collecting Enhanced Monitoring - // metrics, specify 0. The default is 0. + // metrics, specify 0. // // If MonitoringRoleArn is specified, also set MonitoringInterval to a value // other than 0. // - // Valid Values: 0, 1, 5, 10, 15, 30, 60 + // Valid for Cluster Type: Multi-AZ DB clusters only // - // Valid for: Multi-AZ DB clusters only + // Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60 + // + // Default: 0 MonitoringInterval *int64 `type:"integer"` // The Amazon Resource Name (ARN) for the IAM role that permits RDS to send @@ -19957,17 +19993,11 @@ type CreateDBClusterInput struct { // If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn // value. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only MonitoringRoleArn *string `type:"string"` // The network type of the DB cluster. // - // Valid values: - // - // * IPV4 - // - // * DUAL - // // The network type is determined by the DBSubnetGroup specified for the DB // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and // the IPv6 protocols (DUAL). @@ -19975,11 +20005,12 @@ type CreateDBClusterInput struct { // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only + // + // Valid Values: IPV4 | DUAL NetworkType *string `type:"string"` - // A value that indicates that the DB cluster should be associated with the - // specified option group. + // The option group to associate the DB cluster with. // // DB clusters are associated with a default option group that can't be modified. OptionGroupName *string `type:"string"` @@ -19995,49 +20026,39 @@ type CreateDBClusterInput struct { // Web Services account. Your Amazon Web Services account has a different default // KMS key for each Amazon Web Services Region. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: + // The number of days to retain Performance Insights data. // - // * 7 + // Valid for Cluster Type: Multi-AZ DB clusters only // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: + // Valid Values: // - // * 93 (3 months * 31) + // * 7 // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) // // * 731 // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // Default: 7 days // - // Valid for: Multi-AZ DB clusters only + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // issues an error. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // The port number on which the instances in the DB cluster accept connections. // - // RDS for MySQL and Aurora MySQL + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Default: 3306 - // - // Valid values: 1150-65535 - // - // RDS for PostgreSQL and Aurora PostgreSQL + // Valid Values: 1150-65535 // - // Default: 5432 + // Default: // - // Valid values: 1150-65535 + // * RDS for MySQL and Aurora MySQL - 3306 // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // * RDS for PostgreSQL and Aurora PostgreSQL - 5432 Port *int64 `type:"integer"` // When you are replicating a DB cluster from one Amazon Web Services GovCloud @@ -20080,12 +20101,14 @@ type CreateDBClusterInput struct { // valid request for the operation that can run in the source Amazon Web Services // Region. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only PreSignedUrl *string `type:"string"` // The daily time range during which automated backups are created if automated // backups are enabled using the BackupRetentionPeriod parameter. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // The default is a 30-minute window selected at random from an 8-hour block // of time for each Amazon Web Services Region. To view the time blocks available, // see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) @@ -20100,14 +20123,11 @@ type CreateDBClusterInput struct { // * Must not conflict with the preferred maintenance window. // // * Must be at least 30 minutes. - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters PreferredBackupWindow *string `type:"string"` - // The weekly time range during which system maintenance can occur, in Universal - // Coordinated Time (UTC). + // The weekly time range during which system maintenance can occur. // - // Format: ddd:hh24:mi-ddd:hh24:mi + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // The default is a 30-minute window selected at random from an 8-hour block // of time for each Amazon Web Services Region, occurring on a random day of @@ -20115,14 +20135,18 @@ type CreateDBClusterInput struct { // Cluster Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) // in the Amazon Aurora User Guide. // - // Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + // Constraints: // - // Constraints: Minimum 30-minute window. + // * Must be in the format ddd:hh24:mi-ddd:hh24:mi. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // * Days must be one of Mon | Tue | Wed | Thu | Fri | Sat | Sun. + // + // * Must be in Universal Coordinated Time (UTC). + // + // * Must be at least 30 minutes. PreferredMaintenanceWindow *string `type:"string"` - // A value that indicates whether the DB cluster is publicly accessible. + // Specifies whether the DB cluster is publicly accessible. // // When the DB cluster is publicly accessible, its Domain Name System (DNS) // endpoint resolves to the private IP address from within the DB cluster's @@ -20134,6 +20158,8 @@ type CreateDBClusterInput struct { // When the DB cluster isn't publicly accessible, it is an internal DB cluster // with a DNS name that resolves to a private IP address. // + // Valid for Cluster Type: Multi-AZ DB clusters only + // // Default: The default behavior varies depending on whether DBSubnetGroupName // is specified. // @@ -20154,20 +20180,18 @@ type CreateDBClusterInput struct { // // * If the subnets are part of a VPC that has an internet gateway attached // to it, the DB cluster is public. - // - // Valid for: Multi-AZ DB clusters only PubliclyAccessible *bool `type:"boolean"` // The Amazon Resource Name (ARN) of the source DB instance or DB cluster if // this DB cluster is created as a read replica. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters ReplicationSourceIdentifier *string `type:"string"` // For DB clusters in serverless DB engine mode, the scaling properties of the // DB cluster. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only ScalingConfiguration *ScalingConfiguration `type:"structure"` // Contains the scaling configuration of an Aurora Serverless v2 DB cluster. @@ -20181,32 +20205,46 @@ type CreateDBClusterInput struct { // have the same region as the source ARN. SourceRegion *string `type:"string" ignore:"true"` - // A value that indicates whether the DB cluster is encrypted. + // Specifies whether the DB cluster is encrypted. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters StorageEncrypted *bool `type:"boolean"` - // Specifies the storage type to be associated with the DB cluster. + // The storage type to associate with the DB cluster. + // + // For information on storage types for Aurora DB clusters, see Storage configurations + // for Amazon Aurora DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type). + // For information on storage types for Multi-AZ DB clusters, see Settings for + // creating Multi-AZ DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings). // // This setting is required to create a Multi-AZ DB cluster. // - // Valid values: io1 + // When specified for a Multi-AZ DB cluster, a value for the Iops parameter + // is required. // - // When specified, a value for the Iops parameter is required. + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Default: io1 + // Valid Values: // - // Valid for: Multi-AZ DB clusters only + // * Aurora DB clusters - aurora | aurora-iopt1 + // + // * Multi-AZ DB clusters - io1 + // + // Default: + // + // * Aurora DB clusters - aurora + // + // * Multi-AZ DB clusters - io1 StorageType *string `type:"string"` // Tags to assign to the DB cluster. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Tags []*Tag `locationNameList:"Tag" type:"list"` // A list of EC2 VPC security groups to associate with this DB cluster. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } @@ -20619,11 +20657,11 @@ type CreateDBClusterParameterGroupInput struct { // // Aurora MySQL // - // Example: aurora5.6, aurora-mysql5.7, aurora-mysql8.0 + // Example: aurora-mysql5.7, aurora-mysql8.0 // // Aurora PostgreSQL // - // Example: aurora-postgresql9.6 + // Example: aurora-postgresql14 // // RDS for MySQL // @@ -20649,9 +20687,7 @@ type CreateDBClusterParameterGroupInput struct { // // The following are the valid DB engine values: // - // * aurora (for MySQL 5.6-compatible Aurora) - // - // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + // * aurora-mysql // // * aurora-postgresql // @@ -20892,15 +20928,22 @@ type CreateDBInstanceInput struct { // The amount of storage in gibibytes (GiB) to allocate for the DB instance. // - // Type: Integer + // This setting doesn't apply to Amazon Aurora DB instances. Aurora cluster + // volumes automatically grow as the amount of data in your database increases, + // though you are only charged for the space that you use in an Aurora cluster + // volume. // - // Amazon Aurora + // Amazon RDS Custom // - // Not applicable. Aurora cluster volumes automatically grow as the amount of - // data in your database increases, though you are only charged for the space - // that you use in an Aurora cluster volume. + // RDS for MariaDB // - // Amazon RDS Custom + // RDS for MySQL + // + // RDS for Oracle + // + // RDS for PostgreSQL + // + // RDS for SQL Server // // Constraints to the amount of storage for each storage type are the following: // @@ -20910,8 +20953,6 @@ type CreateDBInstanceInput struct { // * Provisioned IOPS storage (io1): Must be an integer from 40 to 65536 // for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. // - // MySQL - // // Constraints to the amount of storage for each storage type are the following: // // * General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 @@ -20921,8 +20962,6 @@ type CreateDBInstanceInput struct { // // * Magnetic storage (standard): Must be an integer from 5 to 3072. // - // MariaDB - // // Constraints to the amount of storage for each storage type are the following: // // * General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 @@ -20932,8 +20971,6 @@ type CreateDBInstanceInput struct { // // * Magnetic storage (standard): Must be an integer from 5 to 3072. // - // PostgreSQL - // // Constraints to the amount of storage for each storage type are the following: // // * General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 @@ -20941,9 +20978,7 @@ type CreateDBInstanceInput struct { // // * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. // - // * Magnetic storage (standard): Must be an integer from 5 to 3072. - // - // Oracle + // * Magnetic storage (standard): Must be an integer from 10 to 3072. // // Constraints to the amount of storage for each storage type are the following: // @@ -20952,9 +20987,7 @@ type CreateDBInstanceInput struct { // // * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. // - // * Magnetic storage (standard): Must be an integer from 10 to 3072. - // - // SQL Server + // * Magnetic storage (standard): Must be an integer from 5 to 3072. // // Constraints to the amount of storage for each storage type are the following: // @@ -20971,9 +21004,9 @@ type CreateDBInstanceInput struct { // from 20 to 1024. AllocatedStorage *int64 `type:"integer"` - // A value that indicates whether minor engine upgrades are applied automatically - // to the DB instance during the maintenance window. By default, minor engine - // upgrades are applied automatically. + // Specifies whether minor engine upgrades are applied automatically to the + // DB instance during the maintenance window. By default, minor engine upgrades + // are applied automatically. // // If you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade // to false. @@ -20983,56 +21016,61 @@ type CreateDBInstanceInput struct { // on Amazon Web Services Regions and Availability Zones, see Regions and Availability // Zones (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). // - // Amazon Aurora - // - // Each Aurora DB cluster hosts copies of its storage in three separate Availability - // Zones. Specify one of these Availability Zones. Aurora automatically chooses - // an appropriate Availability Zone if you don't specify one. + // For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in + // three separate Availability Zones. Specify one of these Availability Zones. + // Aurora automatically chooses an appropriate Availability Zone if you don't + // specify one. // // Default: A random, system-chosen Availability Zone in the endpoint's Amazon // Web Services Region. // - // Example: us-east-1d + // Constraints: // - // Constraint: The AvailabilityZone parameter can't be specified if the DB instance - // is a Multi-AZ deployment. The specified Availability Zone must be in the - // same Amazon Web Services Region as the current endpoint. + // * The AvailabilityZone parameter can't be specified if the DB instance + // is a Multi-AZ deployment. + // + // * The specified Availability Zone must be in the same Amazon Web Services + // Region as the current endpoint. + // + // Example: us-east-1d AvailabilityZone *string `type:"string"` // The number of days for which automated backups are retained. Setting this // parameter to a positive number enables backups. Setting this parameter to // 0 disables automated backups. // - // Amazon Aurora - // - // Not applicable. The retention period for automated backups is managed by - // the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The retention period + // for automated backups is managed by the DB cluster. // // Default: 1 // // Constraints: // - // * Must be a value from 0 to 35 + // * Must be a value from 0 to 35. // - // * Can't be set to 0 if the DB instance is a source to read replicas + // * Can't be set to 0 if the DB instance is a source to read replicas. // - // * Can't be set to 0 for an RDS Custom for Oracle DB instance + // * Can't be set to 0 for an RDS Custom for Oracle DB instance. BackupRetentionPeriod *int64 `type:"integer"` - // Specifies where automated backups and manual snapshots are stored. + // The location for storing automated backups and manual snapshots. // - // Possible values are outposts (Amazon Web Services Outposts) and region (Amazon - // Web Services Region). The default is region. + // Valie Values: + // + // * outposts (Amazon Web Services Outposts) + // + // * region (Amazon Web Services Region) + // + // Default: region // // For more information, see Working with Amazon RDS on Amazon Web Services // Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) // in the Amazon RDS User Guide. BackupTarget *string `type:"string"` - // Specifies the CA certificate identifier to use for the DB instance’s server - // certificate. + // The CA certificate identifier to use for the DB instance's server certificate. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // // For more information, see Using SSL/TLS to encrypt a connection to a DB instance // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) @@ -21041,29 +21079,32 @@ type CreateDBInstanceInput struct { // in the Amazon Aurora User Guide. CACertificateIdentifier *string `type:"string"` - // For supported engines, this value indicates that the DB instance should be - // associated with the specified CharacterSet. + // For supported engines, the character set (CharacterSet) to associate the + // DB instance with. // - // This setting doesn't apply to RDS Custom. However, if you need to change - // the character set, you can change it on the database itself. + // This setting doesn't apply to the following DB instances: // - // Amazon Aurora + // * Amazon Aurora - The character set is managed by the DB cluster. For + // more information, see CreateDBCluster. // - // Not applicable. The character set is managed by the DB cluster. For more - // information, see CreateDBCluster. + // * RDS Custom - However, if you need to change the character set, you can + // change it on the database itself. CharacterSetName *string `type:"string"` - // A value that indicates whether to copy tags from the DB instance to snapshots - // of the DB instance. By default, tags are not copied. + // Spcifies whether to copy tags from the DB instance to snapshots of the DB + // instance. By default, tags are not copied. // - // Amazon Aurora - // - // Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting - // this value for an Aurora DB instance has no effect on the DB cluster setting. + // This setting doesn't apply to Amazon Aurora DB instances. Copying tags to + // snapshots is managed by the DB cluster. Setting this value for an Aurora + // DB instance has no effect on the DB cluster setting. CopyTagsToSnapshot *bool `type:"boolean"` // The instance profile associated with the underlying Amazon EC2 instance of - // an RDS Custom DB instance. The instance profile must meet the following requirements: + // an RDS Custom DB instance. + // + // This setting is required for RDS Custom. + // + // Constraints: // // * The profile must exist in your account. // @@ -21076,13 +21117,11 @@ type CreateDBInstanceInput struct { // For the list of permissions required for the IAM role, see Configure IAM // and your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) // in the Amazon RDS User Guide. - // - // This setting is required for RDS Custom. CustomIamInstanceProfile *string `type:"string"` - // The identifier of the DB cluster that the instance will belong to. + // The identifier of the DB cluster that this DB instance will belong to. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. DBClusterIdentifier *string `type:"string"` // The compute and memory capacity of the DB instance, for example db.m5.large. @@ -21095,7 +21134,8 @@ type CreateDBInstanceInput struct { // DBInstanceClass is a required field DBInstanceClass *string `type:"string" required:"true"` - // The DB instance identifier. This parameter is stored as a lowercase string. + // The identifier for this DB instance. This parameter is stored as a lowercase + // string. // // Constraints: // @@ -21110,129 +21150,128 @@ type CreateDBInstanceInput struct { // DBInstanceIdentifier is a required field DBInstanceIdentifier *string `type:"string" required:"true"` - // The meaning of this parameter differs according to the database engine you - // use. + // The meaning of this parameter differs depending on the database engine. // - // MySQL + // Amazon Aurora MySQL // - // The name of the database to create when the DB instance is created. If this - // parameter isn't specified, no database is created in the DB instance. + // Amazon Aurora PostgreSQL // - // Constraints: + // Amazon RDS Custom for Oracle // - // * Must contain 1 to 64 letters or numbers. + // Amazon RDS Custom for SQL Server // - // * Must begin with a letter. Subsequent characters can be letters, underscores, - // or digits (0-9). + // RDS for MariaDB // - // * Can't be a word reserved by the specified database engine + // RDS for MySQL // - // MariaDB + // RDS for Oracle // - // The name of the database to create when the DB instance is created. If this - // parameter isn't specified, no database is created in the DB instance. + // RDS for PostgreSQL // - // Constraints: + // RDS for SQL Server // - // * Must contain 1 to 64 letters or numbers. + // The name of the database to create when the primary DB instance of the Aurora + // MySQL DB cluster is created. If you don't specify a value, Amazon RDS doesn't + // create a database in the DB cluster. // - // * Must begin with a letter. Subsequent characters can be letters, underscores, - // or digits (0-9). + // Constraints: // - // * Can't be a word reserved by the specified database engine + // * Must contain 1 to 64 alphanumeric characters. // - // PostgreSQL + // * Can't be a word reserved by the database engine. // - // The name of the database to create when the DB instance is created. If this - // parameter isn't specified, a database named postgres is created in the DB - // instance. + // The name of the database to create when the primary DB instance of the Aurora + // PostgreSQL DB cluster is created. + // + // Default: postgres // // Constraints: // - // * Must contain 1 to 63 letters, numbers, or underscores. + // * Must contain 1 to 63 alphanumeric characters. // // * Must begin with a letter. Subsequent characters can be letters, underscores, - // or digits (0-9). - // - // * Can't be a word reserved by the specified database engine + // or digits (0 to 9). // - // Oracle + // * Can't be a word reserved by the database engine. // - // The Oracle System ID (SID) of the created DB instance. If you specify null, - // the default value ORCL is used. You can't specify the string NULL, or any - // other reserved word, for DBName. + // The Oracle System ID (SID) of the created RDS Custom DB instance. // // Default: ORCL // // Constraints: // - // * Can't be longer than 8 characters + // * Must contain 1 to 8 alphanumeric characters. // - // Amazon RDS Custom for Oracle + // * Must contain a letter. // - // The Oracle System ID (SID) of the created RDS Custom DB instance. If you - // don't specify a value, the default value is ORCL. + // * Can't be a word reserved by the database engine. // - // Default: ORCL + // Not applicable. Must be null. + // + // The name of the database to create when the DB instance is created. If you + // don't specify a value, Amazon RDS doesn't create a database in the DB instance. // // Constraints: // - // * It must contain 1 to 8 alphanumeric characters. + // * Must contain 1 to 64 letters or numbers. // - // * It must contain a letter. + // * Must begin with a letter. Subsequent characters can be letters, underscores, + // or digits (0-9). // - // * It can't be a word reserved by the database engine. + // * Can't be a word reserved by the database engine. // - // Amazon RDS Custom for SQL Server + // The name of the database to create when the DB instance is created. If you + // don't specify a value, Amazon RDS doesn't create a database in the DB instance. // - // Not applicable. Must be null. + // Constraints: // - // SQL Server + // * Must contain 1 to 64 letters or numbers. // - // Not applicable. Must be null. + // * Must begin with a letter. Subsequent characters can be letters, underscores, + // or digits (0-9). // - // Amazon Aurora MySQL + // * Can't be a word reserved by the database engine. // - // The name of the database to create when the primary DB instance of the Aurora - // MySQL DB cluster is created. If this parameter isn't specified for an Aurora - // MySQL DB cluster, no database is created in the DB cluster. + // The Oracle System ID (SID) of the created DB instance. + // + // Default: ORCL // // Constraints: // - // * It must contain 1 to 64 alphanumeric characters. + // * Can't be longer than 8 characters. // - // * It can't be a word reserved by the database engine. + // * Can't be a word reserved by the database engine, such as the string + // NULL. // - // Amazon Aurora PostgreSQL + // The name of the database to create when the DB instance is created. // - // The name of the database to create when the primary DB instance of the Aurora - // PostgreSQL DB cluster is created. If this parameter isn't specified for an - // Aurora PostgreSQL DB cluster, a database named postgres is created in the - // DB cluster. + // Default: postgres // // Constraints: // - // * It must contain 1 to 63 alphanumeric characters. + // * Must contain 1 to 63 letters, numbers, or underscores. // - // * It must begin with a letter. Subsequent characters can be letters, underscores, - // or digits (0 to 9). + // * Must begin with a letter. Subsequent characters can be letters, underscores, + // or digits (0-9). // - // * It can't be a word reserved by the database engine. + // * Can't be a word reserved by the database engine. + // + // Not applicable. Must be null. DBName *string `type:"string"` // The name of the DB parameter group to associate with this DB instance. If - // you do not specify a value, then the default DB parameter group for the specified - // DB engine and version is used. + // you don't specify a value, then Amazon RDS uses the default DB parameter + // group for the specified DB engine and version. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // // Constraints: // - // * It must be 1 to 255 letters, numbers, or hyphens. + // * Must be 1 to 255 letters, numbers, or hyphens. // // * The first character must be a letter. // - // * It can't end with a hyphen or contain two consecutive hyphens. + // * Can't end with a hyphen or contain two consecutive hyphens. DBParameterGroupName *string `type:"string"` // A list of DB security groups to associate with this DB instance. @@ -21243,85 +21282,75 @@ type CreateDBInstanceInput struct { // A DB subnet group to associate with this DB instance. // - // Constraints: Must match the name of an existing DBSubnetGroup. Must not be - // default. + // Constraints: + // + // * Must match the name of an existing DB subnet group. + // + // * Must not be default. // // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` - // A value that indicates whether the DB instance has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection isn't enabled. For more information, see Deleting a DB - // Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). - // - // Amazon Aurora + // Specifies whether the DB instance has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. For more information, see Deleting a DB Instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). // - // Not applicable. You can enable or disable deletion protection for the DB - // cluster. For more information, see CreateDBCluster. DB instances in a DB - // cluster can be deleted even when deletion protection is enabled for the DB - // cluster. + // This setting doesn't apply to Amazon Aurora DB instances. You can enable + // or disable deletion protection for the DB cluster. For more information, + // see CreateDBCluster. DB instances in a DB cluster can be deleted even when + // deletion protection is enabled for the DB cluster. DeletionProtection *bool `type:"boolean"` // The Active Directory directory ID to create the DB instance in. Currently, - // only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can + // only Microsoft SQL Server, MySQL, Oracle, and PostgreSQL DB instances can // be created in an Active Directory Domain. // // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to the following DB instances: // - // Amazon Aurora + // * Amazon Aurora (The domain is managed by the DB cluster.) // - // Not applicable. The domain is managed by the DB cluster. + // * RDS Custom Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The name of the IAM role to use when making API calls to the Directory Service. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to the following DB instances: // - // Amazon Aurora + // * Amazon Aurora (The domain is managed by the DB cluster.) // - // Not applicable. The domain is managed by the DB cluster. + // * RDS Custom DomainIAMRoleName *string `type:"string"` // The list of log types that need to be enabled for exporting to CloudWatch - // Logs. The values in the list depend on the DB engine. For more information, - // see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // Logs. For more information, see Publishing Database Logs to Amazon CloudWatch + // Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon RDS User Guide. // - // Amazon Aurora + // This setting doesn't apply to the following DB instances: // - // Not applicable. CloudWatch Logs exports are managed by the DB cluster. + // * Amazon Aurora (CloudWatch Logs exports are managed by the DB cluster.) // - // RDS Custom + // * RDS Custom // - // Not applicable. + // The following values are valid for each DB engine: // - // MariaDB + // * RDS for MariaDB - audit | error | general | slowquery // - // Possible values are audit, error, general, and slowquery. + // * RDS for Microsoft SQL Server - agent | error // - // Microsoft SQL Server - // - // Possible values are agent and error. - // - // MySQL + // * RDS for MySQL - audit | error | general | slowquery // - // Possible values are audit, error, general, and slowquery. + // * RDS for Oracle - alert | audit | listener | trace | oemagent // - // Oracle - // - // Possible values are alert, audit, listener, trace, and oemagent. - // - // PostgreSQL - // - // Possible values are postgresql and upgrade. + // * RDS for PostgreSQL - postgresql | upgrade EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable a customer-owned IP address (CoIP) - // for an RDS on Outposts DB instance. + // Specifies whether to enable a customer-owned IP address (CoIP) for an RDS + // on Outposts DB instance. // // A CoIP provides local or external connectivity to resources in your Outpost // subnets through your on-premises network. For some use cases, a CoIP can @@ -21336,48 +21365,48 @@ type CreateDBInstanceInput struct { // in the Amazon Web Services Outposts User Guide. EnableCustomerOwnedIp *bool `type:"boolean"` - // A value that indicates whether to enable mapping of Amazon Web Services Identity - // and Access Management (IAM) accounts to database accounts. By default, mapping - // isn't enabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication for MySQL and PostgreSQL // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to the following DB instances: // - // Amazon Aurora + // * Amazon Aurora (Mapping Amazon Web Services IAM accounts to database + // accounts is managed by the DB cluster.) // - // Not applicable. Mapping Amazon Web Services IAM accounts to database accounts - // is managed by the DB cluster. + // * RDS Custom EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // A value that indicates whether to enable Performance Insights for the DB - // instance. For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) + // Specifies whether to enable Performance Insights for the DB instance. For + // more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. EnablePerformanceInsights *bool `type:"boolean"` - // The name of the database engine to be used for this instance. + // The database engine to use for this DB instance. // - // Not every database engine is available for every Amazon Web Services Region. + // Not every database engine is available in every Amazon Web Services Region. // // Valid Values: // - // * aurora (for MySQL 5.6-compatible Aurora) + // * aurora-mysql (for Aurora MySQL DB instances) // - // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + // * aurora-postgresql (for Aurora PostgreSQL DB instances) // - // * aurora-postgresql + // * custom-oracle-ee (for RDS Custom for Oracle DB instances) // - // * custom-oracle-ee (for RDS Custom for Oracle instances) + // * custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances) // - // * custom-sqlserver-ee (for RDS Custom for SQL Server instances) + // * custom-sqlserver-ee (for RDS Custom for SQL Server DB instances) // - // * custom-sqlserver-se (for RDS Custom for SQL Server instances) + // * custom-sqlserver-se (for RDS Custom for SQL Server DB instances) // - // * custom-sqlserver-web (for RDS Custom for SQL Server instances) + // * custom-sqlserver-web (for RDS Custom for SQL Server DB instances) // // * mariadb // @@ -21406,18 +21435,28 @@ type CreateDBInstanceInput struct { // The version number of the database engine to use. // + // This setting doesn't apply to Amazon Aurora DB instances. The version number + // of the database engine the DB instance uses is managed by the DB cluster. + // // For a list of valid engine versions, use the DescribeDBEngineVersions operation. // // The following are the database engines and links to information about the // major and minor versions that are available with Amazon RDS. Not every database // engine is available for every Amazon Web Services Region. // - // Amazon Aurora + // Amazon RDS Custom for Oracle // - // Not applicable. The version number of the database engine to be used by the - // DB instance is managed by the DB cluster. + // Amazon RDS Custom for SQL Server // - // Amazon RDS Custom for Oracle + // RDS for MariaDB + // + // RDS for Microsoft SQL Server + // + // RDS for MySQL + // + // RDS for Oracle + // + // RDS for PostgreSQL // // A custom engine version (CEV) that you have previously created. This setting // is required for RDS Custom for Oracle. The CEV name has the following format: @@ -21425,50 +21464,40 @@ type CreateDBInstanceInput struct { // see Creating an RDS Custom for Oracle DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-creating.html#custom-creating.create) // in the Amazon RDS User Guide. // - // Amazon RDS Custom for SQL Server - // // See RDS Custom for SQL Server general requirements (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits-MS.html) // in the Amazon RDS User Guide. // - // MariaDB - // - // For information, see MariaDB on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) + // For information, see MariaDB on Amazon RDS versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) // in the Amazon RDS User Guide. // - // Microsoft SQL Server - // - // For information, see Microsoft SQL Server Versions on Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) + // For information, see Microsoft SQL Server versions on Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) // in the Amazon RDS User Guide. // - // MySQL - // - // For information, see MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + // For information, see MySQL on Amazon RDS versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) // in the Amazon RDS User Guide. // - // Oracle - // - // For information, see Oracle Database Engine Release Notes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) + // For information, see Oracle Database Engine release notes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) // in the Amazon RDS User Guide. // - // PostgreSQL - // // For information, see Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) // in the Amazon RDS User Guide. EngineVersion *string `type:"string"` - // The amount of Provisioned IOPS (input/output operations per second) to be - // initially allocated for the DB instance. For information about valid IOPS - // values, see Amazon RDS DB instance storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html) + // The amount of Provisioned IOPS (input/output operations per second) to initially + // allocate for the DB instance. For information about valid IOPS values, see + // Amazon RDS DB instance storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html) // in the Amazon RDS User Guide. // - // Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must - // be a multiple between .5 and 50 of the storage amount for the DB instance. - // For SQL Server DB instances, must be a multiple between 1 and 50 of the storage - // amount for the DB instance. + // This setting doesn't apply to Amazon Aurora DB instances. Storage is managed + // by the DB cluster. // - // Amazon Aurora + // Constraints: // - // Not applicable. Storage is managed by the DB cluster. + // * For RDS for MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple + // between .5 and 50 of the storage amount for the DB instance. + // + // * For RDS for SQL Server - Must be a multiple between 1 and 50 of the + // storage amount for the DB instance. Iops *int64 `type:"integer"` // The Amazon Web Services KMS key identifier for an encrypted DB instance. @@ -21477,37 +21506,40 @@ type CreateDBInstanceInput struct { // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon // Web Services account, specify the key ARN or alias ARN. // - // Amazon Aurora - // - // Not applicable. The Amazon Web Services KMS key identifier is managed by - // the DB cluster. For more information, see CreateDBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. The Amazon Web + // Services KMS key identifier is managed by the DB cluster. For more information, + // see CreateDBCluster. // // If StorageEncrypted is enabled, and you do not specify a value for the KmsKeyId // parameter, then Amazon RDS uses your default KMS key. There is a default // KMS key for your Amazon Web Services account. Your Amazon Web Services account // has a different default KMS key for each Amazon Web Services Region. // - // Amazon RDS Custom - // - // A KMS key is required for RDS Custom instances. For most RDS engines, if - // you leave this parameter empty while enabling StorageEncrypted, the engine - // uses the default KMS key. However, RDS Custom doesn't use the default key - // when this parameter is empty. You must explicitly specify a key. + // For Amazon RDS Custom, a KMS key is required for DB instances. For most RDS + // engines, if you leave this parameter empty while enabling StorageEncrypted, + // the engine uses the default KMS key. However, RDS Custom doesn't use the + // default key when this parameter is empty. You must explicitly specify a key. KmsKeyId *string `type:"string"` - // License model information for this DB instance. + // The license model information for this DB instance. // - // Valid values: license-included | bring-your-own-license | general-public-license + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. // - // This setting doesn't apply to RDS Custom. + // Valid Values: + // + // * RDS for MariaDB - general-public-license + // + // * RDS for Microsoft SQL Server - license-included // - // Amazon Aurora + // * RDS for MySQL - general-public-license // - // Not applicable. + // * RDS for Oracle - bring-your-own-license | license-included + // + // * RDS for PostgreSQL - postgresql-license LicenseModel *string `type:"string"` - // A value that indicates whether to manage the master user password with Amazon - // Web Services Secrets Manager. + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. // // For more information, see Password management with Amazon Web Services Secrets // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) @@ -21519,34 +21551,28 @@ type CreateDBInstanceInput struct { // Manager if MasterUserPassword is specified. ManageMasterUserPassword *bool `type:"boolean"` - // The password for the master user. The password can include any printable - // ASCII character except "/", """, or "@". - // - // Amazon Aurora + // The password for the master user. // - // Not applicable. The password for the master user is managed by the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The password for + // the master user is managed by the DB cluster. // - // Constraints: Can't be specified if ManageMasterUserPassword is turned on. - // - // MariaDB - // - // Constraints: Must contain from 8 to 41 characters. + // Constraints: // - // Microsoft SQL Server + // * Can't be specified if ManageMasterUserPassword is turned on. // - // Constraints: Must contain from 8 to 128 characters. + // * Can include any printable ASCII character except "/", """, or "@". // - // MySQL + // Length Constraints: // - // Constraints: Must contain from 8 to 41 characters. + // * RDS for MariaDB - Must contain from 8 to 41 characters. // - // Oracle + // * RDS for Microsoft SQL Server - Must contain from 8 to 128 characters. // - // Constraints: Must contain from 8 to 30 characters. + // * RDS for MySQL - Must contain from 8 to 41 characters. // - // PostgreSQL + // * RDS for Oracle - Must contain from 8 to 30 characters. // - // Constraints: Must contain from 8 to 128 characters. + // * RDS for PostgreSQL - Must contain from 8 to 128 characters. MasterUserPassword *string `type:"string"` // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically @@ -21571,16 +21597,13 @@ type CreateDBInstanceInput struct { // The name for the master user. // - // Amazon Aurora - // - // Not applicable. The name for the master user is managed by the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The name for the + // master user is managed by the DB cluster. // - // Amazon RDS + // This setting is required for RDS DB instances. // // Constraints: // - // * Required. - // // * Must be 1 to 16 letters, numbers, or underscores. // // * First character must be a letter. @@ -21596,23 +21619,25 @@ type CreateDBInstanceInput struct { // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to the following DB instances: // - // Amazon Aurora + // * Amazon Aurora (Storage is managed by the DB cluster.) // - // Not applicable. Storage is managed by the DB cluster. + // * RDS Custom MaxAllocatedStorage *int64 `type:"integer"` // The interval, in seconds, between points when Enhanced Monitoring metrics // are collected for the DB instance. To disable collection of Enhanced Monitoring - // metrics, specify 0. The default is 0. + // metrics, specify 0. // // If MonitoringRoleArn is specified, then you must set MonitoringInterval to // a value other than 0. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // - // Valid Values: 0, 1, 5, 10, 15, 30, 60 + // Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60 + // + // Default: 0 MonitoringInterval *int64 `type:"integer"` // The ARN for the IAM role that permits RDS to send enhanced monitoring metrics @@ -21624,54 +21649,44 @@ type CreateDBInstanceInput struct { // If MonitoringInterval is set to a value other than 0, then you must supply // a MonitoringRoleArn value. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. MonitoringRoleArn *string `type:"string"` - // A value that indicates whether the DB instance is a Multi-AZ deployment. - // You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ - // deployment. + // Specifies whether the DB instance is a Multi-AZ deployment. You can't set + // the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to the following DB instances: // - // Amazon Aurora + // * Amazon Aurora (DB instance Availability Zones (AZs) are managed by the + // DB cluster.) // - // Not applicable. DB instance Availability Zones (AZs) are managed by the DB - // cluster. + // * RDS Custom MultiAZ *bool `type:"boolean"` // The name of the NCHAR character set for the Oracle DB instance. // - // This parameter doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. NcharCharacterSetName *string `type:"string"` // The network type of the DB instance. // - // Valid values: - // - // * IPV4 - // - // * DUAL - // // The network type is determined by the DBSubnetGroup specified for the DB // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 // and the IPv6 protocols (DUAL). // // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) // in the Amazon RDS User Guide. + // + // Valid Values: IPV4 | DUAL NetworkType *string `type:"string"` - // A value that indicates that the DB instance should be associated with the - // specified option group. + // The option group to associate the DB instance with. // // Permanent options, such as the TDE option for Oracle Advanced Security TDE, // can't be removed from an option group. Also, that option group can't be removed // from a DB instance after it is associated with a DB instance. // - // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. OptionGroupName *string `type:"string"` // The Amazon Web Services KMS key identifier for encryption of Performance @@ -21680,85 +21695,56 @@ type CreateDBInstanceInput struct { // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias // ARN, or alias name for the KMS key. // - // If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon + // If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon // RDS uses your default KMS key. There is a default KMS key for your Amazon // Web Services account. Your Amazon Web Services account has a different default // KMS key for each Amazon Web Services Region. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 + // The number of days to retain Performance Insights data. // - // * 731 + // This setting doesn't apply to RDS Custom DB instances. // - // For example, the following values are valid: - // - // * 93 (3 months * 31) + // Valid Values: // - // * 341 (11 months * 31) + // * 7 // - // * 589 (19 months * 31) + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) // // * 731 // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // Default: 7 days // - // This setting doesn't apply to RDS Custom. + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // returns an error. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // The port number on which the database accepts connections. // - // MySQL - // - // Default: 3306 - // - // Valid values: 1150-65535 - // - // Type: Integer - // - // MariaDB - // - // Default: 3306 - // - // Valid values: 1150-65535 - // - // Type: Integer - // - // PostgreSQL - // - // Default: 5432 - // - // Valid values: 1150-65535 - // - // Type: Integer + // This setting doesn't apply to Aurora DB instances. The port number is managed + // by the cluster. // - // Oracle - // - // Default: 1521 + // Valid Values: 1150-65535 // - // Valid values: 1150-65535 + // Default: // - // SQL Server + // * RDS for MariaDB - 3306 // - // Default: 1433 + // * RDS for Microsoft SQL Server - 1433 // - // Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and - // 49152-49156. + // * RDS for MySQL - 3306 // - // Amazon Aurora + // * RDS for Oracle - 1521 // - // Default: 3306 + // * RDS for PostgreSQL - 5432 // - // Valid values: 1150-65535 + // Constraints: // - // Type: Integer + // * For RDS for Microsoft SQL Server, the value can't be 1234, 1434, 3260, + // 3343, 3389, 47001, or 49152-49156. Port *int64 `type:"integer"` // The daily time range during which automated backups are created if automated @@ -21768,10 +21754,8 @@ type CreateDBInstanceInput struct { // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) // in the Amazon RDS User Guide. // - // Amazon Aurora - // - // Not applicable. The daily time range for creating automated backups is managed - // by the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The daily time + // range for creating automated backups is managed by the DB cluster. // // Constraints: // @@ -21784,44 +21768,46 @@ type CreateDBInstanceInput struct { // * Must be at least 30 minutes. PreferredBackupWindow *string `type:"string"` - // The time range each week during which system maintenance can occur, in Universal - // Coordinated Time (UTC). For more information, see Amazon RDS Maintenance - // Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance). - // - // Format: ddd:hh24:mi-ddd:hh24:mi + // The time range each week during which system maintenance can occur. For more + // information, see Amazon RDS Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance) + // in the Amazon RDS User Guide. // // The default is a 30-minute window selected at random from an 8-hour block // of time for each Amazon Web Services Region, occurring on a random day of // the week. // - // Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + // Constraints: // - // Constraints: Minimum 30-minute window. + // * Must be in the format ddd:hh24:mi-ddd:hh24:mi. + // + // * The day values must be mon | tue | wed | thu | fri | sat | sun. + // + // * Must be in Universal Coordinated Time (UTC). + // + // * Must not conflict with the preferred backup window. + // + // * Must be at least 30 minutes. PreferredMaintenanceWindow *string `type:"string"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. // - // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that specifies the order in which an Aurora Replica is promoted to - // the primary instance after a failure of the existing primary instance. For - // more information, see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) + // The order of priority in which an Aurora Replica is promoted to the primary + // instance after a failure of the existing primary instance. For more information, + // see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) // in the Amazon Aurora User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // // Default: 1 // // Valid Values: 0 - 15 PromotionTier *int64 `type:"integer"` - // A value that indicates whether the DB instance is publicly accessible. + // Specifies whether the DB instance is publicly accessible. // // When the DB instance is publicly accessible, its Domain Name System (DNS) // endpoint resolves to the private IP address from within the DB instance's @@ -21855,35 +21841,32 @@ type CreateDBInstanceInput struct { // to it, the DB instance is public. PubliclyAccessible *bool `type:"boolean"` - // A value that indicates whether the DB instance is encrypted. By default, - // it isn't encrypted. + // Specifes whether the DB instance is encrypted. By default, it isn't encrypted. // - // For RDS Custom instances, either set this parameter to true or leave it unset. - // If you set this parameter to false, RDS reports an error. + // For RDS Custom DB instances, either enable this setting or leave it unset. + // Otherwise, Amazon RDS reports an error. // - // Amazon Aurora - // - // Not applicable. The encryption for DB instances is managed by the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The encryption + // for DB instances is managed by the DB cluster. StorageEncrypted *bool `type:"boolean"` - // Specifies the storage throughput value for the DB instance. + // The storage throughput value for the DB instance. // // This setting applies only to the gp3 storage type. // - // This setting doesn't apply to RDS Custom or Amazon Aurora. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. StorageThroughput *int64 `type:"integer"` - // Specifies the storage type to be associated with the DB instance. - // - // Valid values: gp2 | gp3 | io1 | standard + // The storage type to associate with the DB instance. // // If you specify io1 or gp3, you must also include a value for the Iops parameter. // - // Default: io1 if the Iops parameter is specified, otherwise gp2 + // This setting doesn't apply to Amazon Aurora DB instances. Storage is managed + // by the DB cluster. // - // Amazon Aurora + // Valid Values: gp2 | gp3 | io1 | standard // - // Not applicable. Storage is managed by the DB cluster. + // Default: io1, if the Iops parameter is specified. Otherwise, gp2. StorageType *string `type:"string"` // Tags to assign to the DB instance. @@ -21891,17 +21874,13 @@ type CreateDBInstanceInput struct { // The ARN from the key store with which to associate the instance for TDE encryption. // - // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. TdeCredentialArn *string `type:"string"` // The password for the given ARN from the key store in order to access the // device. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. TdeCredentialPassword *string `type:"string"` // The time zone of the DB instance. The time zone parameter is currently supported @@ -21910,10 +21889,8 @@ type CreateDBInstanceInput struct { // A list of Amazon EC2 VPC security groups to associate with this DB instance. // - // Amazon Aurora - // - // Not applicable. The associated list of EC2 VPC security groups is managed - // by the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The associated + // list of EC2 VPC security groups is managed by the DB cluster. // // Default: The default EC2 VPC security group for the DB subnet group's VPC. VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` @@ -22328,8 +22305,8 @@ type CreateDBInstanceReadReplicaInput struct { // The amount of storage (in gibibytes) to allocate initially for the read replica. // Follow the allocation rules specified in CreateDBInstance. // - // Be sure to allocate enough memory for your read replica so that the create - // operation can succeed. You can also allocate additional memory for future + // Be sure to allocate enough storage for your read replica so that the create + // operation can succeed. You can also allocate additional storage for future // growth. AllocatedStorage *int64 `type:"integer"` @@ -22412,9 +22389,6 @@ type CreateDBInstanceReadReplicaInput struct { // // Constraints: // - // * Can only be specified if the source DB instance identifier specifies - // a DB instance in another Amazon Web Services Region. - // // * If supplied, must match the name of an existing DBSubnetGroup. // // * The specified DB subnet group must be in the same Amazon Web Services @@ -22448,8 +22422,8 @@ type CreateDBInstanceReadReplicaInput struct { // This setting doesn't apply to RDS Custom. Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The name of the IAM role to be used when making API calls to the Directory + // Service. // // This setting doesn't apply to RDS Custom. DomainIAMRoleName *string `type:"string"` @@ -22508,9 +22482,9 @@ type CreateDBInstanceReadReplicaInput struct { // ARN, or alias name for the KMS key. // // If you create an encrypted read replica in the same Amazon Web Services Region - // as the source DB instance, then do not specify a value for this parameter. - // A read replica in the same Amazon Web Services Region is always encrypted - // with the same KMS key as the source DB instance. + // as the source DB instance or Multi-AZ DB cluster, don't specify a value for + // this parameter. A read replica in the same Amazon Web Services Region is + // always encrypted with the same KMS key as the source DB instance or cluster. // // If you create an encrypted read replica in a different Amazon Web Services // Region, then you must specify a KMS key identifier for the destination Amazon @@ -22518,7 +22492,8 @@ type CreateDBInstanceReadReplicaInput struct { // that they are created in, and you can't use KMS keys from one Amazon Web // Services Region in another Amazon Web Services Region. // - // You can't create an encrypted read replica from an unencrypted DB instance. + // You can't create an encrypted read replica from an unencrypted DB instance + // or Multi-AZ DB cluster. // // This setting doesn't apply to RDS Custom, which uses the same KMS key as // the primary replica. @@ -22562,7 +22537,7 @@ type CreateDBInstanceReadReplicaInput struct { // You can create a read replica as a Multi-AZ DB instance. RDS creates a standby // of your replica in another Availability Zone for failover support for the // replica. Creating your read replica as a Multi-AZ DB instance is independent - // of whether the source database is a Multi-AZ DB instance. + // of whether the source is a Multi-AZ DB instance or a Multi-AZ DB cluster. // // This setting doesn't apply to RDS Custom. MultiAZ *bool `type:"boolean"` @@ -22584,10 +22559,9 @@ type CreateDBInstanceReadReplicaInput struct { NetworkType *string `type:"string"` // The option group the DB instance is associated with. If omitted, the option - // group associated with the source instance is used. + // group associated with the source instance or cluster is used. // - // For SQL Server, you must use the option group associated with the source - // instance. + // For SQL Server, you must use the option group associated with the source. // // This setting doesn't apply to RDS Custom. OptionGroupName *string `type:"string"` @@ -22648,6 +22622,10 @@ type CreateDBInstanceReadReplicaInput struct { // China Amazon Web Services Regions. It's ignored in other Amazon Web Services // Regions. // + // This setting applies only when replicating from a source DB instance. Source + // DB clusters aren't supported in Amazon Web Services GovCloud (US) Regions + // and China Amazon Web Services Regions. + // // You must specify this parameter when you create an encrypted read replica // from another Amazon Web Services Region by using the Amazon RDS API. Don't // specify PreSignedUrl when you are creating an encrypted read replica in the @@ -22741,28 +22719,43 @@ type CreateDBInstanceReadReplicaInput struct { // open mode manually. ReplicaMode *string `type:"string" enum:"ReplicaMode"` + // The identifier of the Multi-AZ DB cluster that will act as the source for + // the read replica. Each DB cluster can have up to 15 read replicas. + // + // Constraints: + // + // * Must be the identifier of an existing Multi-AZ DB cluster. + // + // * Can't be specified if the SourceDBInstanceIdentifier parameter is also + // specified. + // + // * The specified DB cluster must have automatic backups enabled, that is, + // its backup retention period must be greater than 0. + // + // * The source DB cluster must be in the same Amazon Web Services Region + // as the read replica. Cross-Region replication isn't supported. + SourceDBClusterIdentifier *string `type:"string"` + // The identifier of the DB instance that will act as the source for the read - // replica. Each DB instance can have up to five read replicas. + // replica. Each DB instance can have up to 15 read replicas, with the exception + // of Oracle and SQL Server, which can have up to five. // // Constraints: // // * Must be the identifier of an existing MySQL, MariaDB, Oracle, PostgreSQL, // or SQL Server DB instance. // - // * Can specify a DB instance that is a MySQL read replica only if the source - // is running MySQL 5.6 or later. + // * Can't be specified if the SourceDBClusterIdentifier parameter is also + // specified. // - // * For the limitations of Oracle read replicas, see Read Replica Limitations - // with Oracle (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) + // * For the limitations of Oracle read replicas, see Version and licensing + // considerations for RDS for Oracle replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.limitations.html#oracle-read-replicas.limitations.versions-and-licenses) // in the Amazon RDS User Guide. // - // * For the limitations of SQL Server read replicas, see Read Replica Limitations - // with Microsoft SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.ReadReplicas.Limitations.html) + // * For the limitations of SQL Server read replicas, see Read replica limitations + // with SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.ReadReplicas.html#SQLServer.ReadReplicas.Limitations) // in the Amazon RDS User Guide. // - // * Can specify a PostgreSQL DB instance only if the source is running PostgreSQL - // 9.3.5 or later (9.4.7 and higher for cross-Region replication). - // // * The specified DB instance must have automatic backups enabled, that // is, its backup retention period must be greater than 0. // @@ -22774,9 +22767,7 @@ type CreateDBInstanceReadReplicaInput struct { // see Constructing an ARN for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing) // in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS // Custom, which don't support cross-Region replicas. - // - // SourceDBInstanceIdentifier is a required field - SourceDBInstanceIdentifier *string `type:"string" required:"true"` + SourceDBInstanceIdentifier *string `type:"string"` // SourceRegion is the source region where the resource exists. This is not // sent over the wire and is only used for presigning. This value should always @@ -22839,9 +22830,6 @@ func (s *CreateDBInstanceReadReplicaInput) Validate() error { if s.DBInstanceIdentifier == nil { invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) } - if s.SourceDBInstanceIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("SourceDBInstanceIdentifier")) - } if invalidParams.Len() > 0 { return invalidParams @@ -23041,6 +23029,12 @@ func (s *CreateDBInstanceReadReplicaInput) SetReplicaMode(v string) *CreateDBIns return s } +// SetSourceDBClusterIdentifier sets the SourceDBClusterIdentifier field's value. +func (s *CreateDBInstanceReadReplicaInput) SetSourceDBClusterIdentifier(v string) *CreateDBInstanceReadReplicaInput { + s.SourceDBClusterIdentifier = &v + return s +} + // SetSourceDBInstanceIdentifier sets the SourceDBInstanceIdentifier field's value. func (s *CreateDBInstanceReadReplicaInput) SetSourceDBInstanceIdentifier(v string) *CreateDBInstanceReadReplicaInput { s.SourceDBInstanceIdentifier = &v @@ -23143,9 +23137,7 @@ type CreateDBParameterGroupInput struct { // // The following are the valid DB engine values: // - // * aurora (for MySQL 5.6-compatible Aurora) - // - // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + // * aurora-mysql // // * aurora-postgresql // @@ -24200,7 +24192,8 @@ type CreateGlobalClusterInput struct { // The engine version of the Aurora global database. EngineVersion *string `type:"string"` - // The cluster identifier of the new global database cluster. + // The cluster identifier of the new global database cluster. This parameter + // is stored as a lowercase string. GlobalClusterIdentifier *string `type:"string"` // The Amazon Resource Name (ARN) to use as the primary cluster of the global @@ -24552,13 +24545,13 @@ type DBCluster struct { // instead automatically adjusts as needed. AllocatedStorage *int64 `type:"integer"` - // Provides a list of the Amazon Web Services Identity and Access Management - // (IAM) roles that are associated with the DB cluster. IAM roles that are associated - // with a DB cluster grant permission for the DB cluster to access other Amazon - // Web Services on your behalf. + // A list of the Amazon Web Services Identity and Access Management (IAM) roles + // that are associated with the DB cluster. IAM roles that are associated with + // a DB cluster grant permission for the DB cluster to access other Amazon Web + // Services on your behalf. AssociatedRoles []*DBClusterRole `locationNameList:"DBClusterRole" type:"list"` - // A value that indicates that minor version patches are applied automatically. + // Indicates whether minor version patches are applied automatically. // // This setting is only for non-Aurora Multi-AZ DB clusters. AutoMinorVersionUpgrade *bool `type:"boolean"` @@ -24566,8 +24559,8 @@ type DBCluster struct { // The time when a stopped DB cluster is restarted automatically. AutomaticRestartTime *time.Time `type:"timestamp"` - // Provides the list of Availability Zones (AZs) where instances in the DB cluster - // can be created. + // The list of Availability Zones (AZs) where instances in the DB cluster can + // be created. AvailabilityZones []*string `locationNameList:"AvailabilityZone" type:"list"` // The number of change records stored for Backtrack. @@ -24577,7 +24570,7 @@ type DBCluster struct { // is disabled for the DB cluster. Otherwise, backtracking is enabled. BacktrackWindow *int64 `type:"long"` - // Specifies the number of days for which automatic DB snapshots are retained. + // The number of days for which automatic DB snapshots are retained. BackupRetentionPeriod *int64 `type:"integer"` // The current capacity of an Aurora Serverless v1 DB cluster. The capacity @@ -24592,28 +24585,27 @@ type DBCluster struct { // associated with. CharacterSetName *string `type:"string"` - // Identifies the clone group to which the DB cluster is associated. + // The ID of the clone group with which the DB cluster is associated. CloneGroupId *string `type:"string"` - // Specifies the time when the DB cluster was created, in Universal Coordinated - // Time (UTC). + // The time when the DB cluster was created, in Universal Coordinated Time (UTC). ClusterCreateTime *time.Time `type:"timestamp"` - // Specifies whether tags are copied from the DB cluster to snapshots of the + // Indicates whether tags are copied from the DB cluster to snapshots of the // DB cluster. CopyTagsToSnapshot *bool `type:"boolean"` - // Specifies whether the DB cluster is a clone of a DB cluster owned by a different + // Indicates whether the DB cluster is a clone of a DB cluster owned by a different // Amazon Web Services account. CrossAccountClone *bool `type:"boolean"` - // Identifies all custom endpoints associated with the cluster. + // The custom endpoints associated with the DB cluster. CustomEndpoints []*string `type:"list"` // The Amazon Resource Name (ARN) for the DB cluster. DBClusterArn *string `type:"string"` - // Contains a user-supplied DB cluster identifier. This identifier is the unique + // The user-supplied identifier for the DB cluster. This identifier is the unique // key that identifies a DB cluster. DBClusterIdentifier *string `type:"string"` @@ -24622,25 +24614,25 @@ type DBCluster struct { // This setting is only for non-Aurora Multi-AZ DB clusters. DBClusterInstanceClass *string `type:"string"` - // Provides the list of instances that make up the DB cluster. + // The list of DB instances that make up the DB cluster. DBClusterMembers []*DBClusterMember `locationNameList:"DBClusterMember" type:"list"` - // Provides the list of option group memberships for this DB cluster. + // The list of option group memberships for this DB cluster. DBClusterOptionGroupMemberships []*DBClusterOptionGroupStatus `locationNameList:"DBClusterOptionGroup" type:"list"` - // Specifies the name of the DB cluster parameter group for the DB cluster. + // The name of the DB cluster parameter group for the DB cluster. DBClusterParameterGroup *string `type:"string"` - // Specifies information on the subnet group associated with the DB cluster, - // including the name, description, and subnets in the subnet group. + // Information about the subnet group associated with the DB cluster, including + // the name, description, and subnets in the subnet group. DBSubnetGroup *string `type:"string"` // Reserved for future use. DBSystemId *string `type:"string"` - // Contains the name of the initial database of this DB cluster that was provided - // at create time, if one was specified when the DB cluster was created. This - // same name is returned for the life of the DB cluster. + // The name of the initial database that was specified for the DB cluster when + // it was created, if one was provided. This same name is returned for the life + // of the DB cluster. DatabaseName *string `type:"string"` // The Amazon Web Services Region-unique, immutable identifier for the DB cluster. @@ -24648,7 +24640,7 @@ type DBCluster struct { // the KMS key for the DB cluster is accessed. DbClusterResourceId *string `type:"string"` - // Indicates if the DB cluster has deletion protection enabled. The database + // Indicates whether the DB cluster has deletion protection enabled. The database // can't be deleted when deletion protection is enabled. DeletionProtection *bool `type:"boolean"` @@ -24670,37 +24662,35 @@ type DBCluster struct { // in the Amazon Aurora User Guide. EnabledCloudwatchLogsExports []*string `type:"list"` - // Specifies the connection endpoint for the primary instance of the DB cluster. + // The connection endpoint for the primary instance of the DB cluster. Endpoint *string `type:"string"` - // The name of the database engine to be used for this DB cluster. + // The database engine used for this DB cluster. Engine *string `type:"string"` - // The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, - // global, or multimaster. + // The DB engine mode of the DB cluster, either provisioned or serverless. // // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). EngineMode *string `type:"string"` - // Indicates the database engine version. + // The version of the database engine. EngineVersion *string `type:"string"` - // Specifies whether you have requested to enable write forwarding for a secondary - // cluster in an Aurora global database. Because write forwarding takes time - // to enable, check the value of GlobalWriteForwardingStatus to confirm that - // the request has completed before using the write forwarding feature for this - // cluster. + // Specifies whether write forwarding is enabled for a secondary cluster in + // an Aurora global database. Because write forwarding takes time to enable, + // check the value of GlobalWriteForwardingStatus to confirm that the request + // has completed before using the write forwarding feature for this cluster. GlobalWriteForwardingRequested *bool `type:"boolean"` - // Specifies whether a secondary cluster in an Aurora global database has write - // forwarding enabled, not enabled, or is in the process of enabling it. + // The status of write forwarding for a secondary cluster in an Aurora global + // database. GlobalWriteForwardingStatus *string `type:"string" enum:"WriteForwardingStatus"` - // Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. + // The ID that Amazon Route 53 assigns when you create a hosted zone. HostedZoneId *string `type:"string"` - // A value that indicates whether the HTTP endpoint for an Aurora Serverless - // v1 DB cluster is enabled. + // Indicates whether the HTTP endpoint for an Aurora Serverless v1 DB cluster + // is enabled. // // When enabled, the HTTP endpoint provides a connectionless web service API // for running SQL queries on the Aurora Serverless v1 DB cluster. You can also @@ -24710,10 +24700,16 @@ type DBCluster struct { // in the Amazon Aurora User Guide. HttpEndpointEnabled *bool `type:"boolean"` - // A value that indicates whether the mapping of Amazon Web Services Identity - // and Access Management (IAM) accounts to database accounts is enabled. + // Indicates whether the mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts is enabled. IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` + // The next time you can modify the DB cluster to use the aurora-iopt1 storage + // type. + // + // This setting is only for Aurora DB clusters. + IOOptimizedNextAllowedModificationTime *time.Time `type:"timestamp"` + // The Provisioned IOPS (I/O operations per second) value. // // This setting is only for non-Aurora Multi-AZ DB clusters. @@ -24726,12 +24722,11 @@ type DBCluster struct { // ARN, or alias name for the KMS key. KmsKeyId *string `type:"string"` - // Specifies the latest time to which a database can be restored with point-in-time - // restore. + // The latest time to which a database can be restored with point-in-time restore. LatestRestorableTime *time.Time `type:"timestamp"` - // Contains the secret managed by RDS in Amazon Web Services Secrets Manager - // for the master user password. + // The secret managed by RDS in Amazon Web Services Secrets Manager for the + // master user password. // // For more information, see Password management with Amazon Web Services Secrets // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) @@ -24740,7 +24735,7 @@ type DBCluster struct { // in the Amazon Aurora User Guide. MasterUserSecret *MasterUserSecret `type:"structure"` - // Contains the master username for the DB cluster. + // The master username for the DB cluster. MasterUsername *string `type:"string"` // The interval, in seconds, between points when Enhanced Monitoring metrics @@ -24755,17 +24750,11 @@ type DBCluster struct { // This setting is only for non-Aurora Multi-AZ DB clusters. MonitoringRoleArn *string `type:"string"` - // Specifies whether the DB cluster has instances in multiple Availability Zones. + // Indicates whether the DB cluster has instances in multiple Availability Zones. MultiAZ *bool `type:"boolean"` // The network type of the DB instance. // - // Valid values: - // - // * IPV4 - // - // * DUAL - // // The network type is determined by the DBSubnetGroup specified for the DB // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and // the IPv6 protocols (DUAL). @@ -24774,18 +24763,19 @@ type DBCluster struct { // in the Amazon Aurora User Guide. // // This setting is only for Aurora DB clusters. + // + // Valid Values: IPV4 | DUAL NetworkType *string `type:"string"` - // A value that specifies that changes to the DB cluster are pending. This element - // is only included when changes are pending. Specific changes are identified + // Information about pending changes to the DB cluster. This information is + // returned only when there are pending changes. Specific changes are identified // by subelements. PendingModifiedValues *ClusterPendingModifiedValues `type:"structure"` - // Specifies the progress of the operation as a percentage. + // The progress of the operation as a percentage. PercentProgress *string `type:"string"` - // True if Performance Insights is enabled for the DB cluster, and otherwise - // false. + // Indicates whether Performance Insights is enabled for the DB cluster. // // This setting is only for non-Aurora Multi-AZ DB clusters. PerformanceInsightsEnabled *bool `type:"boolean"` @@ -24799,52 +24789,46 @@ type DBCluster struct { // This setting is only for non-Aurora Multi-AZ DB clusters. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 + // The number of days to retain Performance Insights data. // - // For example, the following values are valid: + // This setting is only for non-Aurora Multi-AZ DB clusters. // - // * 93 (3 months * 31) + // Valid Values: // - // * 341 (11 months * 31) + // * 7 // - // * 589 (19 months * 31) + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) // // * 731 // - // This setting is only for non-Aurora Multi-AZ DB clusters. + // Default: 7 days PerformanceInsightsRetentionPeriod *int64 `type:"integer"` - // Specifies the port that the database engine is listening on. + // The port that the database engine is listening on. Port *int64 `type:"integer"` - // Specifies the daily time range during which automated backups are created - // if automated backups are enabled, as determined by the BackupRetentionPeriod. + // The daily time range during which automated backups are created if automated + // backups are enabled, as determined by the BackupRetentionPeriod. PreferredBackupWindow *string `type:"string"` - // Specifies the weekly time range during which system maintenance can occur, - // in Universal Coordinated Time (UTC). + // The weekly time range during which system maintenance can occur, in Universal + // Coordinated Time (UTC). PreferredMaintenanceWindow *string `type:"string"` - // Specifies the accessibility options for the DB instance. + // Indicates whether the DB cluster is publicly accessible. // - // When the DB instance is publicly accessible, its Domain Name System (DNS) - // endpoint resolves to the private IP address from within the DB instance's + // When the DB cluster is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB cluster's // virtual private cloud (VPC). It resolves to the public IP address from outside - // of the DB instance's VPC. Access to the DB instance is ultimately controlled - // by the security group it uses. That public access is not permitted if the - // security group assigned to the DB instance doesn't permit it. + // of the DB cluster's VPC. Access to the DB cluster is ultimately controlled + // by the security group it uses. That public access isn't permitted if the + // security group assigned to the DB cluster doesn't permit it. // - // When the DB instance isn't publicly accessible, it is an internal DB instance + // When the DB cluster isn't publicly accessible, it is an internal DB cluster // with a DNS name that resolves to a private IP address. // - // For more information, see CreateDBInstance. + // For more information, see CreateDBCluster. // // This setting is only for non-Aurora Multi-AZ DB clusters. PubliclyAccessible *bool `type:"boolean"` @@ -24866,39 +24850,36 @@ type DBCluster struct { // then reconnect to the reader endpoint. ReaderEndpoint *string `type:"string"` - // Contains the identifier of the source DB cluster if this DB cluster is a - // read replica. + // The identifier of the source DB cluster if this DB cluster is a read replica. ReplicationSourceIdentifier *string `type:"string"` - // Shows the scaling configuration for an Aurora DB cluster in serverless DB - // engine mode. + // The scaling configuration for an Aurora DB cluster in serverless DB engine + // mode. // // For more information, see Using Amazon Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) // in the Amazon Aurora User Guide. ScalingConfigurationInfo *ScalingConfigurationInfo `type:"structure"` - // Shows the scaling configuration for an Aurora Serverless v2 DB cluster. + // The scaling configuration for an Aurora Serverless v2 DB cluster. // // For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) // in the Amazon Aurora User Guide. ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfigurationInfo `type:"structure"` - // Specifies the current state of this DB cluster. + // The current state of this DB cluster. Status *string `type:"string"` - // Specifies whether the DB cluster is encrypted. + // Indicates whether the DB cluster is encrypted. StorageEncrypted *bool `type:"boolean"` // The storage type associated with the DB cluster. - // - // This setting is only for non-Aurora Multi-AZ DB clusters. StorageType *string `type:"string"` // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. TagList []*Tag `locationNameList:"Tag" type:"list"` - // Provides a list of VPC security groups that the DB cluster belongs to. + // The list of VPC security groups that the DB cluster belongs to. VpcSecurityGroups []*VpcSecurityGroupMembership `locationNameList:"VpcSecurityGroupMembership" type:"list"` } @@ -25178,6 +25159,12 @@ func (s *DBCluster) SetIAMDatabaseAuthenticationEnabled(v bool) *DBCluster { return s } +// SetIOOptimizedNextAllowedModificationTime sets the IOOptimizedNextAllowedModificationTime field's value. +func (s *DBCluster) SetIOOptimizedNextAllowedModificationTime(v time.Time) *DBCluster { + s.IOOptimizedNextAllowedModificationTime = &v + return s +} + // SetIops sets the Iops field's value. func (s *DBCluster) SetIops(v int64) *DBCluster { s.Iops = &v @@ -25843,6 +25830,11 @@ type DBClusterSnapshot struct { // Specifies whether the DB cluster snapshot is encrypted. StorageEncrypted *bool `type:"boolean"` + // The storage type associated with the DB cluster snapshot. + // + // This setting is only for Aurora DB clusters. + StorageType *string `type:"string"` + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. TagList []*Tag `locationNameList:"Tag" type:"list"` @@ -25995,6 +25987,12 @@ func (s *DBClusterSnapshot) SetStorageEncrypted(v bool) *DBClusterSnapshot { return s } +// SetStorageType sets the StorageType field's value. +func (s *DBClusterSnapshot) SetStorageType(v string) *DBClusterSnapshot { + s.StorageType = &v + return s +} + // SetTagList sets the TagList field's value. func (s *DBClusterSnapshot) SetTagList(v []*Tag) *DBClusterSnapshot { s.TagList = v @@ -26486,14 +26484,14 @@ type DBInstance struct { // The status of the database activity stream. ActivityStreamStatus *string `type:"string" enum:"ActivityStreamStatus"` - // Specifies the allocated storage size specified in gibibytes (GiB). + // The amount of storage in gibibytes (GiB) allocated for the DB instance. AllocatedStorage *int64 `type:"integer"` // The Amazon Web Services Identity and Access Management (IAM) roles associated // with the DB instance. AssociatedRoles []*DBInstanceRole `locationNameList:"DBInstanceRole" type:"list"` - // A value that indicates that minor version patches are applied automatically. + // Indicates whether minor version patches are applied automatically. AutoMinorVersionUpgrade *bool `type:"boolean"` // The time when a stopped DB instance is restarted automatically. @@ -26504,17 +26502,17 @@ type DBInstance struct { // paused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes. AutomationMode *string `type:"string" enum:"AutomationMode"` - // Specifies the name of the Availability Zone the DB instance is located in. + // The name of the Availability Zone where the DB instance is located. AvailabilityZone *string `type:"string"` // The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services // Backup. AwsBackupRecoveryPointArn *string `type:"string"` - // Specifies the number of days for which automatic DB snapshots are retained. + // The number of days for which automatic DB snapshots are retained. BackupRetentionPeriod *int64 `type:"integer"` - // Specifies where automated backups and manual snapshots are stored: Amazon + // The location where automated backups and manual snapshots are stored: Amazon // Web Services Outposts or the Amazon Web Services Region. BackupTarget *string `type:"string"` @@ -26534,14 +26532,13 @@ type DBInstance struct { // associated with. CharacterSetName *string `type:"string"` - // Specifies whether tags are copied from the DB instance to snapshots of the + // Indicates whether tags are copied from the DB instance to snapshots of the // DB instance. // - // Amazon Aurora - // - // Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting - // this value for an Aurora DB instance has no effect on the DB cluster setting. - // For more information, see DBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. Copying tags to + // snapshots is managed by the DB cluster. Setting this value for an Aurora + // DB instance has no effect on the DB cluster setting. For more information, + // see DBCluster. CopyTagsToSnapshot *bool `type:"boolean"` // The instance profile associated with the underlying Amazon EC2 instance of @@ -26560,7 +26557,7 @@ type DBInstance struct { // in the Amazon RDS User Guide. CustomIamInstanceProfile *string `type:"string"` - // Specifies whether a customer-owned IP address (CoIP) is enabled for an RDS + // Indicates whether a customer-owned IP address (CoIP) is enabled for an RDS // on Outposts DB instance. // // A CoIP provides local or external connectivity to resources in your Outpost @@ -26576,7 +26573,7 @@ type DBInstance struct { // in the Amazon Web Services Outposts User Guide. CustomerOwnedIpEnabled *bool `type:"boolean"` - // If the DB instance is a member of a DB cluster, contains the name of the + // If the DB instance is a member of a DB cluster, indicates the name of the // DB cluster that the DB instance is a member of. DBClusterIdentifier *string `type:"string"` @@ -26586,54 +26583,49 @@ type DBInstance struct { // The list of replicated automated backups associated with the DB instance. DBInstanceAutomatedBackupsReplications []*DBInstanceAutomatedBackupsReplication `locationNameList:"DBInstanceAutomatedBackupsReplication" type:"list"` - // Contains the name of the compute and memory capacity class of the DB instance. + // The name of the compute and memory capacity class of the DB instance. DBInstanceClass *string `type:"string"` - // Contains a user-supplied database identifier. This identifier is the unique - // key that identifies a DB instance. + // The user-supplied database identifier. This identifier is the unique key + // that identifies a DB instance. DBInstanceIdentifier *string `type:"string"` - // Specifies the current state of this database. + // The current state of this database. // // For information about DB instance statuses, see Viewing DB instance status // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/accessing-monitoring.html#Overview.DBInstance.Status) // in the Amazon RDS User Guide. DBInstanceStatus *string `type:"string"` - // The meaning of this parameter differs according to the database engine you - // use. - // - // MySQL, MariaDB, SQL Server, PostgreSQL - // - // Contains the name of the initial database of this instance that was provided - // at create time, if one was specified when the DB instance was created. This - // same name is returned for the life of the DB instance. + // The meaning of this parameter differs depending on the database engine. // - // Type: String + // * For RDS for MariaDB, Microsoft SQL Server, MySQL, and PostgreSQL - The + // name of the initial database specified for this DB instance when it was + // created, if one was provided. This same name is returned for the life + // of the DB instance. // - // Oracle - // - // Contains the Oracle System ID (SID) of the created DB instance. Not shown - // when the returned parameters do not apply to an Oracle DB instance. + // * For RDS for Oracle - The Oracle System ID (SID) of the created DB instance. + // This value is only returned when the object returned is an Oracle DB instance. DBName *string `type:"string"` - // Provides the list of DB parameter groups applied to this DB instance. + // The list of DB parameter groups applied to this DB instance. DBParameterGroups []*DBParameterGroupStatus `locationNameList:"DBParameterGroup" type:"list"` // A list of DB security group elements containing DBSecurityGroup.Name and // DBSecurityGroup.Status subelements. DBSecurityGroups []*DBSecurityGroupMembership `locationNameList:"DBSecurityGroup" type:"list"` - // Specifies information on the subnet group associated with the DB instance, - // including the name, description, and subnets in the subnet group. + // Information about the subnet group associated with the DB instance, including + // the name, description, and subnets in the subnet group. DBSubnetGroup *DBSubnetGroup `type:"structure"` // The Oracle system ID (Oracle SID) for a container database (CDB). The Oracle - // SID is also the name of the CDB. This setting is valid for RDS Custom only. + // SID is also the name of the CDB. This setting is only valid for RDS Custom + // DB instances. DBSystemId *string `type:"string"` - // Specifies the port that the DB instance listens on. If the DB instance is - // part of a DB cluster, this can be a different port than the DB cluster port. + // The port that the DB instance listens on. If the DB instance is part of a + // DB cluster, this can be a different port than the DB cluster port. DbInstancePort *int64 `type:"integer"` // The Amazon Web Services Region-unique, immutable identifier for the DB instance. @@ -26641,7 +26633,7 @@ type DBInstance struct { // the Amazon Web Services KMS key for the DB instance is accessed. DbiResourceId *string `type:"string"` - // Indicates if the DB instance has deletion protection enabled. The database + // Indicates whether the DB instance has deletion protection enabled. The database // can't be deleted when deletion protection is enabled. For more information, // see Deleting a DB Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). DeletionProtection *bool `type:"boolean"` @@ -26653,71 +26645,67 @@ type DBInstance struct { // Logs. // // Log types vary by DB engine. For information about the log types for each - // DB engine, see Amazon RDS Database Log Files (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html) + // DB engine, see Monitoring Amazon RDS log files (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html) // in the Amazon RDS User Guide. EnabledCloudwatchLogsExports []*string `type:"list"` - // Specifies the connection endpoint. + // The connection endpoint for the DB instance. // - // The endpoint might not be shown for instances whose status is creating. + // The endpoint might not be shown for instances with the status of creating. Endpoint *Endpoint `type:"structure"` - // The name of the database engine to be used for this DB instance. + // The database engine used for this DB instance. Engine *string `type:"string"` - // Indicates the database engine version. + // The version of the database engine. EngineVersion *string `type:"string"` // The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log stream that // receives the Enhanced Monitoring metrics data for the DB instance. EnhancedMonitoringResourceArn *string `type:"string"` - // True if mapping of Amazon Web Services Identity and Access Management (IAM) - // accounts to database accounts is enabled, and otherwise false. - // - // IAM database authentication can be enabled for the following database engines - // - // * For MySQL 5.6, minor version 5.6.34 or higher - // - // * For MySQL 5.7, minor version 5.7.16 or higher + // Indicates whether mapping of Amazon Web Services Identity and Access Management + // (IAM) accounts to database accounts is enabled for the DB instance. // - // * Aurora 5.6 or higher. To enable IAM database authentication for Aurora, - // see DBCluster Type. + // For a list of engine versions that support IAM database authentication, see + // IAM database authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RDS_Fea_Regions_DB-eng.Feature.IamDatabaseAuthentication.html) + // in the Amazon RDS User Guide and IAM database authentication in Aurora (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.Aurora_Fea_Regions_DB-eng.Feature.IAMdbauth.html) + // in the Amazon Aurora User Guide. IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` - // Provides the date and time the DB instance was created. + // The date and time when the DB instance was created. InstanceCreateTime *time.Time `type:"timestamp"` - // Specifies the Provisioned IOPS (I/O operations per second) value. + // The Provisioned IOPS (I/O operations per second) value for the DB instance. Iops *int64 `type:"integer"` - // If StorageEncrypted is true, the Amazon Web Services KMS key identifier for - // the encrypted DB instance. + // If StorageEncrypted is enabled, the Amazon Web Services KMS key identifier + // for the encrypted DB instance. // // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias // ARN, or alias name for the KMS key. KmsKeyId *string `type:"string"` - // Specifies the latest time to which a database can be restored with point-in-time - // restore. + // The latest time to which a database in this DB instance can be restored with + // point-in-time restore. LatestRestorableTime *time.Time `type:"timestamp"` - // License model information for this DB instance. This setting doesn't apply - // to RDS Custom. + // The license model information for this DB instance. This setting doesn't + // apply to RDS Custom DB instances. LicenseModel *string `type:"string"` - // Specifies the listener connection endpoint for SQL Server Always On. + // The listener connection endpoint for SQL Server Always On. ListenerEndpoint *Endpoint `type:"structure"` - // Contains the secret managed by RDS in Amazon Web Services Secrets Manager - // for the master user password. + // The secret managed by RDS in Amazon Web Services Secrets Manager for the + // master user password. // // For more information, see Password management with Amazon Web Services Secrets // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) // in the Amazon RDS User Guide. MasterUserSecret *MasterUserSecret `type:"structure"` - // Contains the master username for the DB instance. + // The master username for the DB instance. MasterUsername *string `type:"string"` // The upper limit in gibibytes (GiB) to which Amazon RDS can automatically @@ -26732,8 +26720,8 @@ type DBInstance struct { // to Amazon CloudWatch Logs. MonitoringRoleArn *string `type:"string"` - // Specifies if the DB instance is a Multi-AZ deployment. This setting doesn't - // apply to RDS Custom. + // Indicates whether the DB instance is a Multi-AZ deployment. This setting + // doesn't apply to RDS Custom DB instances. MultiAZ *bool `type:"boolean"` // The name of the NCHAR character set for the Oracle DB instance. This character @@ -26743,12 +26731,6 @@ type DBInstance struct { // The network type of the DB instance. // - // Valid values: - // - // * IPV4 - // - // * DUAL - // // The network type is determined by the DBSubnetGroup specified for the DB // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 // and the IPv6 protocols (DUAL). @@ -26756,18 +26738,19 @@ type DBInstance struct { // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) // in the Amazon RDS User Guide and Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) // in the Amazon Aurora User Guide. + // + // Valid Values: IPV4 | DUAL NetworkType *string `type:"string"` - // Provides the list of option group memberships for this DB instance. + // The list of option group memberships for this DB instance. OptionGroupMemberships []*OptionGroupMembership `locationNameList:"OptionGroupMembership" type:"list"` - // A value that specifies that changes to the DB instance are pending. This - // element is only included when changes are pending. Specific changes are identified + // Information about pending changes to the DB instance. This information is + // returned only when there are pending changes. Specific changes are identified // by subelements. PendingModifiedValues *PendingModifiedValues `type:"structure"` - // True if Performance Insights is enabled for the DB instance, and otherwise - // false. + // Indicates whether Performance Insights is enabled for the DB instance. PerformanceInsightsEnabled *bool `type:"boolean"` // The Amazon Web Services KMS key identifier for encryption of Performance @@ -26777,45 +26760,39 @@ type DBInstance struct { // ARN, or alias name for the KMS key. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: + // The number of days to retain Performance Insights data. + // + // Valid Values: // // * 7 // - // * month * 31, where month is a number of months from 1-23 + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) // // * 731 // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 + // Default: 7 days PerformanceInsightsRetentionPeriod *int64 `type:"integer"` - // Specifies the daily time range during which automated backups are created - // if automated backups are enabled, as determined by the BackupRetentionPeriod. + // The daily time range during which automated backups are created if automated + // backups are enabled, as determined by the BackupRetentionPeriod. PreferredBackupWindow *string `type:"string"` - // Specifies the weekly time range during which system maintenance can occur, - // in Universal Coordinated Time (UTC). + // The weekly time range during which system maintenance can occur, in Universal + // Coordinated Time (UTC). PreferredMaintenanceWindow *string `type:"string"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that specifies the order in which an Aurora Replica is promoted to - // the primary instance after a failure of the existing primary instance. For - // more information, see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) + // The order of priority in which an Aurora Replica is promoted to the primary + // instance after a failure of the existing primary instance. For more information, + // see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) // in the Amazon Aurora User Guide. PromotionTier *int64 `type:"integer"` - // Specifies the accessibility options for the DB instance. + // Indicates whether the DB instance is publicly accessible. // // When the DB cluster is publicly accessible, its Domain Name System (DNS) // endpoint resolves to the private IP address from within the DB cluster's @@ -26830,21 +26807,22 @@ type DBInstance struct { // For more information, see CreateDBInstance. PubliclyAccessible *bool `type:"boolean"` - // Contains one or more identifiers of Aurora DB clusters to which the RDS DB - // instance is replicated as a read replica. For example, when you create an - // Aurora read replica of an RDS for MySQL DB instance, the Aurora MySQL DB - // cluster for the Aurora read replica is shown. This output doesn't contain - // information about cross-Region Aurora read replicas. + // The identifiers of Aurora DB clusters to which the RDS DB instance is replicated + // as a read replica. For example, when you create an Aurora read replica of + // an RDS for MySQL DB instance, the Aurora MySQL DB cluster for the Aurora + // read replica is shown. This output doesn't contain information about cross-Region + // Aurora read replicas. // // Currently, each RDS DB instance can have only one Aurora read replica. ReadReplicaDBClusterIdentifiers []*string `locationNameList:"ReadReplicaDBClusterIdentifier" type:"list"` - // Contains one or more identifiers of the read replicas associated with this - // DB instance. + // The identifiers of the read replicas associated with this DB instance. ReadReplicaDBInstanceIdentifiers []*string `locationNameList:"ReadReplicaDBInstanceIdentifier" type:"list"` - // Contains the identifier of the source DB instance if this DB instance is - // a read replica. + // The identifier of the source DB cluster if this DB instance is a read replica. + ReadReplicaSourceDBClusterIdentifier *string `type:"string"` + + // The identifier of the source DB instance if this DB instance is a read replica. ReadReplicaSourceDBInstanceIdentifier *string `type:"string"` // The open mode of an Oracle read replica. The default is open-read-only. For @@ -26863,19 +26841,19 @@ type DBInstance struct { // instance with multi-AZ support. SecondaryAvailabilityZone *string `type:"string"` - // The status of a read replica. If the instance isn't a read replica, this - // is blank. + // The status of a read replica. If the DB instance isn't a read replica, the + // value is blank. StatusInfos []*DBInstanceStatusInfo `locationNameList:"DBInstanceStatusInfo" type:"list"` - // Specifies whether the DB instance is encrypted. + // Indicates whether the DB instance is encrypted. StorageEncrypted *bool `type:"boolean"` - // Specifies the storage throughput for the DB instance. + // The storage throughput for the DB instance. // // This setting applies only to the gp3 storage type. StorageThroughput *int64 `type:"integer"` - // Specifies the storage type associated with the DB instance. + // The storage type associated with the DB instance. StorageType *string `type:"string"` // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) @@ -26891,8 +26869,7 @@ type DBInstance struct { // that were created with a time zone specified. Timezone *string `type:"string"` - // Provides a list of VPC security group elements that the DB instance belongs - // to. + // The list of Amazon EC2 VPC security groups that the DB instance belongs to. VpcSecurityGroups []*VpcSecurityGroupMembership `locationNameList:"VpcSecurityGroupMembership" type:"list"` } @@ -27322,6 +27299,12 @@ func (s *DBInstance) SetReadReplicaDBInstanceIdentifiers(v []*string) *DBInstanc return s } +// SetReadReplicaSourceDBClusterIdentifier sets the ReadReplicaSourceDBClusterIdentifier field's value. +func (s *DBInstance) SetReadReplicaSourceDBClusterIdentifier(v string) *DBInstance { + s.ReadReplicaSourceDBClusterIdentifier = &v + return s +} + // SetReadReplicaSourceDBInstanceIdentifier sets the ReadReplicaSourceDBInstanceIdentifier field's value. func (s *DBInstance) SetReadReplicaSourceDBInstanceIdentifier(v string) *DBInstance { s.ReadReplicaSourceDBInstanceIdentifier = &v @@ -29253,6 +29236,8 @@ type DeleteBlueGreenDeploymentInput struct { BlueGreenDeploymentIdentifier *string `min:"1" type:"string" required:"true"` // A value that indicates whether to delete the resources in the green environment. + // You can't specify this option if the blue/green deployment status (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_BlueGreenDeployment.html) + // is SWITCHOVER_COMPLETED. DeleteTarget *bool `type:"boolean"` } @@ -29342,7 +29327,8 @@ func (s *DeleteBlueGreenDeploymentOutput) SetBlueGreenDeployment(v *BlueGreenDep type DeleteCustomDBEngineVersionInput struct { _ struct{} `type:"structure"` - // The database engine. The only supported engine is custom-oracle-ee. + // The database engine. The only supported engines are custom-oracle-ee and + // custom-oracle-ee-cdb. // // Engine is a required field Engine *string `min:"1" type:"string" required:"true"` @@ -31600,8 +31586,7 @@ type DescribeDBClusterBacktracksInput struct { // Constraints: // // * Must contain a valid universally unique identifier (UUID). For more - // information about UUIDs, see A Universally Unique Identifier (UUID) URN - // Namespace (http://www.ietf.org/rfc/rfc4122.txt). + // information about UUIDs, see Universally unique identifier (https://en.wikipedia.org/wiki/Universally_unique_identifier). // // Example: 123e4567-e89b-12d3-a456-426655440000 BacktrackIdentifier *string `type:"string"` @@ -32504,17 +32489,17 @@ type DescribeDBClustersInput struct { _ struct{} `type:"structure"` // The user-supplied DB cluster identifier or the Amazon Resource Name (ARN) - // of the DB cluster. If this parameter is specified, information from only - // the specific DB cluster is returned. This parameter isn't case-sensitive. + // of the DB cluster. If this parameter is specified, information for only the + // specific DB cluster is returned. This parameter isn't case-sensitive. // // Constraints: // - // * If supplied, must match an existing DBClusterIdentifier. + // * If supplied, must match an existing DB cluster identifier. DBClusterIdentifier *string `type:"string"` // A filter that specifies one or more DB clusters to describe. // - // Supported filters: + // Supported Filters: // // * clone-group-id - Accepts clone group identifiers. The results list only // includes information about the DB clusters associated with these clone @@ -32524,6 +32509,10 @@ type DescribeDBClustersInput struct { // Resource Names (ARNs). The results list only includes information about // the DB clusters identified by these ARNs. // + // * db-cluster-resource-id - Accepts DB cluster resource identifiers. The + // results list will only include information about the DB clusters identified + // by these DB cluster resource identifiers. + // // * domain - Accepts Active Directory directory IDs. The results list only // includes information about the DB clusters associated with these domains. // @@ -32531,8 +32520,8 @@ type DescribeDBClustersInput struct { // about the DB clusters for these engines. Filters []*Filter `locationNameList:"Filter" type:"list"` - // Optional Boolean parameter that specifies whether the output includes information - // about clusters shared from other Amazon Web Services accounts. + // Specifies whether the output includes information about clusters shared from + // other Amazon Web Services accounts. IncludeShared *bool `type:"boolean"` // An optional pagination token provided by a previous DescribeDBClusters request. @@ -32678,12 +32667,12 @@ type DescribeDBEngineVersionsInput struct { // // Valid Values: // - // * aurora (for MySQL 5.6-compatible Aurora) - // - // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + // * aurora-mysql // // * aurora-postgresql // + // * custom-oracle-ee + // // * mariadb // // * mysql @@ -33097,12 +33086,12 @@ type DescribeDBInstancesInput struct { // // Constraints: // - // * If supplied, must match the identifier of an existing DBInstance. + // * If supplied, must match the identifier of an existing DB instance. DBInstanceIdentifier *string `type:"string"` // A filter that specifies one or more DB instances to describe. // - // Supported filters: + // Supported Filters: // // * db-cluster-id - Accepts DB cluster identifiers and DB cluster Amazon // Resource Names (ARNs). The results list only includes information about @@ -33113,8 +33102,8 @@ type DescribeDBInstancesInput struct { // the DB instances identified by these ARNs. // // * dbi-resource-id - Accepts DB instance resource identifiers. The results - // list will only include information about the DB instances identified by - // these DB instance resource identifiers. + // list only includes information about the DB instances identified by these + // DB instance resource identifiers. // // * domain - Accepts Active Directory directory IDs. The results list only // includes information about the DB instances associated with these domains. @@ -35035,8 +35024,6 @@ type DescribeEngineDefaultParametersInput struct { // // Valid Values: // - // * aurora5.6 - // // * aurora-mysql5.7 // // * aurora-mysql8.0 @@ -35688,21 +35675,22 @@ func (s *DescribeEventsOutput) SetMarker(v string) *DescribeEventsOutput { type DescribeExportTasksInput struct { _ struct{} `type:"structure"` - // The identifier of the snapshot export task to be described. + // The identifier of the snapshot or cluster export task to be described. ExportTaskIdentifier *string `type:"string"` - // Filters specify one or more snapshot exports to describe. The filters are - // specified as name-value pairs that define what to include in the output. - // Filter names and values are case-sensitive. + // Filters specify one or more snapshot or cluster exports to describe. The + // filters are specified as name-value pairs that define what to include in + // the output. Filter names and values are case-sensitive. // // Supported filters include the following: // - // * export-task-identifier - An identifier for the snapshot export task. + // * export-task-identifier - An identifier for the snapshot or cluster export + // task. // - // * s3-bucket - The Amazon S3 bucket the snapshot is exported to. + // * s3-bucket - The Amazon S3 bucket the data is exported to. // - // * source-arn - The Amazon Resource Name (ARN) of the snapshot exported - // to Amazon S3 + // * source-arn - The Amazon Resource Name (ARN) of the snapshot or cluster + // exported to Amazon S3. // // * status - The status of the export task. Must be lowercase. Valid statuses // are the following: canceled canceling complete failed in_progress starting @@ -35723,7 +35711,8 @@ type DescribeExportTasksInput struct { // Constraints: Minimum 20, maximum 100. MaxRecords *int64 `min:"20" type:"integer"` - // The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster exported to Amazon + // S3. SourceArn *string `type:"string"` // The type of source for the export. @@ -35810,7 +35799,7 @@ func (s *DescribeExportTasksInput) SetSourceType(v string) *DescribeExportTasksI type DescribeExportTasksOutput struct { _ struct{} `type:"structure"` - // Information about an export of a snapshot to Amazon S3. + // Information about an export of a snapshot or cluster to Amazon S3. ExportTasks []*ExportTask `locationNameList:"ExportTask" type:"list"` // A pagination token that can be used in a later DescribeExportTasks request. @@ -36345,12 +36334,12 @@ type DescribeOrderableDBInstanceOptionsInput struct { // // Valid Values: // - // * aurora (for MySQL 5.6-compatible Aurora) - // - // * aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + // * aurora-mysql // // * aurora-postgresql // + // * custom-oracle-ee + // // * mariadb // // * mysql @@ -37990,75 +37979,90 @@ func (s *EventSubscription) SetSubscriptionCreationTime(v string) *EventSubscrip return s } -// Contains the details of a snapshot export to Amazon S3. +// Contains the details of a snapshot or cluster export to Amazon S3. // // This data type is used as a response element in the DescribeExportTasks action. type ExportTask struct { _ struct{} `type:"structure"` - // The data exported from the snapshot. Valid values are the following: + // The data exported from the snapshot or cluster. Valid values are the following: // // * database - Export all the data from a specified database. // - // * database.table table-name - Export a table of the snapshot. This format - // is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL. + // * database.table table-name - Export a table of the snapshot or cluster. + // This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora + // MySQL. // - // * database.schema schema-name - Export a database schema of the snapshot. - // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. + // * database.schema schema-name - Export a database schema of the snapshot + // or cluster. This format is valid only for RDS for PostgreSQL and Aurora + // PostgreSQL. // // * database.schema.table table-name - Export a table of the database schema. // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. ExportOnly []*string `type:"list"` - // A unique identifier for the snapshot export task. This ID isn't an identifier - // for the Amazon S3 bucket where the snapshot is exported to. + // A unique identifier for the snapshot or cluster export task. This ID isn't + // an identifier for the Amazon S3 bucket where the data is exported. ExportTaskIdentifier *string `type:"string"` // The reason the export failed, if it failed. FailureCause *string `type:"string"` // The name of the IAM role that is used to write to Amazon S3 when exporting - // a snapshot. + // a snapshot or cluster. IamRoleArn *string `type:"string"` // The key identifier of the Amazon Web Services KMS key that is used to encrypt - // the snapshot when it's exported to Amazon S3. The KMS key identifier is its - // key ARN, key ID, alias ARN, or alias name. The IAM role used for the snapshot - // export must have encryption and decryption permissions to use this KMS key. + // the data when it's exported to Amazon S3. The KMS key identifier is its key + // ARN, key ID, alias ARN, or alias name. The IAM role used for the export must + // have encryption and decryption permissions to use this KMS key. KmsKeyId *string `type:"string"` - // The progress of the snapshot export task as a percentage. + // The progress of the snapshot or cluster export task as a percentage. PercentProgress *int64 `type:"integer"` - // The Amazon S3 bucket that the snapshot is exported to. + // The Amazon S3 bucket that the snapshot or cluster is exported to. S3Bucket *string `type:"string"` // The Amazon S3 bucket prefix that is the file name and path of the exported - // snapshot. + // data. S3Prefix *string `type:"string"` // The time that the snapshot was created. SnapshotTime *time.Time `type:"timestamp"` - // The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster exported to Amazon + // S3. SourceArn *string `type:"string"` // The type of source for the export. SourceType *string `type:"string" enum:"ExportSourceType"` - // The progress status of the export task. + // The progress status of the export task. The status can be one of the following: + // + // * CANCELED + // + // * CANCELING + // + // * COMPLETE + // + // * FAILED + // + // * IN_PROGRESS + // + // * STARTING Status *string `type:"string"` - // The time that the snapshot export task completed. + // The time that the snapshot or cluster export task ended. TaskEndTime *time.Time `type:"timestamp"` - // The time that the snapshot export task started. + // The time that the snapshot or cluster export task started. TaskStartTime *time.Time `type:"timestamp"` // The total amount of data exported, in gigabytes. TotalExtractedDataInGB *int64 `type:"integer"` - // A warning about the snapshot export task. + // A warning about the snapshot or cluster export task. WarningMessage *string `type:"string"` } @@ -38572,8 +38576,7 @@ type GlobalCluster struct { // is the unique key that identifies a global database cluster. GlobalClusterIdentifier *string `type:"string"` - // The list of cluster IDs for secondary clusters within the global database - // cluster. Currently limited to 1 item. + // The list of primary and secondary clusters within the global database cluster. GlobalClusterMembers []*GlobalClusterMember `locationNameList:"GlobalClusterMember" type:"list"` // The Amazon Web Services Region-unique, immutable identifier for the global @@ -39002,8 +39005,8 @@ type ModifyActivityStreamInput struct { // activity stream is unlocked or stopped. AuditPolicyState *string `type:"string" enum:"AuditPolicyState"` - // The Amazon Resource Name (ARN) of the RDS for Oracle DB instance, for example, - // arn:aws:rds:us-east-1:12345667890:instance:my-orcl-db. + // The Amazon Resource Name (ARN) of the RDS for Oracle or Microsoft SQL Server + // DB instance. For example, arn:aws:rds:us-east-1:12345667890:instance:my-orcl-db. ResourceArn *string `type:"string"` } @@ -39374,7 +39377,7 @@ type ModifyCustomDBEngineVersionInput struct { // An optional description of your CEV. Description *string `min:"1" type:"string"` - // The DB engine. The only supported value is custom-oracle-ee. + // The DB engine. The only supported values are custom-oracle-ee and custom-oracle-ee-cdb. // // Engine is a required field Engine *string `min:"1" type:"string" required:"true"` @@ -40033,89 +40036,92 @@ type ModifyDBClusterInput struct { // The amount of storage in gibibytes (GiB) to allocate to each DB instance // in the Multi-AZ DB cluster. // - // Type: Integer - // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only AllocatedStorage *int64 `type:"integer"` - // A value that indicates whether major version upgrades are allowed. + // Specifies whether engine mode changes from serverless to provisioned are + // allowed. // - // Constraints: You must allow major version upgrades when specifying a value - // for the EngineVersion parameter that is a different major version than the - // DB cluster's current version. + // Valid for Cluster Type: Aurora Serverless v1 DB clusters only // - // Valid for: Aurora DB clusters only + // Constraints: + // + // * You must allow engine mode changes when specifying a different value + // for the EngineMode parameter from the DB cluster's current engine mode. + AllowEngineModeChange *bool `type:"boolean"` + + // Specifies whether major version upgrades are allowed. + // + // Valid for Cluster Type: Aurora DB clusters only + // + // Constraints: + // + // * You must allow major version upgrades when specifying a value for the + // EngineVersion parameter that is a different major version than the DB + // cluster's current version. AllowMajorVersionUpgrade *bool `type:"boolean"` - // A value that indicates whether the modifications in this request and any - // pending modifications are asynchronously applied as soon as possible, regardless - // of the PreferredMaintenanceWindow setting for the DB cluster. If this parameter - // is disabled, changes to the DB cluster are applied during the next maintenance - // window. - // - // The ApplyImmediately parameter only affects the EnableIAMDatabaseAuthentication, - // MasterUserPassword, and NewDBClusterIdentifier values. If the ApplyImmediately - // parameter is disabled, then changes to the EnableIAMDatabaseAuthentication, - // MasterUserPassword, and NewDBClusterIdentifier values are applied during - // the next maintenance window. All other changes are applied immediately, regardless - // of the value of the ApplyImmediately parameter. + // Specifies whether the modifications in this request and any pending modifications + // are asynchronously applied as soon as possible, regardless of the PreferredMaintenanceWindow + // setting for the DB cluster. If this parameter is disabled, changes to the + // DB cluster are applied during the next maintenance window. + // + // Most modifications can be applied immediately or during the next scheduled + // maintenance window. Some modifications, such as turning on deletion protection + // and changing the master password, are applied immediately—regardless of + // when you choose to apply them. // // By default, this parameter is disabled. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters ApplyImmediately *bool `type:"boolean"` - // A value that indicates whether minor engine upgrades are applied automatically - // to the DB cluster during the maintenance window. By default, minor engine - // upgrades are applied automatically. + // Specifies whether minor engine upgrades are applied automatically to the + // DB cluster during the maintenance window. By default, minor engine upgrades + // are applied automatically. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only AutoMinorVersionUpgrade *bool `type:"boolean"` // The target backtrack window, in seconds. To disable backtracking, set this // value to 0. // + // Valid for Cluster Type: Aurora MySQL DB clusters only + // // Default: 0 // // Constraints: // // * If specified, this value must be set to a number from 0 to 259,200 (72 // hours). - // - // Valid for: Aurora MySQL DB clusters only BacktrackWindow *int64 `type:"long"` // The number of days for which automated backups are retained. Specify a minimum // value of 1. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Default: 1 // // Constraints: // - // * Must be a value from 1 to 35 - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // * Must be a value from 1 to 35. BackupRetentionPeriod *int64 `type:"integer"` // The configuration setting for the log types to be enabled for export to CloudWatch - // Logs for a specific DB cluster. The values in the list depend on the DB engine - // being used. - // - // RDS for MySQL - // - // Possible values are error, general, and slowquery. + // Logs for a specific DB cluster. // - // RDS for PostgreSQL + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Possible values are postgresql and upgrade. + // The following values are valid for each DB engine: // - // Aurora MySQL + // * Aurora MySQL - audit | error | general | slowquery // - // Possible values are audit, error, general, and slowquery. + // * Aurora PostgreSQL - postgresql // - // Aurora PostgreSQL + // * RDS for MySQL - error | general | slowquery // - // Possible value is postgresql. + // * RDS for PostgreSQL - postgresql | upgrade // // For more information about exporting CloudWatch Logs for Amazon RDS, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) @@ -40124,23 +40130,22 @@ type ModifyDBClusterInput struct { // For more information about exporting CloudWatch Logs for Amazon Aurora, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon Aurora User Guide. - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters CloudwatchLogsExportConfiguration *CloudwatchLogsExportConfiguration `type:"structure"` - // A value that indicates whether to copy all tags from the DB cluster to snapshots - // of the DB cluster. The default is not to copy them. + // Specifies whether to copy all tags from the DB cluster to snapshots of the + // DB cluster. The default is not to copy them. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters CopyTagsToSnapshot *bool `type:"boolean"` // The DB cluster identifier for the cluster being modified. This parameter // isn't case-sensitive. // - // Constraints: This identifier must match the identifier of an existing DB - // cluster. + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Constraints: + // + // * Must match the identifier of an existing DB cluster. // // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` @@ -40153,12 +40158,12 @@ type ModifyDBClusterInput struct { // see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) // in the Amazon RDS User Guide. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only DBClusterInstanceClass *string `type:"string"` // The name of the DB cluster parameter group to use for the DB cluster. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters DBClusterParameterGroupName *string `type:"string"` // The name of the DB parameter group to apply to all instances of the DB cluster. @@ -40167,6 +40172,8 @@ type ModifyDBClusterInput struct { // the DB cluster isn't rebooted automatically. Also, parameter changes are // applied immediately rather than during the next maintenance window. // + // Valid for Cluster Type: Aurora DB clusters only + // // Default: The existing name setting // // Constraints: @@ -40176,15 +40183,13 @@ type ModifyDBClusterInput struct { // // * The DBInstanceParameterGroupName parameter is valid in combination with // the AllowMajorVersionUpgrade parameter for a major version upgrade only. - // - // Valid for: Aurora DB clusters only DBInstanceParameterGroupName *string `type:"string"` - // A value that indicates whether the DB cluster has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection isn't enabled. + // Specifies whether the DB cluster has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters DeletionProtection *bool `type:"boolean"` // The Active Directory directory ID to move the DB cluster to. Specify none @@ -40194,32 +40199,31 @@ type ModifyDBClusterInput struct { // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The name of the IAM role to use when making API calls to the Directory Service. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only DomainIAMRoleName *string `type:"string"` - // A value that indicates whether to enable this DB cluster to forward write - // operations to the primary cluster of an Aurora global database (GlobalCluster). - // By default, write operations are not allowed on Aurora DB clusters that are - // secondary clusters in an Aurora global database. + // Specifies whether to enable this DB cluster to forward write operations to + // the primary cluster of a global cluster (Aurora global database). By default, + // write operations are not allowed on Aurora DB clusters that are secondary + // clusters in an Aurora global database. // // You can set this value only on Aurora DB clusters that are members of an // Aurora global database. With this parameter enabled, a secondary cluster - // can forward writes to the current primary cluster and the resulting changes + // can forward writes to the current primary cluster, and the resulting changes // are replicated back to this cluster. For the primary DB cluster of an Aurora // global database, this value is used immediately if the primary is demoted - // by the FailoverGlobalCluster API operation, but it does nothing until then. + // by a global cluster API operation, but it does nothing until then. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only EnableGlobalWriteForwarding *bool `type:"boolean"` - // A value that indicates whether to enable the HTTP endpoint for an Aurora - // Serverless v1 DB cluster. By default, the HTTP endpoint is disabled. + // Specifies whether to enable the HTTP endpoint for an Aurora Serverless v1 + // DB cluster. By default, the HTTP endpoint is disabled. // // When enabled, the HTTP endpoint provides a connectionless web service API // for running SQL queries on the Aurora Serverless v1 DB cluster. You can also @@ -40228,39 +40232,46 @@ type ModifyDBClusterInput struct { // For more information, see Using the Data API for Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only EnableHttpEndpoint *bool `type:"boolean"` - // A value that indicates whether to enable mapping of Amazon Web Services Identity - // and Access Management (IAM) accounts to database accounts. By default, mapping - // isn't enabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // A value that indicates whether to turn on Performance Insights for the DB - // cluster. + // Specifies whether to turn on Performance Insights for the DB cluster. // // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) // in the Amazon RDS User Guide. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only EnablePerformanceInsights *bool `type:"boolean"` + // The DB engine mode of the DB cluster, either provisioned or serverless. + // + // The DB engine mode can be modified only from serverless to provisioned. + // + // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). + // + // Valid for Cluster Type: Aurora DB clusters only + EngineMode *string `type:"string"` + // The version number of the database engine to which you want to upgrade. Changing // this parameter results in an outage. The change is applied during the next // maintenance window unless ApplyImmediately is enabled. // - // To list all of the available engine versions for MySQL 5.6-compatible Aurora, - // use the following command: - // - // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion" + // If the cluster that you're modifying has one or more read replicas, all replicas + // must be running an engine version that's the same or later than the version + // you specify. // - // To list all of the available engine versions for MySQL 5.7-compatible and - // MySQL 8.0-compatible Aurora, use the following command: + // To list all of the available engine versions for Aurora MySQL, use the following + // command: // // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // @@ -40279,7 +40290,7 @@ type ModifyDBClusterInput struct { // // aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion" // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters EngineVersion *string `type:"string"` // The amount of Provisioned IOPS (input/output operations per second) to be @@ -40289,14 +40300,16 @@ type ModifyDBClusterInput struct { // storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) // in the Amazon RDS User Guide. // - // Constraints: Must be a multiple between .5 and 50 of the storage amount for - // the DB cluster. + // Valid for Cluster Type: Multi-AZ DB clusters only // - // Valid for: Multi-AZ DB clusters only + // Constraints: + // + // * Must be a multiple between .5 and 50 of the storage amount for the DB + // cluster. Iops *int64 `type:"integer"` - // A value that indicates whether to manage the master user password with Amazon - // Web Services Secrets Manager. + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. // // If the DB cluster doesn't manage the master user password with Amazon Web // Services Secrets Manager, you can turn on this management. In this case, @@ -40314,19 +40327,20 @@ type ModifyDBClusterInput struct { // Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters ManageMasterUserPassword *bool `type:"boolean"` - // The new password for the master database user. This password can contain - // any printable ASCII character except "/", """, or "@". + // The new password for the master database user. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // Constraints: // // * Must contain from 8 to 41 characters. // - // * Can't be specified if ManageMasterUserPassword is turned on. + // * Can contain any printable ASCII character except "/", """, or "@". // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // * Can't be specified if ManageMasterUserPassword is turned on. MasterUserPassword *string `type:"string"` // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically @@ -40355,19 +40369,21 @@ type ModifyDBClusterInput struct { // Web Services account has a different default KMS key for each Amazon Web // Services Region. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters MasterUserSecretKmsKeyId *string `type:"string"` // The interval, in seconds, between points when Enhanced Monitoring metrics // are collected for the DB cluster. To turn off collecting Enhanced Monitoring - // metrics, specify 0. The default is 0. + // metrics, specify 0. // // If MonitoringRoleArn is specified, also set MonitoringInterval to a value // other than 0. // - // Valid Values: 0, 1, 5, 10, 15, 30, 60 + // Valid for Cluster Type: Multi-AZ DB clusters only // - // Valid for: Multi-AZ DB clusters only + // Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60 + // + // Default: 0 MonitoringInterval *int64 `type:"integer"` // The Amazon Resource Name (ARN) for the IAM role that permits RDS to send @@ -40379,17 +40395,11 @@ type ModifyDBClusterInput struct { // If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn // value. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only MonitoringRoleArn *string `type:"string"` // The network type of the DB cluster. // - // Valid values: - // - // * IPV4 - // - // * DUAL - // // The network type is determined by the DBSubnetGroup specified for the DB // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and // the IPv6 protocols (DUAL). @@ -40397,27 +40407,28 @@ type ModifyDBClusterInput struct { // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) // in the Amazon Aurora User Guide. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only + // + // Valid Values: IPV4 | DUAL NetworkType *string `type:"string"` // The new DB cluster identifier for the DB cluster when renaming a DB cluster. // This value is stored as a lowercase string. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // - // * Must contain from 1 to 63 letters, numbers, or hyphens + // * Must contain from 1 to 63 letters, numbers, or hyphens. // - // * The first character must be a letter + // * The first character must be a letter. // - // * Can't end with a hyphen or contain two consecutive hyphens + // * Can't end with a hyphen or contain two consecutive hyphens. // // Example: my-cluster2 - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters NewDBClusterIdentifier *string `type:"string"` - // A value that indicates that the DB cluster should be associated with the - // specified option group. + // The option group to associate the DB cluster with. // // DB clusters are associated with a default option group that can't be modified. OptionGroupName *string `type:"string"` @@ -40433,41 +40444,35 @@ type ModifyDBClusterInput struct { // Web Services account. Your Amazon Web Services account has a different default // KMS key for each Amazon Web Services Region. // - // Valid for: Multi-AZ DB clusters only + // Valid for Cluster Type: Multi-AZ DB clusters only PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 + // The number of days to retain Performance Insights data. // - // For example, the following values are valid: + // Valid for Cluster Type: Multi-AZ DB clusters only // - // * 93 (3 months * 31) + // Valid Values: // - // * 341 (11 months * 31) + // * 7 // - // * 589 (19 months * 31) + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) // // * 731 // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // Default: 7 days // - // Valid for: Multi-AZ DB clusters only + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // issues an error. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // The port number on which the DB cluster accepts connections. // - // Constraints: Value must be 1150-65535 + // Valid for Cluster Type: Aurora DB clusters only // - // Default: The same port as the original DB cluster. + // Valid Values: 1150-65535 // - // Valid for: Aurora DB clusters only + // Default: The same port as the original DB cluster. Port *int64 `type:"integer"` // The daily time range during which automated backups are created if automated @@ -40478,6 +40483,8 @@ type ModifyDBClusterInput struct { // see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) // in the Amazon Aurora User Guide. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // // * Must be in the format hh24:mi-hh24:mi. @@ -40487,14 +40494,12 @@ type ModifyDBClusterInput struct { // * Must not conflict with the preferred maintenance window. // // * Must be at least 30 minutes. - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters PreferredBackupWindow *string `type:"string"` // The weekly time range during which system maintenance can occur, in Universal // Coordinated Time (UTC). // - // Format: ddd:hh24:mi-ddd:hh24:mi + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // The default is a 30-minute window selected at random from an 8-hour block // of time for each Amazon Web Services Region, occurring on a random day of @@ -40502,15 +40507,19 @@ type ModifyDBClusterInput struct { // Cluster Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) // in the Amazon Aurora User Guide. // - // Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + // Constraints: // - // Constraints: Minimum 30-minute window. + // * Must be in the format ddd:hh24:mi-ddd:hh24:mi. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // * Days must be one of Mon | Tue | Wed | Thu | Fri | Sat | Sun. + // + // * Must be in Universal Coordinated Time (UTC). + // + // * Must be at least 30 minutes. PreferredMaintenanceWindow *string `type:"string"` - // A value that indicates whether to rotate the secret managed by Amazon Web - // Services Secrets Manager for the master user password. + // Specifies whether to rotate the secret managed by Amazon Web Services Secrets + // Manager for the master user password. // // This setting is valid only if the master user password is managed by RDS // in Amazon Web Services Secrets Manager for the DB cluster. The secret value @@ -40522,18 +40531,18 @@ type ModifyDBClusterInput struct { // Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) // in the Amazon Aurora User Guide. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // // * You must apply the change immediately when rotating the master user // password. - // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters RotateMasterUserPassword *bool `type:"boolean"` // The scaling properties of the DB cluster. You can only modify scaling properties // for DB clusters in serverless DB engine mode. // - // Valid for: Aurora DB clusters only + // Valid for Cluster Type: Aurora DB clusters only ScalingConfiguration *ScalingConfiguration `type:"structure"` // Contains the scaling configuration of an Aurora Serverless v2 DB cluster. @@ -40542,20 +40551,34 @@ type ModifyDBClusterInput struct { // in the Amazon Aurora User Guide. ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfiguration `type:"structure"` - // Specifies the storage type to be associated with the DB cluster. + // The storage type to associate with the DB cluster. // - // Valid values: io1 + // For information on storage types for Aurora DB clusters, see Storage configurations + // for Amazon Aurora DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type). + // For information on storage types for Multi-AZ DB clusters, see Settings for + // creating Multi-AZ DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings). // - // When specified, a value for the Iops parameter is required. + // When specified for a Multi-AZ DB cluster, a value for the Iops parameter + // is required. // - // Default: io1 + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Valid for: Multi-AZ DB clusters only + // Valid Values: + // + // * Aurora DB clusters - aurora | aurora-iopt1 + // + // * Multi-AZ DB clusters - io1 + // + // Default: + // + // * Aurora DB clusters - aurora + // + // * Multi-AZ DB clusters - io1 StorageType *string `type:"string"` - // A list of VPC security groups that the DB cluster will belong to. + // A list of EC2 VPC security groups to associate with this DB cluster. // - // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } @@ -40596,6 +40619,12 @@ func (s *ModifyDBClusterInput) SetAllocatedStorage(v int64) *ModifyDBClusterInpu return s } +// SetAllowEngineModeChange sets the AllowEngineModeChange field's value. +func (s *ModifyDBClusterInput) SetAllowEngineModeChange(v bool) *ModifyDBClusterInput { + s.AllowEngineModeChange = &v + return s +} + // SetAllowMajorVersionUpgrade sets the AllowMajorVersionUpgrade field's value. func (s *ModifyDBClusterInput) SetAllowMajorVersionUpgrade(v bool) *ModifyDBClusterInput { s.AllowMajorVersionUpgrade = &v @@ -40704,6 +40733,12 @@ func (s *ModifyDBClusterInput) SetEnablePerformanceInsights(v bool) *ModifyDBClu return s } +// SetEngineMode sets the EngineMode field's value. +func (s *ModifyDBClusterInput) SetEngineMode(v string) *ModifyDBClusterInput { + s.EngineMode = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *ModifyDBClusterInput) SetEngineVersion(v string) *ModifyDBClusterInput { s.EngineVersion = &v @@ -41085,29 +41120,30 @@ type ModifyDBInstanceInput struct { // The new amount of storage in gibibytes (GiB) to allocate for the DB instance. // - // For MariaDB, MySQL, Oracle, and PostgreSQL, the value supplied must be at - // least 10% greater than the current value. Values that are not at least 10% - // greater than the existing value are rounded up so that they are 10% greater - // than the current value. + // For RDS for MariaDB, RDS for MySQL, RDS for Oracle, and RDS for PostgreSQL, + // the value supplied must be at least 10% greater than the current value. Values + // that are not at least 10% greater than the existing value are rounded up + // so that they are 10% greater than the current value. // // For the valid values for allocated storage for each engine, see CreateDBInstance. AllocatedStorage *int64 `type:"integer"` - // A value that indicates whether major version upgrades are allowed. Changing - // this parameter doesn't result in an outage and the change is asynchronously - // applied as soon as possible. + // Specifies whether major version upgrades are allowed. Changing this parameter + // doesn't result in an outage and the change is asynchronously applied as soon + // as possible. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // - // Constraints: Major version upgrades must be allowed when specifying a value - // for the EngineVersion parameter that is a different major version than the - // DB instance's current version. + // Constraints: + // + // * Major version upgrades must be allowed when specifying a value for the + // EngineVersion parameter that's a different major version than the DB instance's + // current version. AllowMajorVersionUpgrade *bool `type:"boolean"` - // A value that indicates whether the modifications in this request and any - // pending modifications are asynchronously applied as soon as possible, regardless - // of the PreferredMaintenanceWindow setting for the DB instance. By default, - // this parameter is disabled. + // Specifies whether the modifications in this request and any pending modifications + // are asynchronously applied as soon as possible, regardless of the PreferredMaintenanceWindow + // setting for the DB instance. By default, this parameter is disabled. // // If this parameter is disabled, changes to the DB instance are applied during // the next maintenance window. Some parameter changes can cause an outage and @@ -41117,9 +41153,9 @@ type ModifyDBInstanceInput struct { // for each modified parameter and to determine when the changes are applied. ApplyImmediately *bool `type:"boolean"` - // A value that indicates whether minor version upgrades are applied automatically - // to the DB instance during the maintenance window. An outage occurs when all - // the following conditions are met: + // Specifies whether minor version upgrades are applied automatically to the + // DB instance during the maintenance window. An outage occurs when all the + // following conditions are met: // // * The automatic upgrade is enabled for the maintenance window. // @@ -41127,22 +41163,22 @@ type ModifyDBInstanceInput struct { // // * RDS has enabled automatic patching for the engine version. // - // If any of the preceding conditions isn't met, RDS applies the change as soon - // as possible and doesn't cause an outage. + // If any of the preceding conditions isn't met, Amazon RDS applies the change + // as soon as possible and doesn't cause an outage. // - // For an RDS Custom DB instance, set AutoMinorVersionUpgrade to false. Otherwise, - // the operation returns an error. + // For an RDS Custom DB instance, don't enable this setting. Otherwise, the + // operation returns an error. AutoMinorVersionUpgrade *bool `type:"boolean"` - // The automation mode of the RDS Custom DB instance: full or all paused. If - // full, the DB instance automates monitoring and instance recovery. If all - // paused, the instance pauses automation for the duration set by ResumeFullAutomationModeMinutes. + // The automation mode of the RDS Custom DB instance. If full, the DB instance + // automates monitoring and instance recovery. If all paused, the instance pauses + // automation for the duration set by ResumeFullAutomationModeMinutes. AutomationMode *string `type:"string" enum:"AutomationMode"` // The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services // Backup. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. AwsBackupRecoveryPointArn *string `min:"43" type:"string"` // The number of days to retain automated backups. Setting this parameter to @@ -41158,30 +41194,24 @@ type ModifyDBInstanceInput struct { // non-zero value to another non-zero value, the change is asynchronously applied // as soon as possible. // - // Amazon Aurora - // - // Not applicable. The retention period for automated backups is managed by - // the DB cluster. For more information, see ModifyDBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. The retention period + // for automated backups is managed by the DB cluster. For more information, + // see ModifyDBCluster. // // Default: Uses existing setting // // Constraints: // - // * It must be a value from 0 to 35. It can't be set to 0 if the DB instance - // is a source to read replicas. It can't be set to 0 for an RDS Custom for - // Oracle DB instance. + // * Must be a value from 0 to 35. // - // * It can be specified for a MySQL read replica only if the source is running - // MySQL 5.6 or later. + // * Can't be set to 0 if the DB instance is a source to read replicas. // - // * It can be specified for a PostgreSQL read replica only if the source - // is running PostgreSQL 9.3.5. + // * Can't be set to 0 for an RDS Custom for Oracle DB instance. BackupRetentionPeriod *int64 `type:"integer"` - // Specifies the CA certificate identifier to use for the DB instance’s server - // certificate. + // The CA certificate identifier to use for the DB instance6's server certificate. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // // For more information, see Using SSL/TLS to encrypt a connection to a DB instance // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) @@ -41190,8 +41220,8 @@ type ModifyDBInstanceInput struct { // in the Amazon Aurora User Guide. CACertificateIdentifier *string `type:"string"` - // A value that indicates whether the DB instance is restarted when you rotate - // your SSL/TLS certificate. + // Specifies whether the DB instance is restarted when you rotate your SSL/TLS + // certificate. // // By default, the DB instance is restarted when you rotate your SSL/TLS certificate. // The certificate is not updated until the DB instance is restarted. @@ -41210,27 +41240,26 @@ type ModifyDBInstanceInput struct { // DB engines, see Rotating Your SSL/TLS Certificate (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) // in the Amazon Aurora User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. CertificateRotationRestart *bool `type:"boolean"` - // The configuration setting for the log types to be enabled for export to CloudWatch - // Logs for a specific DB instance. + // The log types to be enabled for export to CloudWatch Logs for a specific + // DB instance. // // A change to the CloudwatchLogsExportConfiguration parameter is always applied // to the DB instance immediately. Therefore, the ApplyImmediately parameter // has no effect. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. CloudwatchLogsExportConfiguration *CloudwatchLogsExportConfiguration `type:"structure"` - // A value that indicates whether to copy all tags from the DB instance to snapshots - // of the DB instance. By default, tags are not copied. + // Specifies whether to copy all tags from the DB instance to snapshots of the + // DB instance. By default, tags aren't copied. // - // Amazon Aurora - // - // Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting - // this value for an Aurora DB instance has no effect on the DB cluster setting. - // For more information, see ModifyDBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. Copying tags to + // snapshots is managed by the DB cluster. Setting this value for an Aurora + // DB instance has no effect on the DB cluster setting. For more information, + // see ModifyDBCluster. CopyTagsToSnapshot *bool `type:"boolean"` // The new compute and memory capacity of the DB instance, for example db.m4.large. @@ -41249,11 +41278,12 @@ type ModifyDBInstanceInput struct { // Default: Uses existing setting DBInstanceClass *string `type:"string"` - // The DB instance identifier. This value is stored as a lowercase string. + // The identifier of DB instance to modify. This value is stored as a lowercase + // string. // // Constraints: // - // * Must match the identifier of an existing DBInstance. + // * Must match the identifier of an existing DB instance. // // DBInstanceIdentifier is a required field DBInstanceIdentifier *string `type:"string" required:"true"` @@ -41268,12 +41298,13 @@ type ModifyDBInstanceInput struct { // the newly associated DB parameter group, these changes are applied immediately // without a reboot. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // // Default: Uses existing setting // - // Constraints: The DB parameter group must be in the same DB parameter group - // family as the DB instance. + // Constraints: + // + // * Must be in the same DB parameter group family as the DB instance. DBParameterGroupName *string `type:"string"` // The port number on which the database accepts connections. @@ -41284,57 +41315,39 @@ type ModifyDBInstanceInput struct { // If you change the DBPortNumber value, your database restarts regardless of // the value of the ApplyImmediately parameter. // - // This setting doesn't apply to RDS Custom. - // - // MySQL - // - // Default: 3306 - // - // Valid values: 1150-65535 + // This setting doesn't apply to RDS Custom DB instances. // - // MariaDB - // - // Default: 3306 - // - // Valid values: 1150-65535 - // - // PostgreSQL - // - // Default: 5432 - // - // Valid values: 1150-65535 - // - // Type: Integer + // Valid Values: 1150-65535 // - // Oracle + // Default: // - // Default: 1521 + // * Amazon Aurora - 3306 // - // Valid values: 1150-65535 + // * RDS for MariaDB - 3306 // - // SQL Server + // * RDS for Microsoft SQL Server - 1433 // - // Default: 1433 + // * RDS for MySQL - 3306 // - // Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and - // 49152-49156. + // * RDS for Oracle - 1521 // - // Amazon Aurora + // * RDS for PostgreSQL - 5432 // - // Default: 3306 + // Constraints: // - // Valid values: 1150-65535 + // * For RDS for Microsoft SQL Server, the value can't be 1234, 1434, 3260, + // 3343, 3389, 47001, or 49152-49156. DBPortNumber *int64 `type:"integer"` // A list of DB security groups to authorize on this DB instance. Changing this // setting doesn't result in an outage and the change is asynchronously applied // as soon as possible. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // // Constraints: // - // * If supplied, must match existing DBSecurityGroups. + // * If supplied, must match existing DB security groups. DBSecurityGroups []*string `locationNameList:"DBSecurityGroupName" type:"list"` // The new DB subnet group for the DB instance. You can use this parameter to @@ -41346,17 +41359,19 @@ type ModifyDBInstanceInput struct { // Changing the subnet group causes an outage during the change. The change // is applied during the next maintenance window, unless you enable ApplyImmediately. // - // This parameter doesn't apply to RDS Custom. + // This parameter doesn't apply to RDS Custom DB instances. // - // Constraints: If supplied, must match the name of an existing DBSubnetGroup. + // Constraints: + // + // * If supplied, must match existing DB subnet group. // // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` - // A value that indicates whether the DB instance has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection isn't enabled. For more information, see Deleting a DB - // Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + // Specifies whether the DB instance has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. For more information, see Deleting a DB Instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). DeletionProtection *bool `type:"boolean"` // The Active Directory directory ID to move the DB instance to. Specify none @@ -41367,16 +41382,16 @@ type ModifyDBInstanceInput struct { // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. Domain *string `type:"string"` // The name of the IAM role to use when making API calls to the Directory Service. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. DomainIAMRoleName *string `type:"string"` - // A value that indicates whether to enable a customer-owned IP address (CoIP) - // for an RDS on Outposts DB instance. + // Specifies whether to enable a customer-owned IP address (CoIP) for an RDS + // on Outposts DB instance. // // A CoIP provides local or external connectivity to resources in your Outpost // subnets through your on-premises network. For some use cases, a CoIP can @@ -41391,9 +41406,9 @@ type ModifyDBInstanceInput struct { // in the Amazon Web Services Outposts User Guide. EnableCustomerOwnedIp *bool `type:"boolean"` - // A value that indicates whether to enable mapping of Amazon Web Services Identity - // and Access Management (IAM) accounts to database accounts. By default, mapping - // isn't enabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services // IAM accounts to database accounts is managed by the DB cluster. @@ -41402,18 +41417,44 @@ type ModifyDBInstanceInput struct { // Authentication for MySQL and PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // A value that indicates whether to enable Performance Insights for the DB - // instance. + // Specifies whether to enable Performance Insights for the DB instance. // // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. EnablePerformanceInsights *bool `type:"boolean"` + // The target Oracle DB engine when you convert a non-CDB to a CDB. This intermediate + // step is necessary to upgrade an Oracle Database 19c non-CDB to an Oracle + // Database 21c CDB. + // + // Note the following requirements: + // + // * Make sure that you specify oracle-ee-cdb or oracle-se2-cdb. + // + // * Make sure that your DB engine runs Oracle Database 19c with an April + // 2021 or later RU. + // + // Note the following limitations: + // + // * You can't convert a CDB to a non-CDB. + // + // * You can't convert a replica database. + // + // * You can't convert a non-CDB to a CDB and upgrade the engine version + // in the same command. + // + // * You can't convert the existing custom parameter or option group when + // it has options or parameters that are permanent or persistent. In this + // situation, the DB instance reverts to the default option and parameter + // group. To avoid reverting to the default, specify a new parameter group + // with --db-parameter-group-name and a new option group with --option-group-name. + Engine *string `type:"string"` + // The version number of the database engine to upgrade to. Changing this parameter // results in an outage and the change is applied during the next maintenance // window unless the ApplyImmediately parameter is enabled for this request. @@ -41423,10 +41464,14 @@ type ModifyDBInstanceInput struct { // new engine version must be specified. The new DB parameter group can be the // default for that DB parameter group family. // - // If you specify only a major version, Amazon RDS will update the DB instance - // to the default minor version if the current minor version is lower. For information + // If you specify only a major version, Amazon RDS updates the DB instance to + // the default minor version if the current minor version is lower. For information // about valid engine versions, see CreateDBInstance, or call DescribeDBEngineVersions. // + // If the instance that you're modifying is acting as a read replica, the engine + // version that you specify must be the same or higher than the version that + // the source DB instance or cluster is running. + // // In RDS Custom for Oracle, this parameter is supported for read replicas only // if they are in the PATCH_DB_FAILURE lifecycle. EngineVersion *string `type:"string"` @@ -41452,33 +41497,45 @@ type ModifyDBInstanceInput struct { // modifying the instance, rebooting the instance, deleting the instance, creating // a read replica for the instance, and creating a DB snapshot of the instance. // - // Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL, the value supplied - // must be at least 10% greater than the current value. Values that are not - // at least 10% greater than the existing value are rounded up so that they - // are 10% greater than the current value. + // Constraints: + // + // * For RDS for MariaDB, RDS for MySQL, RDS for Oracle, and RDS for PostgreSQL + // - The value supplied must be at least 10% greater than the current value. + // Values that are not at least 10% greater than the existing value are rounded + // up so that they are 10% greater than the current value. // // Default: Uses existing setting Iops *int64 `type:"integer"` // The license model for the DB instance. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. // - // Valid values: license-included | bring-your-own-license | general-public-license + // Valid Values: + // + // * RDS for MariaDB - general-public-license + // + // * RDS for Microsoft SQL Server - license-included + // + // * RDS for MySQL - general-public-license + // + // * RDS for Oracle - bring-your-own-license | license-included + // + // * RDS for PostgreSQL - postgresql-license LicenseModel *string `type:"string"` - // A value that indicates whether to manage the master user password with Amazon - // Web Services Secrets Manager. + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. // - // If the DB cluster doesn't manage the master user password with Amazon Web + // If the DB instance doesn't manage the master user password with Amazon Web // Services Secrets Manager, you can turn on this management. In this case, // you can't specify MasterUserPassword. // - // If the DB cluster already manages the master user password with Amazon Web + // If the DB instance already manages the master user password with Amazon Web // Services Secrets Manager, and you specify that the master user password is // not managed with Amazon Web Services Secrets Manager, then you must specify - // MasterUserPassword. In this case, RDS deletes the secret and uses the new - // password for the master user specified by MasterUserPassword. + // MasterUserPassword. In this case, Amazon RDS deletes the secret and uses + // the new password for the master user specified by MasterUserPassword. // // For more information, see Password management with Amazon Web Services Secrets // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) @@ -41490,48 +41547,43 @@ type ModifyDBInstanceInput struct { // Manager if MasterUserPassword is specified. ManageMasterUserPassword *bool `type:"boolean"` - // The new password for the master user. The password can include any printable - // ASCII character except "/", """, or "@". + // The new password for the master user. // // Changing this parameter doesn't result in an outage and the change is asynchronously // applied as soon as possible. Between the time of the request and the completion // of the request, the MasterUserPassword element exists in the PendingModifiedValues // element of the operation response. // - // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. The password for the master user is managed by the DB cluster. - // For more information, see ModifyDBCluster. + // Amazon RDS API operations never return the password, so this action provides + // a way to regain access to a primary instance user if the password is lost. + // This includes restoring privileges that might have been accidentally revoked. // - // Default: Uses existing setting + // This setting doesn't apply to the following DB instances: // - // Constraints: Can't be specified if ManageMasterUserPassword is turned on. + // * Amazon Aurora (The password for the master user is managed by the DB + // cluster. For more information, see ModifyDBCluster.) // - // MariaDB + // * RDS Custom // - // Constraints: Must contain from 8 to 41 characters. + // Default: Uses existing setting // - // Microsoft SQL Server + // Constraints: // - // Constraints: Must contain from 8 to 128 characters. + // * Can't be specified if ManageMasterUserPassword is turned on. // - // MySQL + // * Can include any printable ASCII character except "/", """, or "@". // - // Constraints: Must contain from 8 to 41 characters. + // Length Constraints: // - // Oracle + // * RDS for MariaDB - Must contain from 8 to 41 characters. // - // Constraints: Must contain from 8 to 30 characters. + // * RDS for Microsoft SQL Server - Must contain from 8 to 128 characters. // - // PostgreSQL + // * RDS for MySQL - Must contain from 8 to 41 characters. // - // Constraints: Must contain from 8 to 128 characters. + // * RDS for Oracle - Must contain from 8 to 30 characters. // - // Amazon RDS API operations never return the password, so this action provides - // a way to regain access to a primary instance user if the password is lost. - // This includes restoring privileges that might have been accidentally revoked. + // * RDS for PostgreSQL - Must contain from 8 to 128 characters. MasterUserPassword *string `type:"string"` // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically @@ -41569,19 +41621,21 @@ type ModifyDBInstanceInput struct { // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. MaxAllocatedStorage *int64 `type:"integer"` // The interval, in seconds, between points when Enhanced Monitoring metrics - // are collected for the DB instance. To disable collecting Enhanced Monitoring - // metrics, specify 0, which is the default. + // are collected for the DB instance. To disable collection of Enhanced Monitoring + // metrics, specify 0. // // If MonitoringRoleArn is specified, set MonitoringInterval to a value other // than 0. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // - // Valid Values: 0, 1, 5, 10, 15, 30, 60 + // Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60 + // + // Default: 0 MonitoringInterval *int64 `type:"integer"` // The ARN for the IAM role that permits RDS to send enhanced monitoring metrics @@ -41593,40 +41647,36 @@ type ModifyDBInstanceInput struct { // If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn // value. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. MonitoringRoleArn *string `type:"string"` - // A value that indicates whether the DB instance is a Multi-AZ deployment. - // Changing this parameter doesn't result in an outage. The change is applied - // during the next maintenance window unless the ApplyImmediately parameter - // is enabled for this request. + // Specifies whether the DB instance is a Multi-AZ deployment. Changing this + // parameter doesn't result in an outage. The change is applied during the next + // maintenance window unless the ApplyImmediately parameter is enabled for this + // request. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. MultiAZ *bool `type:"boolean"` // The network type of the DB instance. // - // Valid values: - // - // * IPV4 - // - // * DUAL - // // The network type is determined by the DBSubnetGroup specified for the DB // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 // and the IPv6 protocols (DUAL). // // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) // in the Amazon RDS User Guide. + // + // Valid Values: IPV4 | DUAL NetworkType *string `type:"string"` - // The new DB instance identifier for the DB instance when renaming a DB instance. - // When you change the DB instance identifier, an instance reboot occurs immediately + // The new identifier for the DB instance when renaming a DB instance. When + // you change the DB instance identifier, an instance reboot occurs immediately // if you enable ApplyImmediately, or will occur during the next maintenance - // window if you disable Apply Immediately. This value is stored as a lowercase + // window if you disable ApplyImmediately. This value is stored as a lowercase // string. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // // Constraints: // @@ -41639,8 +41689,7 @@ type ModifyDBInstanceInput struct { // Example: mydbinstance NewDBInstanceIdentifier *string `type:"string"` - // A value that indicates the DB instance should be associated with the specified - // option group. + // The option group to associate the DB instance with. // // Changing this parameter doesn't result in an outage, with one exception. // If the parameter change results in an option group that enables OEM, it can @@ -41654,7 +41703,7 @@ type ModifyDBInstanceInput struct { // can't be removed from an option group, and that option group can't be removed // from a DB instance after it is associated with a DB instance. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. OptionGroupName *string `type:"string"` // The Amazon Web Services KMS key identifier for encryption of Performance @@ -41663,37 +41712,31 @@ type ModifyDBInstanceInput struct { // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias // ARN, or alias name for the KMS key. // - // If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon + // If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon // RDS uses your default KMS key. There is a default KMS key for your Amazon // Web Services account. Your Amazon Web Services account has a different default // KMS key for each Amazon Web Services Region. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: + // The number of days to retain Performance Insights data. // - // * 7 + // This setting doesn't apply to RDS Custom DB instances. // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: + // Valid Values: // - // * 93 (3 months * 31) + // * 7 // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) // // * 731 // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // Default: 7 days // - // This setting doesn't apply to RDS Custom. + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // returns an error. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // The daily time range during which automated backups are created if automated @@ -41704,28 +41747,27 @@ type ModifyDBInstanceInput struct { // For more information, see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) // in the Amazon RDS User Guide. // - // Amazon Aurora - // - // Not applicable. The daily time range for creating automated backups is managed - // by the DB cluster. For more information, see ModifyDBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. The daily time + // range for creating automated backups is managed by the DB cluster. For more + // information, see ModifyDBCluster. // // Constraints: // - // * Must be in the format hh24:mi-hh24:mi + // * Must be in the format hh24:mi-hh24:mi. // - // * Must be in Universal Time Coordinated (UTC) + // * Must be in Universal Coordinated Time (UTC). // - // * Must not conflict with the preferred maintenance window + // * Must not conflict with the preferred maintenance window. // - // * Must be at least 30 minutes + // * Must be at least 30 minutes. PreferredBackupWindow *string `type:"string"` - // The weekly time range (in UTC) during which system maintenance can occur, - // which might result in an outage. Changing this parameter doesn't result in - // an outage, except in the following situation, and the change is asynchronously - // applied as soon as possible. If there are pending actions that cause a reboot, - // and the maintenance window is changed to include the current time, then changing - // this parameter will cause a reboot of the DB instance. If moving this window + // The weekly time range during which system maintenance can occur, which might + // result in an outage. Changing this parameter doesn't result in an outage, + // except in the following situation, and the change is asynchronously applied + // as soon as possible. If there are pending actions that cause a reboot, and + // the maintenance window is changed to include the current time, then changing + // this parameter causes a reboot of the DB instance. If you change this window // to the current time, there must be at least 30 minutes between the current // time and end of the window to ensure pending changes are applied. // @@ -41734,32 +41776,38 @@ type ModifyDBInstanceInput struct { // // Default: Uses existing setting // - // Format: ddd:hh24:mi-ddd:hh24:mi + // Constraints: // - // Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun + // * Must be in the format ddd:hh24:mi-ddd:hh24:mi. // - // Constraints: Must be at least 30 minutes + // * The day values must be mon | tue | wed | thu | fri | sat | sun. + // + // * Must be in Universal Coordinated Time (UTC). + // + // * Must not conflict with the preferred backup window. + // + // * Must be at least 30 minutes. PreferredMaintenanceWindow *string `type:"string"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that specifies the order in which an Aurora Replica is promoted to - // the primary instance after a failure of the existing primary instance. For - // more information, see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) + // The order of priority in which an Aurora Replica is promoted to the primary + // instance after a failure of the existing primary instance. For more information, + // see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) // in the Amazon Aurora User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. // // Default: 1 // // Valid Values: 0 - 15 PromotionTier *int64 `type:"integer"` - // A value that indicates whether the DB instance is publicly accessible. + // Specifies whether the DB instance is publicly accessible. // // When the DB cluster is publicly accessible, its Domain Name System (DNS) // endpoint resolves to the private IP address from within the DB cluster's @@ -41792,16 +41840,23 @@ type ModifyDBInstanceInput struct { // Read Replicas for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) // in the Amazon RDS User Guide. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. ReplicaMode *string `type:"string" enum:"ReplicaMode"` // The number of minutes to pause the automation. When the time period ends, - // RDS Custom resumes full automation. The minimum value is 60 (default). The - // maximum value is 1,440. + // RDS Custom resumes full automation. + // + // Default: 60 + // + // Constraints: + // + // * Must be at least 60. + // + // * Must be no more than 1,440. ResumeFullAutomationModeMinutes *int64 `type:"integer"` - // A value that indicates whether to rotate the secret managed by Amazon Web - // Services Secrets Manager for the master user password. + // Specifies whether to rotate the secret managed by Amazon Web Services Secrets + // Manager for the master user password. // // This setting is valid only if the master user password is managed by RDS // in Amazon Web Services Secrets Manager for the DB cluster. The secret value @@ -41817,14 +41872,14 @@ type ModifyDBInstanceInput struct { // password. RotateMasterUserPassword *bool `type:"boolean"` - // Specifies the storage throughput value for the DB instance. + // The storage throughput value for the DB instance. // // This setting applies only to the gp3 storage type. // - // This setting doesn't apply to RDS Custom or Amazon Aurora. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. StorageThroughput *int64 `type:"integer"` - // Specifies the storage type to be associated with the DB instance. + // The storage type to associate with the DB instance. // // If you specify Provisioned IOPS (io1), you must also include a value for // the Iops parameter. @@ -41842,41 +41897,41 @@ type ModifyDBInstanceInput struct { // modifying the instance, rebooting the instance, deleting the instance, creating // a read replica for the instance, and creating a DB snapshot of the instance. // - // Valid values: gp2 | gp3 | io1 | standard + // Valid Values: gp2 | gp3 | io1 | standard // - // Default: io1 if the Iops parameter is specified, otherwise gp2 + // Default: io1, if the Iops parameter is specified. Otherwise, gp2. StorageType *string `type:"string"` // The ARN from the key store with which to associate the instance for TDE encryption. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. TdeCredentialArn *string `type:"string"` // The password for the given ARN from the key store in order to access the // device. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. TdeCredentialPassword *string `type:"string"` - // A value that indicates whether the DB instance class of the DB instance uses - // its default processor features. + // Specifies whether the DB instance class of the DB instance uses its default + // processor features. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to RDS Custom DB instances. UseDefaultProcessorFeatures *bool `type:"boolean"` - // A list of Amazon EC2 VPC security groups to authorize on this DB instance. + // A list of Amazon EC2 VPC security groups to associate with this DB instance. // This change is asynchronously applied as soon as possible. // - // This setting doesn't apply to RDS Custom. + // This setting doesn't apply to the following DB instances: // - // Amazon Aurora + // * Amazon Aurora (The associated list of EC2 VPC security groups is managed + // by the DB cluster. For more information, see ModifyDBCluster.) // - // Not applicable. The associated list of EC2 VPC security groups is managed - // by the DB cluster. For more information, see ModifyDBCluster. + // * RDS Custom // // Constraints: // - // * If supplied, must match existing VpcSecurityGroupIds. + // * If supplied, must match existing VPC security group IDs. VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } @@ -42052,6 +42107,12 @@ func (s *ModifyDBInstanceInput) SetEnablePerformanceInsights(v bool) *ModifyDBIn return s } +// SetEngine sets the Engine field's value. +func (s *ModifyDBInstanceInput) SetEngine(v string) *ModifyDBInstanceInput { + s.Engine = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *ModifyDBInstanceInput) SetEngineVersion(v string) *ModifyDBInstanceInput { s.EngineVersion = &v @@ -42874,6 +42935,10 @@ type ModifyDBSnapshotInput struct { // // Oracle // + // * 19.0.0.0.ru-2022-01.rur-2022-01.r1 (supported for 12.2.0.1 DB snapshots) + // + // * 19.0.0.0.ru-2022-07.rur-2022-07.r1 (supported for 12.1.0.2 DB snapshots) + // // * 12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots) // // * 11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots) @@ -43235,20 +43300,14 @@ type ModifyGlobalClusterInput struct { // this parameter results in an outage. The change is applied during the next // maintenance window unless ApplyImmediately is enabled. // - // To list all of the available engine versions for aurora (for MySQL 5.6-compatible - // Aurora), use the following command: - // - // aws rds describe-db-engine-versions --engine aurora --query '*[]|[?SupportsGlobalDatabases - // == `true`].[EngineVersion]' - // - // To list all of the available engine versions for aurora-mysql (for MySQL - // 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command: + // To list all of the available engine versions for aurora-mysql (for MySQL-based + // Aurora global databases), use the following command: // // aws rds describe-db-engine-versions --engine aurora-mysql --query '*[]|[?SupportsGlobalDatabases // == `true`].[EngineVersion]' // - // To list all of the available engine versions for aurora-postgresql, use the - // following command: + // To list all of the available engine versions for aurora-postgresql (for PostgreSQL-based + // Aurora global databases), use the following command: // // aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[]|[?SupportsGlobalDatabases // == `true`].[EngineVersion]' @@ -44973,6 +45032,9 @@ type PendingModifiedValues struct { // The DB subnet group for the DB instance. DBSubnetGroupName *string `type:"string"` + // The database engine of the DB instance. + Engine *string `type:"string"` + // The database engine version. EngineVersion *string `type:"string"` @@ -45078,6 +45140,12 @@ func (s *PendingModifiedValues) SetDBSubnetGroupName(v string) *PendingModifiedV return s } +// SetEngine sets the Engine field's value. +func (s *PendingModifiedValues) SetEngine(v string) *PendingModifiedValues { + s.Engine = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *PendingModifiedValues) SetEngineVersion(v string) *PendingModifiedValues { s.EngineVersion = &v @@ -46962,7 +47030,8 @@ type RestoreDBClusterFromS3Input struct { DBClusterIdentifier *string `type:"string" required:"true"` // The name of the DB cluster parameter group to associate with the restored - // DB cluster. If this argument is omitted, default.aurora5.6 is used. + // DB cluster. If this argument is omitted, the default parameter group for + // the engine version is used. // // Constraints: // @@ -47004,10 +47073,6 @@ type RestoreDBClusterFromS3Input struct { // // Possible values are audit, error, general, and slowquery. // - // Aurora PostgreSQL - // - // Possible value is postgresql. - // // For more information about exporting CloudWatch Logs for Amazon Aurora, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon Aurora User Guide. @@ -47023,27 +47088,21 @@ type RestoreDBClusterFromS3Input struct { // The name of the database engine to be used for this DB cluster. // - // Valid Values: aurora (for MySQL 5.6-compatible Aurora) and aurora-mysql (for - // MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + // Valid Values: aurora-mysql (for Aurora MySQL) // // Engine is a required field Engine *string `type:"string" required:"true"` // The version number of the database engine to use. // - // To list all of the available engine versions for aurora (for MySQL 5.6-compatible - // Aurora), use the following command: - // - // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion" - // - // To list all of the available engine versions for aurora-mysql (for MySQL - // 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command: + // To list all of the available engine versions for aurora-mysql (Aurora MySQL), + // use the following command: // // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // // Aurora MySQL // - // Example: 5.6.10a, 5.6.mysql_aurora.1.19.2, 5.7.mysql_aurora.2.07.1, 8.0.mysql_aurora.3.02.0 + // Examples: 5.7.mysql_aurora.2.07.1, 8.0.mysql_aurora.3.02.0 EngineVersion *string `type:"string"` // The Amazon Web Services KMS key identifier for an encrypted DB cluster. @@ -47226,6 +47285,15 @@ type RestoreDBClusterFromS3Input struct { // A value that indicates whether the restored DB cluster is encrypted. StorageEncrypted *bool `type:"boolean"` + // Specifies the storage type to be associated with the DB cluster. + // + // Valid values: aurora, aurora-iopt1 + // + // Default: aurora + // + // Valid for: Aurora DB clusters only + StorageType *string `type:"string"` + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. Tags []*Tag `locationNameList:"Tag" type:"list"` @@ -47481,6 +47549,12 @@ func (s *RestoreDBClusterFromS3Input) SetStorageEncrypted(v bool) *RestoreDBClus return s } +// SetStorageType sets the StorageType field's value. +func (s *RestoreDBClusterFromS3Input) SetStorageType(v string) *RestoreDBClusterFromS3Input { + s.StorageType = &v + return s +} + // SetTags sets the Tags field's value. func (s *RestoreDBClusterFromS3Input) SetTags(v []*Tag) *RestoreDBClusterFromS3Input { s.Tags = v @@ -47707,23 +47781,19 @@ type RestoreDBClusterFromSnapshotInput struct { // Engine is a required field Engine *string `type:"string" required:"true"` - // The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, - // global, or multimaster. + // The DB engine mode of the DB cluster, either provisioned or serverless. // // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). // // Valid for: Aurora DB clusters only EngineMode *string `type:"string"` - // The version of the database engine to use for the new DB cluster. - // - // To list all of the available engine versions for MySQL 5.6-compatible Aurora, - // use the following command: - // - // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion" + // The version of the database engine to use for the new DB cluster. If you + // don't specify an engine version, the default version for the database engine + // in the Amazon Web Services Region is used. // - // To list all of the available engine versions for MySQL 5.7-compatible and - // MySQL 8.0-compatible Aurora, use the following command: + // To list all of the available engine versions for Aurora MySQL, use the following + // command: // // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // @@ -47744,7 +47814,7 @@ type RestoreDBClusterFromSnapshotInput struct { // // Aurora MySQL // - // See MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) + // See Database engine updates for Amazon Aurora MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) // in the Amazon Aurora User Guide. // // Aurora PostgreSQL @@ -47754,7 +47824,7 @@ type RestoreDBClusterFromSnapshotInput struct { // // MySQL // - // See MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + // See Amazon RDS for MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) // in the Amazon RDS User Guide. // // PostgreSQL @@ -47893,14 +47963,15 @@ type RestoreDBClusterFromSnapshotInput struct { // SnapshotIdentifier is a required field SnapshotIdentifier *string `type:"string" required:"true"` - // Specifies the storage type to be associated with the each DB instance in - // the Multi-AZ DB cluster. + // Specifies the storage type to be associated with the DB cluster. // - // Valid values: io1 + // When specified for a Multi-AZ DB cluster, a value for the Iops parameter + // is required. // - // When specified, a value for the Iops parameter is required. + // Valid values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB + // clusters) // - // Default: io1 + // Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters) // // Valid for: Aurora DB clusters and Multi-AZ DB clusters StorageType *string `type:"string"` @@ -48454,9 +48525,6 @@ type RestoreDBClusterToPointInTimeInput struct { // * copy-on-write - The new DB cluster is restored as a clone of the source // DB cluster. // - // Constraints: You can't specify copy-on-write if the engine version of the - // source DB cluster is earlier than 1.11. - // // If you don't specify a RestoreType value, then the new DB cluster is restored // as a full copy of the source DB cluster. // @@ -48486,16 +48554,17 @@ type RestoreDBClusterToPointInTimeInput struct { // SourceDBClusterIdentifier is a required field SourceDBClusterIdentifier *string `type:"string" required:"true"` - // Specifies the storage type to be associated with the each DB instance in - // the Multi-AZ DB cluster. + // Specifies the storage type to be associated with the DB cluster. // - // Valid values: io1 + // When specified for a Multi-AZ DB cluster, a value for the Iops parameter + // is required. // - // When specified, a value for the Iops parameter is required. + // Valid values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB + // clusters) // - // Default: io1 + // Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters) // - // Valid for: Multi-AZ DB clusters only + // Valid for: Aurora DB clusters and Multi-AZ DB clusters StorageType *string `type:"string"` // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) @@ -48767,8 +48836,8 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // The amount of storage (in gibibytes) to allocate initially for the DB instance. // Follow the allocation rules specified in CreateDBInstance. // - // Be sure to allocate enough memory for your new DB instance so that the restore - // operation can succeed. You can also allocate additional memory for future + // Be sure to allocate enough storage for your new DB instance so that the restore + // operation can succeed. You can also allocate additional storage for future // growth. AllocatedStorage *int64 `type:"integer"` @@ -48833,8 +48902,8 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // The identifier for the RDS for MySQL Multi-AZ DB cluster snapshot to restore // from. // - // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with - // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) // in the Amazon RDS User Guide. // // Constraints: @@ -49426,8 +49495,8 @@ type RestoreDBInstanceFromS3Input struct { // The amount of storage (in gibibytes) to allocate initially for the DB instance. // Follow the allocation rules specified in CreateDBInstance. // - // Be sure to allocate enough memory for your new DB instance so that the restore - // operation can succeed. You can also allocate additional memory for future + // Be sure to allocate enough storage for your new DB instance so that the restore + // operation can succeed. You can also allocate additional storage for future // growth. AllocatedStorage *int64 `type:"integer"` @@ -50232,8 +50301,8 @@ type RestoreDBInstanceToPointInTimeInput struct { // The amount of storage (in gibibytes) to allocate initially for the DB instance. // Follow the allocation rules specified in CreateDBInstance. // - // Be sure to allocate enough memory for your new DB instance so that the restore - // operation can succeed. You can also allocate additional memory for future + // Be sure to allocate enough storage for your new DB instance so that the restore + // operation can succeed. You can also allocate additional storage for future // growth. AllocatedStorage *int64 `type:"integer"` @@ -51189,8 +51258,8 @@ func (s *ScalingConfiguration) SetTimeoutAction(v string) *ScalingConfiguration return s } -// Shows the scaling configuration for an Aurora DB cluster in serverless DB -// engine mode. +// The scaling configuration for an Aurora DB cluster in serverless DB engine +// mode. // // For more information, see Using Amazon Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) // in the Amazon Aurora User Guide. @@ -51333,7 +51402,7 @@ func (s *ServerlessV2ScalingConfiguration) SetMinCapacity(v float64) *Serverless return s } -// Shows the scaling configuration for an Aurora Serverless v2 DB cluster. +// The scaling configuration for an Aurora Serverless v2 DB cluster. // // For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) // in the Amazon Aurora User Guide. @@ -51450,8 +51519,8 @@ type StartActivityStreamInput struct { ApplyImmediately *bool `type:"boolean"` // Specifies whether the database activity stream includes engine-native audit - // fields. This option only applies to an Oracle DB instance. By default, no - // engine-native audit fields are included. + // fields. This option applies to an Oracle or Microsoft SQL Server DB instance. + // By default, no engine-native audit fields are included. EngineNativeAuditFieldsIncluded *bool `type:"boolean"` // The Amazon Web Services KMS key identifier for encrypting messages in the @@ -51950,38 +52019,62 @@ func (s *StartDBInstanceOutput) SetDBInstance(v *DBInstance) *StartDBInstanceOut type StartExportTaskInput struct { _ struct{} `type:"structure"` - // The data to be exported from the snapshot. If this parameter is not provided, - // all the snapshot data is exported. Valid values are the following: + // The data to be exported from the snapshot or cluster. If this parameter is + // not provided, all of the data is exported. Valid values are the following: // // * database - Export all the data from a specified database. // - // * database.table table-name - Export a table of the snapshot. This format - // is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL. + // * database.table table-name - Export a table of the snapshot or cluster. + // This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora + // MySQL. // - // * database.schema schema-name - Export a database schema of the snapshot. - // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. + // * database.schema schema-name - Export a database schema of the snapshot + // or cluster. This format is valid only for RDS for PostgreSQL and Aurora + // PostgreSQL. // // * database.schema.table table-name - Export a table of the database schema. // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. ExportOnly []*string `type:"list"` - // A unique identifier for the snapshot export task. This ID isn't an identifier - // for the Amazon S3 bucket where the snapshot is to be exported to. + // A unique identifier for the export task. This ID isn't an identifier for + // the Amazon S3 bucket where the data is to be exported. // // ExportTaskIdentifier is a required field ExportTaskIdentifier *string `type:"string" required:"true"` // The name of the IAM role to use for writing to the Amazon S3 bucket when - // exporting a snapshot. + // exporting a snapshot or cluster. + // + // In the IAM policy attached to your IAM role, include the following required + // actions to allow the transfer of files from Amazon RDS or Amazon Aurora to + // an S3 bucket: + // + // * s3:PutObject* + // + // * s3:GetObject* + // + // * s3:ListBucket + // + // * s3:DeleteObject* + // + // * s3:GetBucketLocation + // + // In the policy, include the resources to identify the S3 bucket and objects + // in the bucket. The following list of resources shows the Amazon Resource + // Name (ARN) format for accessing S3: + // + // * arn:aws:s3:::your-s3-bucket + // + // * arn:aws:s3:::your-s3-bucket/* // // IamRoleArn is a required field IamRoleArn *string `type:"string" required:"true"` - // The ID of the Amazon Web Services KMS key to use to encrypt the snapshot - // exported to Amazon S3. The Amazon Web Services KMS key identifier is the - // key ARN, key ID, alias ARN, or alias name for the KMS key. The caller of - // this operation must be authorized to run the following operations. These - // can be set in the Amazon Web Services KMS key policy: + // The ID of the Amazon Web Services KMS key to use to encrypt the data exported + // to Amazon S3. The Amazon Web Services KMS key identifier is the key ARN, + // key ID, alias ARN, or alias name for the KMS key. The caller of this operation + // must be authorized to run the following operations. These can be set in the + // Amazon Web Services KMS key policy: // // * kms:Encrypt // @@ -52004,16 +52097,17 @@ type StartExportTaskInput struct { // KmsKeyId is a required field KmsKeyId *string `type:"string" required:"true"` - // The name of the Amazon S3 bucket to export the snapshot to. + // The name of the Amazon S3 bucket to export the snapshot or cluster data to. // // S3BucketName is a required field S3BucketName *string `type:"string" required:"true"` // The Amazon S3 bucket prefix to use as the file name and path of the exported - // snapshot. + // data. S3Prefix *string `type:"string"` - // The Amazon Resource Name (ARN) of the snapshot to export to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster to export to Amazon + // S3. // // SourceArn is a required field SourceArn *string `type:"string" required:"true"` @@ -52104,75 +52198,90 @@ func (s *StartExportTaskInput) SetSourceArn(v string) *StartExportTaskInput { return s } -// Contains the details of a snapshot export to Amazon S3. +// Contains the details of a snapshot or cluster export to Amazon S3. // // This data type is used as a response element in the DescribeExportTasks action. type StartExportTaskOutput struct { _ struct{} `type:"structure"` - // The data exported from the snapshot. Valid values are the following: + // The data exported from the snapshot or cluster. Valid values are the following: // // * database - Export all the data from a specified database. // - // * database.table table-name - Export a table of the snapshot. This format - // is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL. + // * database.table table-name - Export a table of the snapshot or cluster. + // This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora + // MySQL. // - // * database.schema schema-name - Export a database schema of the snapshot. - // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. + // * database.schema schema-name - Export a database schema of the snapshot + // or cluster. This format is valid only for RDS for PostgreSQL and Aurora + // PostgreSQL. // // * database.schema.table table-name - Export a table of the database schema. // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. ExportOnly []*string `type:"list"` - // A unique identifier for the snapshot export task. This ID isn't an identifier - // for the Amazon S3 bucket where the snapshot is exported to. + // A unique identifier for the snapshot or cluster export task. This ID isn't + // an identifier for the Amazon S3 bucket where the data is exported. ExportTaskIdentifier *string `type:"string"` // The reason the export failed, if it failed. FailureCause *string `type:"string"` // The name of the IAM role that is used to write to Amazon S3 when exporting - // a snapshot. + // a snapshot or cluster. IamRoleArn *string `type:"string"` // The key identifier of the Amazon Web Services KMS key that is used to encrypt - // the snapshot when it's exported to Amazon S3. The KMS key identifier is its - // key ARN, key ID, alias ARN, or alias name. The IAM role used for the snapshot - // export must have encryption and decryption permissions to use this KMS key. + // the data when it's exported to Amazon S3. The KMS key identifier is its key + // ARN, key ID, alias ARN, or alias name. The IAM role used for the export must + // have encryption and decryption permissions to use this KMS key. KmsKeyId *string `type:"string"` - // The progress of the snapshot export task as a percentage. + // The progress of the snapshot or cluster export task as a percentage. PercentProgress *int64 `type:"integer"` - // The Amazon S3 bucket that the snapshot is exported to. + // The Amazon S3 bucket that the snapshot or cluster is exported to. S3Bucket *string `type:"string"` // The Amazon S3 bucket prefix that is the file name and path of the exported - // snapshot. + // data. S3Prefix *string `type:"string"` // The time that the snapshot was created. SnapshotTime *time.Time `type:"timestamp"` - // The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster exported to Amazon + // S3. SourceArn *string `type:"string"` // The type of source for the export. SourceType *string `type:"string" enum:"ExportSourceType"` - // The progress status of the export task. + // The progress status of the export task. The status can be one of the following: + // + // * CANCELED + // + // * CANCELING + // + // * COMPLETE + // + // * FAILED + // + // * IN_PROGRESS + // + // * STARTING Status *string `type:"string"` - // The time that the snapshot export task completed. + // The time that the snapshot or cluster export task ended. TaskEndTime *time.Time `type:"timestamp"` - // The time that the snapshot export task started. + // The time that the snapshot or cluster export task started. TaskStartTime *time.Time `type:"timestamp"` // The total amount of data exported, in gigabytes. TotalExtractedDataInGB *int64 `type:"integer"` - // A warning about the snapshot export task. + // A warning about the snapshot or cluster export task. WarningMessage *string `type:"string"` } @@ -52500,7 +52609,7 @@ type StopDBInstanceAutomatedBackupsReplicationInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the source DB instance for which to stop - // replicating automated backups, for example, arn:aws:rds:us-west-2:123456789012:db:mydatabase. + // replicating automate backups, for example, arn:aws:rds:us-west-2:123456789012:db:mydatabase. // // SourceDBInstanceArn is a required field SourceDBInstanceArn *string `type:"string" required:"true"` @@ -52858,16 +52967,19 @@ type SwitchoverDetail struct { // // Values: // - // * preparing-for-switchover - The resource is being prepared to switch - // over. + // * PROVISIONING - The resource is being prepared to switch over. + // + // * AVAILABLE - The resource is ready to switch over. + // + // * SWITCHOVER_IN_PROGRESS - The resource is being switched over. // - // * ready-for-switchover - The resource is ready to switch over. + // * SWITCHOVER_COMPLETED - The resource has been switched over. // - // * switchover-in-progress - The resource is being switched over. + // * SWITCHOVER_FAILED - The resource attempted to switch over but failed. // - // * switchover-completed - The resource has been switched over. + // * MISSING_SOURCE - The source resource has been deleted. // - // * switchover-failed - The resource attempted to switch over but failed. + // * MISSING_TARGET - The target resource has been deleted. Status *string `type:"string"` // The Amazon Resource Name (ARN) of a resource in the green environment. diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/errors.go b/vendor/github.com/aws/aws-sdk-go/service/rds/errors.go index 5c50726..60916d5 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/errors.go @@ -49,6 +49,12 @@ const ( // CertificateIdentifier doesn't refer to an existing certificate. ErrCodeCertificateNotFoundFault = "CertificateNotFound" + // ErrCodeCreateCustomDBEngineVersionFault for service response error code + // "CreateCustomDBEngineVersionFault". + // + // An error occurred while trying to create the CEV. + ErrCodeCreateCustomDBEngineVersionFault = "CreateCustomDBEngineVersionFault" + // ErrCodeCustomAvailabilityZoneNotFoundFault for service response error code // "CustomAvailabilityZoneNotFound". // @@ -775,10 +781,17 @@ const ( // available across all DB instances. ErrCodeStorageQuotaExceededFault = "StorageQuotaExceeded" + // ErrCodeStorageTypeNotAvailableFault for service response error code + // "StorageTypeNotAvailableFault". + // + // The aurora-iopt1 storage type isn't available, because you modified the DB + // cluster to use this storage type less than one month ago. + ErrCodeStorageTypeNotAvailableFault = "StorageTypeNotAvailableFault" + // ErrCodeStorageTypeNotSupportedFault for service response error code // "StorageTypeNotSupported". // - // Storage of the StorageType specified can't be associated with the DB instance. + // The specified StorageType can't be associated with the DB instance. ErrCodeStorageTypeNotSupportedFault = "StorageTypeNotSupported" // ErrCodeSubnetAlreadyInUse for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/redshift/api.go b/vendor/github.com/aws/aws-sdk-go/service/redshift/api.go index d55a646..6dd959a 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/redshift/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/redshift/api.go @@ -1699,6 +1699,93 @@ func (c *Redshift) CreateClusterSubnetGroupWithContext(ctx aws.Context, input *C return out, req.Send() } +const opCreateCustomDomainAssociation = "CreateCustomDomainAssociation" + +// CreateCustomDomainAssociationRequest generates a "aws/request.Request" representing the +// client's request for the CreateCustomDomainAssociation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateCustomDomainAssociation for more information on using the CreateCustomDomainAssociation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateCustomDomainAssociationRequest method. +// req, resp := client.CreateCustomDomainAssociationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/CreateCustomDomainAssociation +func (c *Redshift) CreateCustomDomainAssociationRequest(input *CreateCustomDomainAssociationInput) (req *request.Request, output *CreateCustomDomainAssociationOutput) { + op := &request.Operation{ + Name: opCreateCustomDomainAssociation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateCustomDomainAssociationInput{} + } + + output = &CreateCustomDomainAssociationOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateCustomDomainAssociation API operation for Amazon Redshift. +// +// Used to create a custom domain name for a cluster. Properties include the +// custom domain name, the cluster the custom domain is associated with, and +// the certificate Amazon Resource Name (ARN). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Redshift's +// API operation CreateCustomDomainAssociation for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeUnsupportedOperationFault "UnsupportedOperation" +// The requested operation isn't supported. +// +// - ErrCodeClusterNotFoundFault "ClusterNotFound" +// The ClusterIdentifier parameter does not refer to an existing cluster. +// +// - ErrCodeCustomCnameAssociationFault "CustomCnameAssociationFault" +// An error occurred when an attempt was made to change the custom domain association. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/CreateCustomDomainAssociation +func (c *Redshift) CreateCustomDomainAssociation(input *CreateCustomDomainAssociationInput) (*CreateCustomDomainAssociationOutput, error) { + req, out := c.CreateCustomDomainAssociationRequest(input) + return out, req.Send() +} + +// CreateCustomDomainAssociationWithContext is the same as CreateCustomDomainAssociation with the addition of +// the ability to pass a context and additional request options. +// +// See CreateCustomDomainAssociation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Redshift) CreateCustomDomainAssociationWithContext(ctx aws.Context, input *CreateCustomDomainAssociationInput, opts ...request.Option) (*CreateCustomDomainAssociationOutput, error) { + req, out := c.CreateCustomDomainAssociationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateEndpointAccess = "CreateEndpointAccess" // CreateEndpointAccessRequest generates a "aws/request.Request" representing the @@ -3265,6 +3352,92 @@ func (c *Redshift) DeleteClusterSubnetGroupWithContext(ctx aws.Context, input *D return out, req.Send() } +const opDeleteCustomDomainAssociation = "DeleteCustomDomainAssociation" + +// DeleteCustomDomainAssociationRequest generates a "aws/request.Request" representing the +// client's request for the DeleteCustomDomainAssociation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteCustomDomainAssociation for more information on using the DeleteCustomDomainAssociation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteCustomDomainAssociationRequest method. +// req, resp := client.DeleteCustomDomainAssociationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/DeleteCustomDomainAssociation +func (c *Redshift) DeleteCustomDomainAssociationRequest(input *DeleteCustomDomainAssociationInput) (req *request.Request, output *DeleteCustomDomainAssociationOutput) { + op := &request.Operation{ + Name: opDeleteCustomDomainAssociation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteCustomDomainAssociationInput{} + } + + output = &DeleteCustomDomainAssociationOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteCustomDomainAssociation API operation for Amazon Redshift. +// +// Contains information about deleting a custom domain association for a cluster. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Redshift's +// API operation DeleteCustomDomainAssociation for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeUnsupportedOperationFault "UnsupportedOperation" +// The requested operation isn't supported. +// +// - ErrCodeClusterNotFoundFault "ClusterNotFound" +// The ClusterIdentifier parameter does not refer to an existing cluster. +// +// - ErrCodeCustomCnameAssociationFault "CustomCnameAssociationFault" +// An error occurred when an attempt was made to change the custom domain association. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/DeleteCustomDomainAssociation +func (c *Redshift) DeleteCustomDomainAssociation(input *DeleteCustomDomainAssociationInput) (*DeleteCustomDomainAssociationOutput, error) { + req, out := c.DeleteCustomDomainAssociationRequest(input) + return out, req.Send() +} + +// DeleteCustomDomainAssociationWithContext is the same as DeleteCustomDomainAssociation with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteCustomDomainAssociation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Redshift) DeleteCustomDomainAssociationWithContext(ctx aws.Context, input *DeleteCustomDomainAssociationInput, opts ...request.Option) (*DeleteCustomDomainAssociationOutput, error) { + req, out := c.DeleteCustomDomainAssociationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteEndpointAccess = "DeleteEndpointAccess" // DeleteEndpointAccessRequest generates a "aws/request.Request" representing the @@ -5605,6 +5778,145 @@ func (c *Redshift) DescribeClustersPagesWithContext(ctx aws.Context, input *Desc return p.Err() } +const opDescribeCustomDomainAssociations = "DescribeCustomDomainAssociations" + +// DescribeCustomDomainAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeCustomDomainAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeCustomDomainAssociations for more information on using the DescribeCustomDomainAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeCustomDomainAssociationsRequest method. +// req, resp := client.DescribeCustomDomainAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/DescribeCustomDomainAssociations +func (c *Redshift) DescribeCustomDomainAssociationsRequest(input *DescribeCustomDomainAssociationsInput) (req *request.Request, output *DescribeCustomDomainAssociationsOutput) { + op := &request.Operation{ + Name: opDescribeCustomDomainAssociations, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeCustomDomainAssociationsInput{} + } + + output = &DescribeCustomDomainAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeCustomDomainAssociations API operation for Amazon Redshift. +// +// Contains information for custom domain associations for a cluster. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Redshift's +// API operation DescribeCustomDomainAssociations for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeCustomDomainAssociationNotFoundFault "CustomDomainAssociationNotFoundFault" +// An error occurred. The custom domain name couldn't be found. +// +// - ErrCodeUnsupportedOperationFault "UnsupportedOperation" +// The requested operation isn't supported. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/DescribeCustomDomainAssociations +func (c *Redshift) DescribeCustomDomainAssociations(input *DescribeCustomDomainAssociationsInput) (*DescribeCustomDomainAssociationsOutput, error) { + req, out := c.DescribeCustomDomainAssociationsRequest(input) + return out, req.Send() +} + +// DescribeCustomDomainAssociationsWithContext is the same as DescribeCustomDomainAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeCustomDomainAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Redshift) DescribeCustomDomainAssociationsWithContext(ctx aws.Context, input *DescribeCustomDomainAssociationsInput, opts ...request.Option) (*DescribeCustomDomainAssociationsOutput, error) { + req, out := c.DescribeCustomDomainAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeCustomDomainAssociationsPages iterates over the pages of a DescribeCustomDomainAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeCustomDomainAssociations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeCustomDomainAssociations operation. +// pageNum := 0 +// err := client.DescribeCustomDomainAssociationsPages(params, +// func(page *redshift.DescribeCustomDomainAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *Redshift) DescribeCustomDomainAssociationsPages(input *DescribeCustomDomainAssociationsInput, fn func(*DescribeCustomDomainAssociationsOutput, bool) bool) error { + return c.DescribeCustomDomainAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeCustomDomainAssociationsPagesWithContext same as DescribeCustomDomainAssociationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Redshift) DescribeCustomDomainAssociationsPagesWithContext(ctx aws.Context, input *DescribeCustomDomainAssociationsInput, fn func(*DescribeCustomDomainAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeCustomDomainAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeCustomDomainAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeCustomDomainAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeDataShares = "DescribeDataShares" // DescribeDataSharesRequest generates a "aws/request.Request" representing the @@ -10300,6 +10612,12 @@ func (c *Redshift) ModifyClusterRequest(input *ModifyClusterInput) (req *request // // The value must be either -1 or an integer between 1 and 3,653. // +// - ErrCodeUnsupportedOperationFault "UnsupportedOperation" +// The requested operation isn't supported. +// +// - ErrCodeCustomCnameAssociationFault "CustomCnameAssociationFault" +// An error occurred when an attempt was made to change the custom domain association. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/ModifyCluster func (c *Redshift) ModifyCluster(input *ModifyClusterInput) (*ModifyClusterOutput, error) { req, out := c.ModifyClusterRequest(input) @@ -10945,6 +11263,91 @@ func (c *Redshift) ModifyClusterSubnetGroupWithContext(ctx aws.Context, input *M return out, req.Send() } +const opModifyCustomDomainAssociation = "ModifyCustomDomainAssociation" + +// ModifyCustomDomainAssociationRequest generates a "aws/request.Request" representing the +// client's request for the ModifyCustomDomainAssociation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyCustomDomainAssociation for more information on using the ModifyCustomDomainAssociation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyCustomDomainAssociationRequest method. +// req, resp := client.ModifyCustomDomainAssociationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/ModifyCustomDomainAssociation +func (c *Redshift) ModifyCustomDomainAssociationRequest(input *ModifyCustomDomainAssociationInput) (req *request.Request, output *ModifyCustomDomainAssociationOutput) { + op := &request.Operation{ + Name: opModifyCustomDomainAssociation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyCustomDomainAssociationInput{} + } + + output = &ModifyCustomDomainAssociationOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyCustomDomainAssociation API operation for Amazon Redshift. +// +// Contains information for changing a custom domain association. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Redshift's +// API operation ModifyCustomDomainAssociation for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeUnsupportedOperationFault "UnsupportedOperation" +// The requested operation isn't supported. +// +// - ErrCodeClusterNotFoundFault "ClusterNotFound" +// The ClusterIdentifier parameter does not refer to an existing cluster. +// +// - ErrCodeCustomCnameAssociationFault "CustomCnameAssociationFault" +// An error occurred when an attempt was made to change the custom domain association. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/ModifyCustomDomainAssociation +func (c *Redshift) ModifyCustomDomainAssociation(input *ModifyCustomDomainAssociationInput) (*ModifyCustomDomainAssociationOutput, error) { + req, out := c.ModifyCustomDomainAssociationRequest(input) + return out, req.Send() +} + +// ModifyCustomDomainAssociationWithContext is the same as ModifyCustomDomainAssociation with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyCustomDomainAssociation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Redshift) ModifyCustomDomainAssociationWithContext(ctx aws.Context, input *ModifyCustomDomainAssociationInput, opts ...request.Option) (*ModifyCustomDomainAssociationOutput, error) { + req, out := c.ModifyCustomDomainAssociationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyEndpointAccess = "ModifyEndpointAccess" // ModifyEndpointAccessRequest generates a "aws/request.Request" representing the @@ -13438,6 +13841,57 @@ func (s *AssociateDataShareConsumerOutput) SetProducerArn(v string) *AssociateDa return s } +// Contains information about the custom domain name association. +type Association struct { + _ struct{} `type:"structure"` + + // A list of all associated clusters and domain names tied to a specific certificate. + CertificateAssociations []*CertificateAssociation `locationNameList:"CertificateAssociation" type:"list"` + + // The Amazon Resource Name (ARN) for the certificate associated with the custom + // domain. + CustomDomainCertificateArn *string `type:"string"` + + // The expiration date for the certificate. + CustomDomainCertificateExpiryDate *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Association) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Association) GoString() string { + return s.String() +} + +// SetCertificateAssociations sets the CertificateAssociations field's value. +func (s *Association) SetCertificateAssociations(v []*CertificateAssociation) *Association { + s.CertificateAssociations = v + return s +} + +// SetCustomDomainCertificateArn sets the CustomDomainCertificateArn field's value. +func (s *Association) SetCustomDomainCertificateArn(v string) *Association { + s.CustomDomainCertificateArn = &v + return s +} + +// SetCustomDomainCertificateExpiryDate sets the CustomDomainCertificateExpiryDate field's value. +func (s *Association) SetCustomDomainCertificateExpiryDate(v time.Time) *Association { + s.CustomDomainCertificateExpiryDate = &v + return s +} + // Describes an attribute value. type AttributeValueTarget struct { _ struct{} `type:"structure"` @@ -14523,6 +14977,48 @@ func (s *CancelResizeOutput) SetTotalResizeDataInMegaBytes(v int64) *CancelResiz return s } +// A cluster ID and custom domain name tied to a specific certificate. These +// are typically returned in a list. +type CertificateAssociation struct { + _ struct{} `type:"structure"` + + // The cluster identifier for the certificate association. + ClusterIdentifier *string `type:"string"` + + // The custom domain name for the certificate association. + CustomDomainName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CertificateAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CertificateAssociation) GoString() string { + return s.String() +} + +// SetClusterIdentifier sets the ClusterIdentifier field's value. +func (s *CertificateAssociation) SetClusterIdentifier(v string) *CertificateAssociation { + s.ClusterIdentifier = &v + return s +} + +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *CertificateAssociation) SetCustomDomainName(v string) *CertificateAssociation { + s.CustomDomainName = &v + return s +} + // Describes a cluster. type Cluster struct { _ struct{} `type:"structure"` @@ -14645,6 +15141,16 @@ type Cluster struct { // The version ID of the Amazon Redshift engine that is running on the cluster. ClusterVersion *string `type:"string"` + // The certificate Amazon Resource Name (ARN) for the custom domain name. + CustomDomainCertificateArn *string `type:"string"` + + // The expiration date for the certificate associated with the custom domain + // name. + CustomDomainCertificateExpiryDate *time.Time `type:"timestamp"` + + // The custom domain name associated with the cluster. + CustomDomainName *string `type:"string"` + // The name of the initial database that was created when the cluster was created. // This same name is returned for the life of the cluster. If an initial database // was not specified, a database named devdev was created by default. @@ -14916,6 +15422,24 @@ func (s *Cluster) SetClusterVersion(v string) *Cluster { return s } +// SetCustomDomainCertificateArn sets the CustomDomainCertificateArn field's value. +func (s *Cluster) SetCustomDomainCertificateArn(v string) *Cluster { + s.CustomDomainCertificateArn = &v + return s +} + +// SetCustomDomainCertificateExpiryDate sets the CustomDomainCertificateExpiryDate field's value. +func (s *Cluster) SetCustomDomainCertificateExpiryDate(v time.Time) *Cluster { + s.CustomDomainCertificateExpiryDate = &v + return s +} + +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *Cluster) SetCustomDomainName(v string) *Cluster { + s.CustomDomainName = &v + return s +} + // SetDBName sets the DBName field's value. func (s *Cluster) SetDBName(v string) *Cluster { s.DBName = &v @@ -17183,6 +17707,145 @@ func (s *CreateClusterSubnetGroupOutput) SetClusterSubnetGroup(v *ClusterSubnetG return s } +type CreateCustomDomainAssociationInput struct { + _ struct{} `type:"structure"` + + // The cluster identifier that the custom domain is associated with. + // + // ClusterIdentifier is a required field + ClusterIdentifier *string `type:"string" required:"true"` + + // The certificate Amazon Resource Name (ARN) for the custom domain name association. + // + // CustomDomainCertificateArn is a required field + CustomDomainCertificateArn *string `min:"20" type:"string" required:"true"` + + // The custom domain name for a custom domain association. + // + // CustomDomainName is a required field + CustomDomainName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDomainAssociationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDomainAssociationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateCustomDomainAssociationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateCustomDomainAssociationInput"} + if s.ClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("ClusterIdentifier")) + } + if s.CustomDomainCertificateArn == nil { + invalidParams.Add(request.NewErrParamRequired("CustomDomainCertificateArn")) + } + if s.CustomDomainCertificateArn != nil && len(*s.CustomDomainCertificateArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("CustomDomainCertificateArn", 20)) + } + if s.CustomDomainName == nil { + invalidParams.Add(request.NewErrParamRequired("CustomDomainName")) + } + if s.CustomDomainName != nil && len(*s.CustomDomainName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CustomDomainName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClusterIdentifier sets the ClusterIdentifier field's value. +func (s *CreateCustomDomainAssociationInput) SetClusterIdentifier(v string) *CreateCustomDomainAssociationInput { + s.ClusterIdentifier = &v + return s +} + +// SetCustomDomainCertificateArn sets the CustomDomainCertificateArn field's value. +func (s *CreateCustomDomainAssociationInput) SetCustomDomainCertificateArn(v string) *CreateCustomDomainAssociationInput { + s.CustomDomainCertificateArn = &v + return s +} + +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *CreateCustomDomainAssociationInput) SetCustomDomainName(v string) *CreateCustomDomainAssociationInput { + s.CustomDomainName = &v + return s +} + +type CreateCustomDomainAssociationOutput struct { + _ struct{} `type:"structure"` + + // The identifier of the cluster that the custom domain is associated with. + ClusterIdentifier *string `type:"string"` + + // The expiration time for the certificate for the custom domain. + CustomDomainCertExpiryTime *string `type:"string"` + + // The Amazon Resource Name (ARN) for the certificate associated with the custom + // domain name. + CustomDomainCertificateArn *string `min:"20" type:"string"` + + // The custom domain name for the association result. + CustomDomainName *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDomainAssociationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDomainAssociationOutput) GoString() string { + return s.String() +} + +// SetClusterIdentifier sets the ClusterIdentifier field's value. +func (s *CreateCustomDomainAssociationOutput) SetClusterIdentifier(v string) *CreateCustomDomainAssociationOutput { + s.ClusterIdentifier = &v + return s +} + +// SetCustomDomainCertExpiryTime sets the CustomDomainCertExpiryTime field's value. +func (s *CreateCustomDomainAssociationOutput) SetCustomDomainCertExpiryTime(v string) *CreateCustomDomainAssociationOutput { + s.CustomDomainCertExpiryTime = &v + return s +} + +// SetCustomDomainCertificateArn sets the CustomDomainCertificateArn field's value. +func (s *CreateCustomDomainAssociationOutput) SetCustomDomainCertificateArn(v string) *CreateCustomDomainAssociationOutput { + s.CustomDomainCertificateArn = &v + return s +} + +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *CreateCustomDomainAssociationOutput) SetCustomDomainName(v string) *CreateCustomDomainAssociationOutput { + s.CustomDomainName = &v + return s +} + type CreateEndpointAccessInput struct { _ struct{} `type:"structure"` @@ -19711,6 +20374,74 @@ func (s DeleteClusterSubnetGroupOutput) GoString() string { return s.String() } +type DeleteCustomDomainAssociationInput struct { + _ struct{} `type:"structure"` + + // The identifier of the cluster to delete a custom domain association for. + // + // ClusterIdentifier is a required field + ClusterIdentifier *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCustomDomainAssociationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCustomDomainAssociationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteCustomDomainAssociationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteCustomDomainAssociationInput"} + if s.ClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("ClusterIdentifier")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClusterIdentifier sets the ClusterIdentifier field's value. +func (s *DeleteCustomDomainAssociationInput) SetClusterIdentifier(v string) *DeleteCustomDomainAssociationInput { + s.ClusterIdentifier = &v + return s +} + +type DeleteCustomDomainAssociationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCustomDomainAssociationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCustomDomainAssociationOutput) GoString() string { + return s.String() +} + type DeleteEndpointAccessInput struct { _ struct{} `type:"structure"` @@ -21961,6 +22692,120 @@ func (s *DescribeClustersOutput) SetMarker(v string) *DescribeClustersOutput { return s } +type DescribeCustomDomainAssociationsInput struct { + _ struct{} `type:"structure"` + + // The certificate Amazon Resource Name (ARN) for the custom domain association. + CustomDomainCertificateArn *string `min:"20" type:"string"` + + // The custom domain name for the custom domain association. + CustomDomainName *string `min:"1" type:"string"` + + // The marker for the custom domain association. + Marker *string `type:"string"` + + // The maximum records setting for the associated custom domain. + MaxRecords *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCustomDomainAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCustomDomainAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeCustomDomainAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeCustomDomainAssociationsInput"} + if s.CustomDomainCertificateArn != nil && len(*s.CustomDomainCertificateArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("CustomDomainCertificateArn", 20)) + } + if s.CustomDomainName != nil && len(*s.CustomDomainName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CustomDomainName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCustomDomainCertificateArn sets the CustomDomainCertificateArn field's value. +func (s *DescribeCustomDomainAssociationsInput) SetCustomDomainCertificateArn(v string) *DescribeCustomDomainAssociationsInput { + s.CustomDomainCertificateArn = &v + return s +} + +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *DescribeCustomDomainAssociationsInput) SetCustomDomainName(v string) *DescribeCustomDomainAssociationsInput { + s.CustomDomainName = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeCustomDomainAssociationsInput) SetMarker(v string) *DescribeCustomDomainAssociationsInput { + s.Marker = &v + return s +} + +// SetMaxRecords sets the MaxRecords field's value. +func (s *DescribeCustomDomainAssociationsInput) SetMaxRecords(v int64) *DescribeCustomDomainAssociationsInput { + s.MaxRecords = &v + return s +} + +type DescribeCustomDomainAssociationsOutput struct { + _ struct{} `type:"structure"` + + // The associations for the custom domain. + Associations []*Association `locationNameList:"Association" type:"list"` + + // The marker for the custom domain association. + Marker *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCustomDomainAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCustomDomainAssociationsOutput) GoString() string { + return s.String() +} + +// SetAssociations sets the Associations field's value. +func (s *DescribeCustomDomainAssociationsOutput) SetAssociations(v []*Association) *DescribeCustomDomainAssociationsOutput { + s.Associations = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeCustomDomainAssociationsOutput) SetMarker(v string) *DescribeCustomDomainAssociationsOutput { + s.Marker = &v + return s +} + type DescribeDataSharesForConsumerInput struct { _ struct{} `type:"structure"` @@ -26461,9 +27306,10 @@ type GetClusterCredentialsInput struct { // The unique identifier of the cluster that contains the database for which // you are requesting credentials. This parameter is case sensitive. - // - // ClusterIdentifier is a required field - ClusterIdentifier *string `type:"string" required:"true"` + ClusterIdentifier *string `type:"string"` + + // The custom domain name for the cluster credentials. + CustomDomainName *string `type:"string"` // A list of the names of existing database groups that the user named in DbUser // will join for the current session, in addition to any group memberships for @@ -26563,9 +27409,6 @@ func (s GetClusterCredentialsInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *GetClusterCredentialsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GetClusterCredentialsInput"} - if s.ClusterIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("ClusterIdentifier")) - } if s.DbUser == nil { invalidParams.Add(request.NewErrParamRequired("DbUser")) } @@ -26588,6 +27431,12 @@ func (s *GetClusterCredentialsInput) SetClusterIdentifier(v string) *GetClusterC return s } +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *GetClusterCredentialsInput) SetCustomDomainName(v string) *GetClusterCredentialsInput { + s.CustomDomainName = &v + return s +} + // SetDbGroups sets the DbGroups field's value. func (s *GetClusterCredentialsInput) SetDbGroups(v []*string) *GetClusterCredentialsInput { s.DbGroups = v @@ -26678,9 +27527,10 @@ type GetClusterCredentialsWithIAMInput struct { // The unique identifier of the cluster that contains the database for which // you are requesting credentials. - // - // ClusterIdentifier is a required field - ClusterIdentifier *string `type:"string" required:"true"` + ClusterIdentifier *string `type:"string"` + + // The custom domain name for the IAM message cluster credentials. + CustomDomainName *string `type:"string"` // The name of the database for which you are requesting credentials. If the // database name is specified, the IAM policy must allow access to the resource @@ -26712,25 +27562,18 @@ func (s GetClusterCredentialsWithIAMInput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *GetClusterCredentialsWithIAMInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetClusterCredentialsWithIAMInput"} - if s.ClusterIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("ClusterIdentifier")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetClusterIdentifier sets the ClusterIdentifier field's value. func (s *GetClusterCredentialsWithIAMInput) SetClusterIdentifier(v string) *GetClusterCredentialsWithIAMInput { s.ClusterIdentifier = &v return s } +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *GetClusterCredentialsWithIAMInput) SetCustomDomainName(v string) *GetClusterCredentialsWithIAMInput { + s.CustomDomainName = &v + return s +} + // SetDbName sets the DbName field's value. func (s *GetClusterCredentialsWithIAMInput) SetDbName(v string) *GetClusterCredentialsWithIAMInput { s.DbName = &v @@ -28752,6 +29595,139 @@ func (s *ModifyClusterSubnetGroupOutput) SetClusterSubnetGroup(v *ClusterSubnetG return s } +type ModifyCustomDomainAssociationInput struct { + _ struct{} `type:"structure"` + + // The identifier of the cluster to change a custom domain association for. + // + // ClusterIdentifier is a required field + ClusterIdentifier *string `type:"string" required:"true"` + + // The certificate Amazon Resource Name (ARN) for the changed custom domain + // association. + CustomDomainCertificateArn *string `min:"20" type:"string"` + + // The custom domain name for a changed custom domain association. + CustomDomainName *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyCustomDomainAssociationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyCustomDomainAssociationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyCustomDomainAssociationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyCustomDomainAssociationInput"} + if s.ClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("ClusterIdentifier")) + } + if s.CustomDomainCertificateArn != nil && len(*s.CustomDomainCertificateArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("CustomDomainCertificateArn", 20)) + } + if s.CustomDomainName != nil && len(*s.CustomDomainName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CustomDomainName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClusterIdentifier sets the ClusterIdentifier field's value. +func (s *ModifyCustomDomainAssociationInput) SetClusterIdentifier(v string) *ModifyCustomDomainAssociationInput { + s.ClusterIdentifier = &v + return s +} + +// SetCustomDomainCertificateArn sets the CustomDomainCertificateArn field's value. +func (s *ModifyCustomDomainAssociationInput) SetCustomDomainCertificateArn(v string) *ModifyCustomDomainAssociationInput { + s.CustomDomainCertificateArn = &v + return s +} + +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *ModifyCustomDomainAssociationInput) SetCustomDomainName(v string) *ModifyCustomDomainAssociationInput { + s.CustomDomainName = &v + return s +} + +type ModifyCustomDomainAssociationOutput struct { + _ struct{} `type:"structure"` + + // The identifier of the cluster associated with the result for the changed + // custom domain association. + ClusterIdentifier *string `type:"string"` + + // The certificate expiration time associated with the result for the changed + // custom domain association. + CustomDomainCertExpiryTime *string `type:"string"` + + // The certificate Amazon Resource Name (ARN) associated with the result for + // the changed custom domain association. + CustomDomainCertificateArn *string `min:"20" type:"string"` + + // The custom domain name associated with the result for the changed custom + // domain association. + CustomDomainName *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyCustomDomainAssociationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyCustomDomainAssociationOutput) GoString() string { + return s.String() +} + +// SetClusterIdentifier sets the ClusterIdentifier field's value. +func (s *ModifyCustomDomainAssociationOutput) SetClusterIdentifier(v string) *ModifyCustomDomainAssociationOutput { + s.ClusterIdentifier = &v + return s +} + +// SetCustomDomainCertExpiryTime sets the CustomDomainCertExpiryTime field's value. +func (s *ModifyCustomDomainAssociationOutput) SetCustomDomainCertExpiryTime(v string) *ModifyCustomDomainAssociationOutput { + s.CustomDomainCertExpiryTime = &v + return s +} + +// SetCustomDomainCertificateArn sets the CustomDomainCertificateArn field's value. +func (s *ModifyCustomDomainAssociationOutput) SetCustomDomainCertificateArn(v string) *ModifyCustomDomainAssociationOutput { + s.CustomDomainCertificateArn = &v + return s +} + +// SetCustomDomainName sets the CustomDomainName field's value. +func (s *ModifyCustomDomainAssociationOutput) SetCustomDomainName(v string) *ModifyCustomDomainAssociationOutput { + s.CustomDomainName = &v + return s +} + type ModifyEndpointAccessInput struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/redshift/errors.go b/vendor/github.com/aws/aws-sdk-go/service/redshift/errors.go index bd6e8f6..beffc2d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/redshift/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/redshift/errors.go @@ -204,6 +204,18 @@ const ( // Cross-region snapshot copy was temporarily disabled. Try your request again. ErrCodeCopyToRegionDisabledFault = "CopyToRegionDisabledFault" + // ErrCodeCustomCnameAssociationFault for service response error code + // "CustomCnameAssociationFault". + // + // An error occurred when an attempt was made to change the custom domain association. + ErrCodeCustomCnameAssociationFault = "CustomCnameAssociationFault" + + // ErrCodeCustomDomainAssociationNotFoundFault for service response error code + // "CustomDomainAssociationNotFoundFault". + // + // An error occurred. The custom domain name couldn't be found. + ErrCodeCustomDomainAssociationNotFoundFault = "CustomDomainAssociationNotFoundFault" + // ErrCodeDependentServiceRequestThrottlingFault for service response error code // "DependentServiceRequestThrottlingFault". // diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index a9c653a..5bb86ce 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -186,9 +186,15 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) // to complete. After Amazon S3 begins processing the request, it sends an HTTP // response header that specifies a 200 OK response. While processing is in // progress, Amazon S3 periodically sends white space characters to keep the -// connection from timing out. Because a request could fail after the initial -// 200 OK response has been sent, it is important that you check the response -// body to determine whether the request succeeded. +// connection from timing out. A request could fail after the initial 200 OK +// response has been sent. This means that a 200 OK response can contain either +// a success or an error. If you call the S3 API directly, make sure to design +// your application to parse the contents of the response and handle it appropriately. +// If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs +// detect the embedded error and apply error handling per your configuration +// settings (including automatically retrying the request as appropriate). If +// the condition persists, the SDKs throws an exception (or, for the SDKs that +// don't use exceptions, they return the error). // // Note that if CompleteMultipartUpload fails, applications should be prepared // to retry the failed requests. For more information, see Amazon S3 Error Best @@ -324,8 +330,13 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // action starts, you receive a standard Amazon S3 error. If the error occurs // during the copy operation, the error response is embedded in the 200 OK response. // This means that a 200 OK response can contain either a success or an error. -// Design your application to parse the contents of the response and handle -// it appropriately. +// If you call the S3 API directly, make sure to design your application to +// parse the contents of the response and handle it appropriately. If you use +// Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the +// embedded error and apply error handling per your configuration settings (including +// automatically retrying the request as appropriate). If the condition persists, +// the SDKs throws an exception (or, for the SDKs that don't use exceptions, +// they return the error). // // If the copy is successful, you receive a response with information about // the copied object. @@ -345,11 +356,11 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // // # Metadata // -// When copying an object, you can preserve all metadata (default) or specify -// new metadata. However, the ACL is not preserved and is set to private for -// the user making the request. To override the default ACL setting, specify -// a new ACL when generating a copy request. For more information, see Using -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). +// When copying an object, you can preserve all metadata (the default) or specify +// new metadata. However, the access control list (ACL) is not preserved and +// is set to private for the user making the request. To override the default +// ACL setting, specify a new ACL when generating a copy request. For more information, +// see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). // // To specify whether you want the object metadata copied from the source object // or replaced with metadata provided in the request, you can optionally add @@ -360,6 +371,9 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition // keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). // +// x-amz-website-redirect-location is unique to each object and must be specified +// in the request headers to copy the value. +// // x-amz-copy-source-if Headers // // To only copy an object under certain conditions, such as whether the Etag @@ -395,13 +409,30 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // // # Server-side encryption // -// When you perform a CopyObject operation, you can optionally use the appropriate -// encryption-related headers to encrypt the object using server-side encryption -// with Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS) or a -// customer-provided encryption key. With server-side encryption, Amazon S3 -// encrypts your data as it writes it to disks in its data centers and decrypts -// the data when you access it. For more information about server-side encryption, -// see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). +// Amazon S3 automatically encrypts all new objects that are copied to an S3 +// bucket. When copying an object, if you don't specify encryption information +// in your copy request, the encryption setting of the target object is set +// to the default encryption configuration of the destination bucket. By default, +// all buckets have a base level of encryption configuration that uses server-side +// encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket +// has a default encryption configuration that uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding +// KMS key, or a customer-provided key to encrypt the target object copy. +// +// When you perform a CopyObject operation, if you want to use a different type +// of encryption setting for the target object, you can use other appropriate +// encryption-related headers to encrypt the target object with a KMS key, an +// Amazon S3 managed key, or a customer-provided key. With server-side encryption, +// Amazon S3 encrypts your data as it writes your data to disks in its data +// centers and decrypts the data when you access it. If the encryption setting +// in your request is different from the default encryption configuration of +// the destination bucket, the encryption setting in your request takes precedence. +// If the source object for the copy is stored in Amazon S3 using SSE-C, you +// must provide the necessary encryption information in your request so that +// Amazon S3 can decrypt the object for copying. For more information about +// server-side encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). // // If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the // object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) @@ -412,9 +443,9 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // When copying an object, you can optionally use headers to grant ACL-based // permissions. By default, all objects are private. Only the owner has full // access control. When adding a new object, you can grant permissions to individual -// Amazon Web Services accounts or to predefined groups defined by Amazon S3. -// These permissions are then added to the ACL on the object. For more information, -// see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) +// Amazon Web Services accounts or to predefined groups that are defined by +// Amazon S3. These permissions are then added to the ACL on the object. For +// more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) // and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). // // If the bucket that you're copying objects to uses the bucket owner enforced @@ -435,22 +466,27 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // # Checksums // // When copying an object, if it has a checksum, that checksum will be copied -// to the new object by default. When you copy the object over, you may optionally +// to the new object by default. When you copy the object over, you can optionally // specify a different checksum algorithm to use with the x-amz-checksum-algorithm // header. // // # Storage Class Options // // You can use the CopyObject action to change the storage class of an object -// that is already stored in Amazon S3 using the StorageClass parameter. For -// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) +// that is already stored in Amazon S3 by using the StorageClass parameter. +// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. // +// If the source object's storage class is GLACIER, you must restore a copy +// of this object before you can use it as a source object for the copy operation. +// For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html). +// // # Versioning // -// By default, x-amz-copy-source identifies the current version of an object -// to copy. If the current version is a delete marker, Amazon S3 behaves as -// if the object was deleted. To copy a different version, use the versionId +// By default, x-amz-copy-source header identifies the current version of an +// object to copy. If the current version is a delete marker, Amazon S3 behaves +// as if the object was deleted. To copy a different version, use the versionId // subresource. // // If you enable versioning on the target bucket, Amazon S3 generates a unique @@ -461,18 +497,12 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // If you do not enable versioning or suspend it on the target bucket, the version // ID that Amazon S3 generates is always null. // -// If the source object's storage class is GLACIER, you must restore a copy -// of this object before you can use it as a source object for the copy operation. -// For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). -// // The following operations are related to CopyObject: // // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html). -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -576,68 +606,51 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // your application must be able to handle 307 redirect. For more information, // see Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html). // -// Access control lists (ACLs) -// -// When creating a bucket using this operation, you can optionally configure -// the bucket ACL to specify the accounts or groups that should be granted specific -// permissions on the bucket. -// -// If your CreateBucket request sets bucket owner enforced for S3 Object Ownership -// and specifies a bucket ACL that provides access to an external Amazon Web -// Services account, your request fails with a 400 error and returns the InvalidBucketAclWithObjectOwnership -// error code. For more information, see Controlling object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. -// -// There are two ways to grant the appropriate permissions using the request -// headers. -// -// - Specify a canned ACL using the x-amz-acl request header. Amazon S3 supports -// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a -// predefined set of grantees and permissions. For more information, see -// Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// - Specify access permissions explicitly using the x-amz-grant-read, x-amz-grant-write, -// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control -// headers. These headers map to the set of permissions Amazon S3 supports -// in an ACL. For more information, see Access control list (ACL) overview -// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html). -// You specify each grantee as a type=value pair, where the type is one of -// the following: id – if the value specified is the canonical user ID -// of an Amazon Web Services account uri – if you are granting permissions -// to a predefined group emailAddress – if the value specified is the email -// address of an Amazon Web Services account Using email addresses to specify -// a grantee is only supported in the following Amazon Web Services Regions: -// US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific -// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) -// South America (São Paulo) For a list of all the Amazon S3 supported Regions -// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) -// in the Amazon Web Services General Reference. For example, the following -// x-amz-grant-read header grants the Amazon Web Services accounts identified -// by account IDs permissions to read object data and its metadata: x-amz-grant-read: -// id="11112222333", id="444455556666" -// -// You can use either a canned ACL or specify access permissions explicitly. -// You cannot do both. -// // # Permissions // // In addition to s3:CreateBucket, the following permissions are required when -// your CreateBucket includes specific headers: +// your CreateBucket request includes specific headers: // -// - ACLs - If your CreateBucket request specifies ACL permissions and the -// ACL is public-read, public-read-write, authenticated-read, or if you specify -// access permissions explicitly through any other ACL, both s3:CreateBucket -// and s3:PutBucketAcl permissions are needed. If the ACL the CreateBucket -// request is private or doesn't specify any ACLs, only s3:CreateBucket permission -// is needed. +// - Access control lists (ACLs) - If your CreateBucket request specifies +// access control list (ACL) permissions and the ACL is public-read, public-read-write, +// authenticated-read, or if you specify access permissions explicitly through +// any other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are +// needed. If the ACL for the CreateBucket request is private or if the request +// doesn't specify any ACLs, only s3:CreateBucket permission is needed. // // - Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket // request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning // permissions are required. // -// - S3 Object Ownership - If your CreateBucket request includes the the -// x-amz-object-ownership header, s3:PutBucketOwnershipControls permission -// is required. +// - S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership +// header, then the s3:PutBucketOwnershipControls permission is required. +// By default, ObjectOwnership is set to BucketOWnerEnforced and ACLs are +// disabled. We recommend keeping ACLs disabled, except in uncommon use cases +// where you must control access for each object individually. If you want +// to change the ObjectOwnership setting, you can use the x-amz-object-ownership +// header in your CreateBucket request to set the ObjectOwnership setting +// of your choice. For more information about S3 Object Ownership, see Controlling +// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// - S3 Block Public Access - If your specific use case requires granting +// public access to your S3 resources, you can disable Block Public Access. +// You can create a new bucket with Block Public Access enabled, then separately +// call the DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// API. To use this operation, you must have the s3:PutBucketPublicAccessBlock +// permission. By default, all Block Public Access settings are enabled for +// new buckets. To avoid inadvertent exposure of your resources, we recommend +// keeping the S3 Block Public Access settings enabled. For more information +// about S3 Block Public Access, see Blocking public access to your Amazon +// S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// If your CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object +// Ownership and specifies a bucket ACL that provides access to an external +// Amazon Web Services account, your request fails with a 400 error and returns +// the InvalidBucketAcLWithObjectOwnership error code. For more information, +// see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html) +// in the Amazon S3 User Guide. // // The following operations are related to CreateBucket: // @@ -745,7 +758,7 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // lifecycle configuration. Otherwise, the incomplete multipart upload becomes // eligible for an abort action and Amazon S3 aborts the multipart upload. For // more information, see Aborting Incomplete Multipart Uploads Using a Bucket -// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). +// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). // // For information about the permissions required to use the multipart upload // API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). @@ -763,22 +776,40 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // parts and stop charging you for storing them only after you either complete // or abort a multipart upload. // -// You can optionally request server-side encryption. For server-side encryption, -// Amazon S3 encrypts your data as it writes it to disks in its data centers -// and decrypts it when you access it. You can provide your own encryption key, -// or use Amazon Web Services KMS keys or Amazon S3-managed encryption keys. +// Server-side encryption is for data encryption at rest. Amazon S3 encrypts +// your data as it writes it to disks in its data centers and decrypts it when +// you access it. Amazon S3 automatically encrypts all new objects that are +// uploaded to an S3 bucket. When doing a multipart upload, if you don't specify +// encryption information in your request, the encryption setting of the uploaded +// parts is set to the default encryption configuration of the destination bucket. +// By default, all buckets have a base level of encryption configuration that +// uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the +// destination bucket has a default encryption configuration that uses server-side +// encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided +// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided +// key to encrypt the uploaded parts. When you perform a CreateMultipartUpload +// operation, if you want to use a different type of encryption setting for +// the uploaded parts, you can request that Amazon S3 encrypts the object with +// a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption +// setting in your request is different from the default encryption configuration +// of the destination bucket, the encryption setting in your request takes precedence. // If you choose to provide your own encryption key, the request headers you // provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // requests must match the headers you used in the request to initiate the upload -// by using CreateMultipartUpload. +// by using CreateMultipartUpload. You can request that Amazon S3 save the uploaded +// parts encrypted with server-side encryption with an Amazon S3 managed key +// (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided +// encryption key (SSE-C). // -// To perform a multipart upload with encryption using an Amazon Web Services +// To perform a multipart upload with encryption by using an Amazon Web Services // KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* // actions on the key. These permissions are required because Amazon S3 must // decrypt and read data from the encrypted file parts before it completes the // multipart upload. For more information, see Multipart upload API and permissions // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) // in the Amazon S3 User Guide. // // If your Identity and Access Management (IAM) user or role is in the same @@ -808,32 +839,35 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // // # Server-Side- Encryption-Specific Request Headers // -// You can optionally tell Amazon S3 to encrypt data at rest using server-side -// encryption. Server-side encryption is for data encryption at rest. Amazon -// S3 encrypts your data as it writes it to disks in its data centers and decrypts -// it when you access it. The option you use depends on whether you want to -// use Amazon Web Services managed encryption keys or provide your own encryption -// key. -// -// - Use encryption keys managed by Amazon S3 or customer managed key stored -// in Amazon Web Services Key Management Service (Amazon Web Services KMS) -// – If you want Amazon Web Services to manage the keys used to encrypt +// Amazon S3 encrypts data by using server-side encryption with an Amazon S3 +// managed key (SSE-S3) by default. Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its data +// centers and decrypts it when you access it. You can request that Amazon S3 +// encrypts data at rest by using server-side encryption with other key options. +// The option you use depends on whether you want to use KMS keys (SSE-KMS) +// or provide your own encryption keys (SSE-C). +// +// - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed +// key (aws/s3) and KMS customer managed keys stored in Key Management Service +// (KMS) – If you want Amazon Web Services to manage the keys used to encrypt // data, specify the following headers in the request. x-amz-server-side-encryption // x-amz-server-side-encryption-aws-kms-key-id x-amz-server-side-encryption-context // If you specify x-amz-server-side-encryption:aws:kms, but don't provide // x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon -// Web Services managed key in Amazon Web Services KMS to protect the data. -// All GET and PUT requests for an object protected by Amazon Web Services -// KMS fail if you don't make them with SSL or by using SigV4. For more information -// about server-side encryption with KMS key (SSE-KMS), see Protecting Data -// Using Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). -// -// - Use customer-provided encryption keys – If you want to manage your -// own encryption keys, provide all the following headers in the request. +// Web Services managed key (aws/s3 key) in KMS to protect the data. All +// GET and PUT requests for an object protected by KMS fail if you don't +// make them by using Secure Sockets Layer (SSL), Transport Layer Security +// (TLS), or Signature Version 4. For more information about server-side +// encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side +// Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html). +// +// - Use customer-provided encryption keys (SSE-C) – If you want to manage +// your own encryption keys, provide all the following headers in the request. // x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key // x-amz-server-side-encryption-customer-key-MD5 For more information about -// server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using -// Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). +// server-side encryption with customer-provided encryption keys (SSE-C), +// see Protecting data using server-side encryption with customer-provided +// encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html). // // # Access-Control-List (ACL)-Specific Request Headers // @@ -960,7 +994,7 @@ func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request // Deletes the S3 bucket. All objects (including all object versions and delete // markers) in the bucket must be deleted before the bucket itself can be deleted. // -// Related Resources +// The following operations are related to DeleteBucket: // // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // @@ -1139,7 +1173,7 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request // For information about cors, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) // in the Amazon S3 User Guide. // -// Related Resources: +// Related Resources // // - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) // @@ -1217,9 +1251,10 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) ( // DeleteBucketEncryption API operation for Amazon Simple Storage Service. // -// This implementation of the DELETE action removes default encryption from -// the bucket. For information about the Amazon S3 default encryption feature, -// see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// This implementation of the DELETE action resets the default encryption for +// the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). +// For information about the bucket default encryption feature, see Amazon S3 +// Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) // in the Amazon S3 User Guide. // // To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration @@ -1229,7 +1264,7 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) ( // and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to DeleteBucketEncryption: // // - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) // @@ -1783,9 +1818,13 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req // using an identity that belongs to the bucket owner's account, Amazon S3 returns // a 405 Method Not Allowed error. // -// As a security precaution, the root user of the Amazon Web Services account -// that owns a bucket can always use this operation, even if the policy explicitly -// denies the root user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. // // For more information about bucket policies, see Using Bucket Policies and // UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). @@ -2141,10 +2180,10 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request // null version, Amazon S3 does not remove any objects but will still respond // that the command was successful. // -// To remove a specific version, you must be the bucket owner and you must use -// the version Id subresource. Using this subresource permanently deletes the -// version. If the object deleted is a delete marker, Amazon S3 sets the response -// header, x-amz-delete-marker, to true. +// To remove a specific version, you must use the version Id subresource. Using +// this subresource permanently deletes the version. If the object deleted is +// a delete marker, Amazon S3 sets the response header, x-amz-delete-marker, +// to true. // // If the object you want to delete is in a bucket where the bucket versioning // configuration is MFA Delete enabled, you must include the x-amz-mfa request @@ -2246,7 +2285,7 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // in the request. You will need permission for the s3:DeleteObjectVersionTagging // action. // -// The following operations are related to DeleteBucketMetricsConfiguration: +// The following operations are related to DeleteObjectTagging: // // - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) // @@ -2553,7 +2592,7 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC // (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to GetBucketAccelerateConfiguration: // // - PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) // @@ -2634,13 +2673,22 @@ func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request // is granted to the anonymous user, you can return the ACL of the bucket without // using an authorization header. // +// To use this API operation against an access point, provide the alias of the +// access point in place of the bucket name. +// +// To use this API operation against an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// // If your bucket uses the bucket owner enforced setting for S3 Object Ownership, // requests to read ACLs are still supported and return the bucket-owner-full-control // ACL with the owner being the account that created the bucket. For more information, // see Controlling object ownership and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to GetBucketAcl: // // - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) // @@ -2729,7 +2777,7 @@ func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsCon // – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to GetBucketAnalyticsConfiguration: // // - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) // @@ -2815,6 +2863,15 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // action. By default, the bucket owner has this permission and can grant it // to others. // +// To use this API operation against an access point, provide the alias of the +// access point in place of the bucket name. +// +// To use this API operation against an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// // For more information about CORS, see Enabling Cross-Origin Resource Sharing // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html). // @@ -2895,12 +2952,12 @@ func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *r // GetBucketEncryption API operation for Amazon Simple Storage Service. // -// Returns the default encryption configuration for an Amazon S3 bucket. If -// the bucket does not have a default encryption configuration, GetBucketEncryption -// returns ServerSideEncryptionConfigurationNotFoundError. -// -// For information about the Amazon S3 default encryption feature, see Amazon -// S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html). +// Returns the default encryption configuration for an Amazon S3 bucket. By +// default, all buckets have a default encryption configuration that uses server-side +// encryption with Amazon S3 managed keys (SSE-S3). For information about the +// bucket default encryption feature, see Amazon S3 Bucket Default Encryption +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// in the Amazon S3 User Guide. // // To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration // action. The bucket owner has this permission by default. The bucket owner @@ -3388,10 +3445,18 @@ func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *reque // the LocationConstraint request parameter in a CreateBucket request. For more // information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). // -// To use this implementation of the operation, you must be the bucket owner. +// To use this API operation against an access point, provide the alias of the +// access point in place of the bucket name. // -// To use this API against an access point, provide the alias of the access -// point in place of the bucket name. +// To use this API operation against an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// +// We recommend that you use HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html) +// to return the Region that a bucket resides in. For backward compatibility, +// Amazon S3 continues to support GetBucketLocation. // // The following operations are related to GetBucketLocation: // @@ -3471,7 +3536,7 @@ func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request // GetBucketLogging API operation for Amazon Simple Storage Service. // // Returns the logging status of a bucket and the permissions users have to -// view and modify that status. To use GET, you must be the bucket owner. +// view and modify that status. // // The following operations are related to GetBucketLogging: // @@ -3735,6 +3800,15 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat // to other users to read this configuration with the s3:GetBucketNotification // permission. // +// To use this API operation against an access point, provide the alias of the +// access point in place of the bucket name. +// +// To use this API operation against an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// // For more information about setting and reading the notification configuration // on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). // For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). @@ -3908,9 +3982,22 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R // identity that belongs to the bucket owner's account, Amazon S3 returns a // 405 Method Not Allowed error. // -// As a security precaution, the root user of the Amazon Web Services account -// that owns a bucket can always use this operation, even if the policy explicitly -// denies the root user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. +// +// To use this API operation against an access point, provide the alias of the +// access point in place of the bucket name. +// +// To use this API operation against an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). // // For more information about bucket policies, see Using Bucket Policies and // User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). @@ -4440,7 +4527,7 @@ func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request // bucket owners can allow other users to read the website configuration by // writing a bucket policy granting them the S3:GetBucketWebsite permission. // -// The following operations are related to DeleteBucketWebsite: +// The following operations are related to GetBucketWebsite: // // - DeleteBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html) // @@ -4538,18 +4625,19 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // For more information about returning the ACL of an object, see GetObjectAcl // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html). // -// If the object you are retrieving is stored in the S3 Glacier or S3 Glacier -// Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering -// Deep Archive tiers, before you can retrieve the object you must first restore -// a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). -// Otherwise, this action returns an InvalidObjectStateError error. For information +// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval +// or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive +// or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the +// object you must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this action returns an InvalidObjectState error. For information // about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html). // // Encryption request headers, like x-amz-server-side-encryption, should not // be sent for GET requests if your object uses server-side encryption with -// KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption -// keys (SSE-S3). If your object does use these types of keys, you’ll get -// an HTTP 400 BadRequest error. +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). If your object does use these +// types of keys, you’ll get an HTTP 400 Bad Request error. // // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when @@ -4573,14 +4661,14 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // // You need the relevant read object (or version) permission for this operation. // For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). -// If the object you request does not exist, the error Amazon S3 returns depends -// on whether you also have the s3:ListBucket permission. +// If the object that you request doesn’t exist, the error that Amazon S3 +// returns depends on whether you also have the s3:ListBucket permission. // -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 will -// return an HTTP status code 404 ("no such key") error. +// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns +// an HTTP status code 404 (Not Found) error. // -// - If you don’t have the s3:ListBucket permission, Amazon S3 will return -// an HTTP status code 403 ("access denied") error. +// If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP +// status code 403 ("access denied") error. // // # Versioning // @@ -4589,7 +4677,9 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // // - If you supply a versionId, you need the s3:GetObjectVersion permission // to access a specific version of an object. If you request a specific version, -// you do not need to have the s3:GetObject permission. +// you do not need to have the s3:GetObject permission. If you request the +// current version without a specific version ID, only s3:GetObject permission +// is required. s3:GetObjectVersion permission won't be required. // // - If the current version of the object is a delete marker, Amazon S3 behaves // as if the object was deleted and includes x-amz-delete-marker: true in @@ -4628,7 +4718,7 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // // - response-content-encoding // -// # Additional Considerations about Request Headers +// # Overriding Response Header Values // // If both of the If-Match and If-Unmodified-Since headers are present in the // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since @@ -4734,8 +4824,6 @@ func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request // // This action is not supported by Amazon S3 on Outposts. // -// # Versioning -// // By default, GET returns ACL information about the current version of an object. // To return ACL information about a different version, use the versionId subresource. // @@ -4835,10 +4923,9 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r // This action is useful if you're interested only in an object's metadata. // To use GetObjectAttributes, you must have READ access to the object. // -// GetObjectAttributes combines the functionality of GetObjectAcl, GetObjectLegalHold, -// GetObjectLockConfiguration, GetObjectRetention, GetObjectTagging, HeadObject, -// and ListParts. All of the data returned with each of those individual calls -// can be returned with a single call to GetObjectAttributes. +// GetObjectAttributes combines the functionality of HeadObject and ListParts. +// All of the data returned with each of those individual calls can be returned +// with a single call to GetObjectAttributes. // // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when @@ -4857,9 +4944,9 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r // - Encryption request headers, such as x-amz-server-side-encryption, should // not be sent for GET requests if your object uses server-side encryption // with Amazon Web Services KMS keys stored in Amazon Web Services Key Management -// Service (SSE-KMS) or server-side encryption with Amazon S3 managed encryption -// keys (SSE-S3). If your object does use these types of keys, you'll get -// an HTTP 400 Bad Request error. +// Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys +// (SSE-S3). If your object does use these types of keys, you'll get an HTTP +// 400 Bad Request error. // // - The last modified property in this case is the creation date of the // object. @@ -5326,8 +5413,7 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // GetObjectTorrent API operation for Amazon Simple Storage Service. // // Returns torrent files from a bucket. BitTorrent can save you bandwidth when -// you're distributing large files. For more information about BitTorrent, see -// Using BitTorrent with Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html). +// you're distributing large files. // // You can get torrent only for objects that are less than 5 GB in size, and // that are not encrypted using server-side encryption with a customer-provided @@ -5514,9 +5600,9 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou // permission to access it. // // If the bucket does not exist or you do not have permission to access it, -// the HEAD request returns a generic 404 Not Found or 403 Forbidden code. A -// message body is not included, so you cannot determine the exception beyond -// these error codes. +// the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 +// Not Found code. A message body is not included, so you cannot determine the +// exception beyond these error codes. // // To use this operation, you must have permissions to perform the s3:ListBucket // action. The bucket owner has this permission by default and can grant this @@ -5524,12 +5610,18 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou // Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// To use this API against an access point, you must provide the alias of the -// access point in place of the bucket name or specify the access point ARN. -// When using the access point ARN, you must direct requests to the access point -// hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. +// To use this API operation against an access point, you must provide the alias +// of the access point in place of the bucket name or specify the access point +// ARN. When using the access point ARN, you must direct requests to the access +// point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using the Amazon Web Services SDKs, you provide the ARN in place of -// the bucket name. For more information see, Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html). +// the bucket name. For more information, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html). +// +// To use this API operation against an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5613,9 +5705,9 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // // A HEAD request has the same options as a GET action on an object. The response // is identical to the GET response except that there is no response body. Because -// of this, if the HEAD request generates an error, it returns a generic 404 -// Not Found or 403 Forbidden code. It is not possible to retrieve the exact -// exception beyond these error codes. +// of this, if the HEAD request generates an error, it returns a generic 400 +// Bad Request, 403 Forbidden or 404 Not Found code. It is not possible to retrieve +// the exact exception beyond these error codes. // // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when @@ -5632,9 +5724,10 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // // - Encryption request headers, like x-amz-server-side-encryption, should // not be sent for GET requests if your object uses server-side encryption -// with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed -// encryption keys (SSE-S3). If your object does use these types of keys, -// you’ll get an HTTP 400 BadRequest error. +// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side +// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side +// encryption with Amazon S3 managed encryption keys (SSE-S3). If your object +// does use these types of keys, you’ll get an HTTP 400 Bad Request error. // // - The last modified property in this case is the creation date of the // object. @@ -5659,15 +5752,16 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // # Permissions // // You need the relevant read object (or version) permission for this operation. -// For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). -// If the object you request does not exist, the error Amazon S3 returns depends -// on whether you also have the s3:ListBucket permission. +// For more information, see Actions, resources, and condition keys for Amazon +// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). +// If the object you request doesn't exist, the error that Amazon S3 returns +// depends on whether you also have the s3:ListBucket permission. // // - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 ("no such key") error. +// an HTTP status code 404 error. // // - If you don’t have the s3:ListBucket permission, Amazon S3 returns -// an HTTP status code 403 ("access denied") error. +// an HTTP status code 403 error. // // The following actions are related to HeadObject: // @@ -6148,6 +6242,9 @@ func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request, // Returns a list of all buckets owned by the authenticated sender of the request. // To use this operation, you must have the s3:ListAllMyBuckets permission. // +// For information about Amazon S3 buckets, see Creating, configuring, and working +// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7156,9 +7253,9 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // in the Amazon S3 User Guide. // -// # Access Permissions +// # Permissions // -// You can set access permissions using one of the following methods: +// You can set access permissions by using one of the following methods: // // - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports // a set of predefined ACLs, known as canned ACLs. Each canned ACL has a @@ -7208,7 +7305,7 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // xsi:type="Group"><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> // // - By Email address: <>Grantees@email.com<>lt;/Grantee> +// xsi:type="AmazonCustomerByEmail"><>Grantees@email.com<>& // The grantee is resolved to the CanonicalUser and, in a response to a GET // Object acl request, appears as the CanonicalUser. Using email addresses // to specify a grantee is only supported in the following Amazon Web Services @@ -7218,7 +7315,7 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) // in the Amazon Web Services General Reference. // -// Related Resources +// The following operations are related to PutBucketAcl: // // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // @@ -7323,7 +7420,7 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// Special Errors +// PutBucketAnalyticsConfiguration has the following special errors: // // - HTTP Error: HTTP 400 Bad Request Code: InvalidArgument Cause: Invalid // argument. @@ -7336,7 +7433,7 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration // bucket permission to set the configuration on the bucket. // -// Related Resources +// The following operations are related to PutBucketAnalyticsConfiguration: // // - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) // @@ -7456,7 +7553,7 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon // S3 User Guide. // -// Related Resources +// The following operations are related to PutBucketCors: // // - GetBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html) // @@ -7541,15 +7638,17 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r // PutBucketEncryption API operation for Amazon Simple Storage Service. // // This action uses the encryption subresource to configure default encryption -// and Amazon S3 Bucket Key for an existing bucket. -// -// Default encryption for a bucket can use server-side encryption with Amazon -// S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). If you specify -// default encryption using SSE-KMS, you can also configure Amazon S3 Bucket -// Key. When the default encryption is SSE-KMS, if you upload an object to the -// bucket and do not specify the KMS key to use for encryption, Amazon S3 uses -// the default Amazon Web Services managed KMS key for your account. For information -// about default encryption, see Amazon S3 default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// and Amazon S3 Bucket Keys for an existing bucket. +// +// By default, all buckets have a default encryption configuration that uses +// server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally +// configure default encryption for a bucket by using server-side encryption +// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side +// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption +// with customer-provided keys (SSE-C). If you specify default encryption by +// using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information +// about bucket default encryption, see Amazon S3 bucket default encryption +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) // in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see // Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) // in the Amazon S3 User Guide. @@ -7557,14 +7656,14 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r // This action requires Amazon Web Services Signature Version 4. For more information, // see Authenticating Requests (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). // -// To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration +// To use this operation, you must have permission to perform the s3:PutEncryptionConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, // see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to PutBucketEncryption: // // - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) // @@ -7674,17 +7773,26 @@ func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketInt // move objects stored in the S3 Intelligent-Tiering storage class to the Archive // Access or Deep Archive Access tier. // -// Special Errors +// PutBucketIntelligentTieringConfiguration has the following special errors: // -// - HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument +// # HTTP 400 Bad Request Error // -// - HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are -// attempting to create a new configuration but have already reached the -// 1,000-configuration limit. +// Code: InvalidArgument // -// - HTTP 403 Forbidden Error Code: AccessDenied Cause: You are not the owner -// of the specified bucket, or you do not have the s3:PutIntelligentTieringConfiguration -// bucket permission to set the configuration on the bucket. +// Cause: Invalid Argument +// +// # HTTP 400 Bad Request Error +// +// Code: TooManyConfigurations +// +// Cause: You are attempting to create a new configuration but have already +// reached the 1,000-configuration limit. +// +// # HTTP 403 Forbidden Error +// +// Cause: You are not the owner of the specified bucket, or you do not have +// the s3:PutIntelligentTieringConfiguration bucket permission to set the configuration +// on the bucket. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7780,26 +7888,50 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon // an example policy, see Granting Permissions for Amazon S3 Inventory and Storage // Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9). // -// To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration +// # Permissions +// +// To use this operation, you must have permission to perform the s3:PutInventoryConfiguration // action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// permission to others. +// +// The s3:PutInventoryConfiguration permission allows a user to create an S3 +// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html) +// report that includes all object metadata fields available and to specify +// the destination bucket to store the inventory. A user with read access to +// objects in the destination bucket can also access all object metadata fields +// that are available in the inventory report. +// +// To restrict access to an inventory report, see Restricting access to an Amazon +// S3 Inventory report (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10) +// in the Amazon S3 User Guide. For more information about the metadata fields +// available in S3 Inventory, see Amazon S3 Inventory lists (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents) +// in the Amazon S3 User Guide. For more information about permissions, see +// Permissions related to bucket subresource operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Identity and access management in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // in the Amazon S3 User Guide. // -// Special Errors +// PutBucketInventoryConfiguration has the following special errors: // -// - HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument +// # HTTP 400 Bad Request Error // -// - HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are -// attempting to create a new configuration but have already reached the -// 1,000-configuration limit. +// Code: InvalidArgument // -// - HTTP 403 Forbidden Error Code: AccessDenied Cause: You are not the owner -// of the specified bucket, or you do not have the s3:PutInventoryConfiguration -// bucket permission to set the configuration on the bucket. +// Cause: Invalid Argument // -// Related Resources +// # HTTP 400 Bad Request Error +// +// Code: TooManyConfigurations +// +// Cause: You are attempting to create a new configuration but have already +// reached the 1,000-configuration limit. +// +// # HTTP 403 Forbidden Error +// +// Cause: You are not the owner of the specified bucket, or you do not have +// the s3:PutInventoryConfiguration bucket permission to set the configuration +// on the bucket. +// +// The following operations are related to PutBucketInventoryConfiguration: // // - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) // @@ -7922,7 +8054,7 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req // For more examples of transitioning objects to storage classes such as STANDARD_IA // or ONEZONE_IA, see Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples). // -// Related Resources +// The following operations are related to PutBucketLifecycle: // // - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)(Deprecated) // @@ -8037,11 +8169,11 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // S3 Lifecycle configuration can have up to 1,000 rules. This limit is not // adjustable. Each rule consists of the following: // -// - Filter identifying a subset of objects to which the rule applies. The -// filter can be based on a key name prefix, object tags, or a combination +// - A filter identifying a subset of objects to which the rule applies. +// The filter can be based on a key name prefix, object tags, or a combination // of both. // -// - Status whether the rule is in effect. +// - A status indicating whether the rule is in effect. // // - One or more lifecycle transition and expiration actions that you want // Amazon S3 to perform on the objects identified by the filter. If the state @@ -8062,10 +8194,10 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // optionally grant access permissions to others by writing an access policy. // For this operation, a user must get the s3:PutLifecycleConfiguration permission. // -// You can also explicitly deny permissions. Explicit deny also supersedes any -// other permissions. If you want to block users or accounts from removing or -// deleting objects from your bucket, you must deny them permissions for the -// following actions: +// You can also explicitly deny permissions. An explicit deny also supersedes +// any other permissions. If you want to block users or accounts from removing +// or deleting objects from your bucket, you must deny them permissions for +// the following actions: // // - s3:DeleteObject // @@ -8076,7 +8208,7 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // For more information about permissions, see Managing Access Permissions to // Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// The following are related to PutBucketLifecycleConfiguration: +// The following operations are related to PutBucketLifecycleConfiguration: // // - Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html) // @@ -8178,7 +8310,7 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // # Grantee Values // // You can specify the person (grantee) to whom you're assigning access rights -// (using request elements) in the following ways: +// (by using request elements) in the following ways: // // - By the person's ID: <>ID<><>GranteesEmail<> @@ -8186,8 +8318,8 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // // - By Email address: <>Grantees@email.com<> -// The grantee is resolved to the CanonicalUser and, in a response to a GET -// Object acl request, appears as the CanonicalUser. +// The grantee is resolved to the CanonicalUser and, in a response to a GETObjectAcl +// request, appears as the CanonicalUser. // // - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> @@ -8310,7 +8442,7 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu // // - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) // -// GetBucketLifecycle has the following special error: +// PutBucketMetricsConfiguration has the following special error: // // - Error code: TooManyConfigurations Description: You are attempting to // create a new configuration but have already reached the 1,000-configuration @@ -8511,7 +8643,8 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // // By default, only the bucket owner can configure notifications on a bucket. // However, bucket owners can use a bucket policy to grant permission to other -// users to set this configuration with s3:PutBucketNotification permission. +// users to set this configuration with the required s3:PutBucketNotification +// permission. // // The PUT notification is an atomic operation. For example, suppose your notification // configuration includes SNS topic, SQS queue, and Lambda function configurations. @@ -8519,8 +8652,6 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // messages to your SNS topic. If the message fails, the entire PUT action will // fail, and Amazon S3 will not add the configuration to your bucket. // -// # Responses -// // If the configuration in the request body includes only one TopicConfiguration // specifying only the s3:ReducedRedundancyLostObject event type, the response // will also include the x-amz-sns-test-message-id header containing the message @@ -8707,9 +8838,13 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R // identity that belongs to the bucket owner's account, Amazon S3 returns a // 405 Method Not Allowed error. // -// As a security precaution, the root user of the Amazon Web Services account -// that owns a bucket can always use this operation, even if the policy explicitly -// denies the root user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. // // For more information, see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html). // @@ -9159,15 +9294,15 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r // you must include the x-amz-mfa request header and the Status and the MfaDelete // request elements in a request to set the versioning state of the bucket. // -// If you have an object expiration lifecycle policy in your non-versioned bucket -// and you want to maintain the same permanent delete behavior when you enable -// versioning, you must add a noncurrent expiration policy. The noncurrent expiration -// lifecycle policy will manage the deletes of the noncurrent object versions -// in the version-enabled bucket. (A version-enabled bucket maintains one current -// and zero or more noncurrent object versions.) For more information, see Lifecycle -// and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config). +// If you have an object expiration lifecycle configuration in your non-versioned +// bucket and you want to maintain the same permanent delete behavior when you +// enable versioning, you must add a noncurrent expiration policy. The noncurrent +// expiration lifecycle configuration will manage the deletes of the noncurrent +// object versions in the version-enabled bucket. (A version-enabled bucket +// maintains one current and zero or more noncurrent object versions.) For more +// information, see Lifecycle and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config). // -// Related Resources +// The following operations are related to PutBucketVersioning: // // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // @@ -9393,12 +9528,14 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // add an object to it. // // Amazon S3 never adds partial objects; if you receive a success response, -// Amazon S3 added the entire object to the bucket. +// Amazon S3 added the entire object to the bucket. You cannot use PutObject +// to only update a single piece of metadata for an existing object. You must +// put the entire object with updated metadata if you want to update some values. // // Amazon S3 is a distributed system. If it receives multiple write requests // for the same object simultaneously, it overwrites all but the last object -// written. Amazon S3 does not provide object locking; if you need this, make -// sure to build it into your application layer or use versioning instead. +// written. To prevent objects from being deleted or overwritten, you can use +// Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html). // // To ensure that data is not corrupted traversing the network, use the Content-MD5 // header. When you use this header, Amazon S3 checks the object against the @@ -9412,34 +9549,29 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // - To successfully change the objects acl of your PutObject request, you // must have the s3:PutObjectAcl in your IAM permissions. // +// - To successfully set the tag-set with your PutObject request, you must +// have the s3:PutObjectTagging in your IAM permissions. +// // - The Content-MD5 header is required for any request to upload an object // with a retention period configured using Amazon S3 Object Lock. For more // information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview // (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) // in the Amazon S3 User Guide. // -// # Server-side Encryption -// -// You can optionally request server-side encryption. With server-side encryption, -// Amazon S3 encrypts your data as it writes it to disks in its data centers -// and decrypts the data when you access it. You have the option to provide -// your own encryption key or use Amazon Web Services managed encryption keys -// (SSE-S3 or SSE-KMS). For more information, see Using Server-Side Encryption -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). -// -// If you request server-side encryption using Amazon Web Services Key Management -// Service (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For -// more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. -// -// # Access Control List (ACL)-Specific Request Headers -// -// You can use headers to grant ACL- based permissions. By default, all objects -// are private. Only the owner has full access control. When adding a new object, -// you can grant permissions to individual Amazon Web Services accounts or to -// predefined groups defined by Amazon S3. These permissions are then added -// to the ACL on the object. For more information, see Access Control List (ACL) -// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) +// You have four mutually exclusive options to protect data using server-side +// encryption in Amazon S3, depending on how you choose to manage the encryption +// keys. Specifically, the encryption key options are Amazon S3 managed keys +// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided +// keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using +// Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon +// S3 to encrypt data at rest by using server-side encryption with other key +// options. For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). +// +// When adding a new object, you can use headers to grant ACL-based permissions +// to individual Amazon Web Services accounts or to predefined groups defined +// by Amazon S3. These permissions are then added to the ACL on the object. +// By default, all objects are private. Only the owner has full access control. +// For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) // and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). // // If the bucket that you're uploading objects to uses the bucket owner enforced @@ -9449,18 +9581,15 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // as the bucket-owner-full-control canned ACL or an equivalent form of this // ACL expressed in the XML format. PUT requests that contain other ACLs (for // example, custom grants to certain Amazon Web Services accounts) fail and -// return a 400 error with the error code AccessControlListNotSupported. -// -// For more information, see Controlling ownership of objects and disabling -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// return a 400 error with the error code AccessControlListNotSupported. For +// more information, see Controlling ownership of objects and disabling ACLs +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // in the Amazon S3 User Guide. // // If your bucket uses the bucket owner enforced setting for Object Ownership, // all objects written to the bucket by any account will be owned by the bucket // owner. // -// # Storage Class Options -// // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. @@ -9468,20 +9597,16 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. // -// # Versioning -// // If you enable versioning for a bucket, Amazon S3 automatically generates // a unique version ID for the object being stored. Amazon S3 returns this ID // in the response. When you enable versioning for a bucket, if Amazon S3 receives // multiple write requests for the same object simultaneously, it stores all -// of the objects. -// -// For more information about versioning, see Adding Objects to Versioning Enabled -// Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html). +// of the objects. For more information about versioning, see Adding Objects +// to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html). // For information about returning the versioning state of a bucket, see GetBucketVersioning // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). // -// Related Resources +// For more information about related Amazon S3 APIs, see the following: // // - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) // @@ -9585,7 +9710,7 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // in the Amazon S3 User Guide. // -// # Access Permissions +// # Permissions // // You can set access permissions using one of the following methods: // @@ -9651,7 +9776,7 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // sets the ACL of the current version of an object. To set the ACL of a different // version, use the versionId subresource. // -// Related Resources +// The following operations are related to PutObjectAcl: // // - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) // @@ -10009,7 +10134,7 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // For information about the Amazon S3 object tagging feature, see Object Tagging // (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). // -// Special Errors +// PutObjectTagging has the following special errors: // // - Code: InvalidTagError Cause: The tag provided was not a valid tag. This // error can occur if the tag did not pass input validation. For more information, @@ -10023,7 +10148,7 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // - Code: InternalError Cause: The service was unable to apply the provided // tag to the object. // -// Related Resources +// The following operations are related to PutObjectTagging: // // - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) // @@ -10120,7 +10245,7 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req // For more information about when Amazon S3 considers a bucket or an object // public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status). // -// Related Resources +// The following operations are related to PutPublicAccessBlock: // // - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) // @@ -10211,55 +10336,34 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // // - restore an archive - Restore an archived object // -// To use this operation, you must have permissions to perform the s3:RestoreObject -// action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) -// in the Amazon S3 User Guide. +// For more information about the S3 structure in the request body, see the +// following: // -// # Querying Archives with Select Requests +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// You use a select type of request to perform SQL queries on archived objects. -// The archived objects that are being queried by the select request must be -// formatted as uncompressed comma-separated values (CSV) files. You can run -// queries and custom analytics on your archived data without having to restore -// your data to a hotter Amazon S3 tier. For an overview about select requests, -// see Querying Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html) -// in the Amazon S3 User Guide. +// - Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) +// in the Amazon S3 User Guide // -// When making a select request, do the following: -// -// - Define an output location for the select query's output. This must be -// an Amazon S3 bucket in the same Amazon Web Services Region as the bucket -// that contains the archive object that is being queried. The Amazon Web -// Services account that initiates the job must have permissions to write -// to the S3 bucket. You can specify the storage class and encryption for -// the output objects stored in the bucket. For more information about output, -// see Querying Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html) -// in the Amazon S3 User Guide. For more information about the S3 structure -// in the request body, see the following: PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) -// Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) -// in the Amazon S3 User Guide Protecting Data Using Server-Side Encryption -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) +// - Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) // in the Amazon S3 User Guide // -// - Define the SQL expression for the SELECT type of restoration for your -// query in the request body's SelectParameters structure. You can use expressions -// like the following examples. The following expression returns all records -// from the specified object. SELECT * FROM Object Assuming that you are -// not using any headers for data stored in the object, you can specify columns -// with positional headers. SELECT s._1, s._2 FROM Object s WHERE s._3 > -// 100 If you have headers and you set the fileHeaderInfo in the CSV structure +// Define the SQL expression for the SELECT type of restoration for your query +// in the request body's SelectParameters structure. You can use expressions +// like the following examples. +// +// - The following expression returns all records from the specified object. +// SELECT * FROM Object +// +// - Assuming that you are not using any headers for data stored in the object, +// you can specify columns with positional headers. SELECT s._1, s._2 FROM +// Object s WHERE s._3 > 100 +// +// - If you have headers and you set the fileHeaderInfo in the CSV structure // in the request body to USE, you can specify headers in the query. (If // you set the fileHeaderInfo field to IGNORE, the first row is skipped for // the query.) You cannot mix ordinal positions with header column names. // SELECT s.Id, s.FirstName, s.SSN FROM S3Object s // -// For more information about using SQL with S3 Glacier Select restore, see -// SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon S3 User Guide. -// // When making a select request, you can also do the following: // // - To expedite your queries, specify the Expedited tier. For more information @@ -10273,59 +10377,74 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // // - The output results are new Amazon S3 objects. Unlike archive retrievals, // they are stored until explicitly deleted-manually or through a lifecycle -// policy. +// configuration. // // - You can issue more than one select request on the same Amazon S3 object. -// Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests. +// Amazon S3 doesn't duplicate requests, so avoid issuing duplicate requests. // // - Amazon S3 accepts a select request even if the object has already been // restored. A select request doesn’t return error response 409. // +// # Permissions +// +// To use this operation, you must have permissions to perform the s3:RestoreObject +// action. The bucket owner has this permission by default and can grant this +// permission to others. For more information about permissions, see Permissions +// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// // # Restoring objects // -// Objects that you archive to the S3 Glacier or S3 Glacier Deep Archive storage -// class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep -// Archive tiers are not accessible in real time. For objects in Archive Access -// or Deep Archive Access tiers you must first initiate a restore request, and -// then wait until the object is moved into the Frequent Access tier. For objects -// in S3 Glacier or S3 Glacier Deep Archive storage classes you must first initiate -// a restore request, and then wait until a temporary copy of the object is -// available. To access an archived object, you must restore the object for -// the duration (number of days) that you specify. +// Objects that you archive to the S3 Glacier Flexible Retrieval Flexible Retrieval +// or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive +// or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real +// time. For objects in the S3 Glacier Flexible Retrieval Flexible Retrieval +// or S3 Glacier Deep Archive storage classes, you must first initiate a restore +// request, and then wait until a temporary copy of the object is available. +// If you want a permanent copy of the object, create a copy of it in the Amazon +// S3 Standard storage class in your S3 bucket. To access an archived object, +// you must restore the object for the duration (number of days) that you specify. +// For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering, +// you must first initiate a restore request, and then wait until the object +// is moved into the Frequent Access tier. // // To restore a specific object version, you can provide a version ID. If you // don't provide a version ID, Amazon S3 restores the current version. // -// When restoring an archived object (or using a select request), you can specify -// one of the following data access tier options in the Tier element of the -// request body: +// When restoring an archived object, you can specify one of the following data +// access tier options in the Tier element of the request body: // // - Expedited - Expedited retrievals allow you to quickly access your data -// stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive -// tier when occasional urgent requests for a subset of archives are required. -// For all but the largest archived objects (250 MB+), data accessed using -// Expedited retrievals is typically made available within 1–5 minutes. -// Provisioned capacity ensures that retrieval capacity for Expedited retrievals -// is available when you need it. Expedited retrievals and provisioned capacity -// are not available for objects stored in the S3 Glacier Deep Archive storage -// class or S3 Intelligent-Tiering Deep Archive tier. +// stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage +// class or S3 Intelligent-Tiering Archive tier when occasional urgent requests +// for restoring archives are required. For all but the largest archived +// objects (250 MB+), data accessed using Expedited retrievals is typically +// made available within 1–5 minutes. Provisioned capacity ensures that +// retrieval capacity for Expedited retrievals is available when you need +// it. Expedited retrievals and provisioned capacity are not available for +// objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering +// Deep Archive tier. // // - Standard - Standard retrievals allow you to access any of your archived // objects within several hours. This is the default option for retrieval // requests that do not specify the retrieval option. Standard retrievals // typically finish within 3–5 hours for objects stored in the S3 Glacier -// storage class or S3 Intelligent-Tiering Archive tier. They typically finish -// within 12 hours for objects stored in the S3 Glacier Deep Archive storage -// class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals -// are free for objects stored in S3 Intelligent-Tiering. -// -// - Bulk - Bulk retrievals are the lowest-cost retrieval option in S3 Glacier, -// enabling you to retrieve large amounts, even petabytes, of data inexpensively. -// Bulk retrievals typically finish within 5–12 hours for objects stored -// in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. -// They typically finish within 48 hours for objects stored in the S3 Glacier -// Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. -// Bulk retrievals are free for objects stored in S3 Intelligent-Tiering. +// Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering +// Archive tier. They typically finish within 12 hours for objects stored +// in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering +// Deep Archive tier. Standard retrievals are free for objects stored in +// S3 Intelligent-Tiering. +// +// - Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible +// Retrieval and S3 Intelligent-Tiering storage classes, enabling you to +// retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals +// typically finish within 5–12 hours for objects stored in the S3 Glacier +// Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering +// Archive tier. Bulk retrievals are also the lowest-cost retrieval option +// when restoring objects from S3 Glacier Deep Archive. They typically finish +// within 48 hours for objects stored in the S3 Glacier Deep Archive storage +// class or S3 Intelligent-Tiering Deep Archive tier. // // For more information about archive retrieval options and provisioned capacity // for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) @@ -10368,11 +10487,9 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // - If the object is previously restored, Amazon S3 returns 200 OK in the // response. // -// Special Errors -// -// - Code: RestoreAlreadyInProgress Cause: Object restore is already in progress. -// (This error does not apply to SELECT type requests.) HTTP Status Code: -// 409 Conflict SOAP Fault Code Prefix: Client +// - Special errors: Code: RestoreAlreadyInProgress Cause: Object restore +// is already in progress. (This error does not apply to SELECT type requests.) +// HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client // // - Code: GlacierExpeditedRetrievalNotAvailable Cause: expedited retrievals // are currently not available. Try again later. (Returned if there is insufficient @@ -10380,15 +10497,12 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // Expedited retrievals and not to S3 Standard or Bulk retrievals.) HTTP // Status Code: 503 SOAP Fault Code Prefix: N/A // -// Related Resources +// The following operations are related to RestoreObject: // // - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) // // - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) // -// - SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon S3 User Guide -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -10489,10 +10603,6 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html) // in the Amazon S3 User Guide. // -// For more information about using SQL with Amazon S3 Select, see SQL Reference -// for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon S3 User Guide. -// // # Permissions // // You must have s3:GetObject permission for this operation. Amazon S3 Select @@ -10522,10 +10632,10 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. For objects that are encrypted with Amazon -// S3 managed encryption keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), -// server-side encryption is handled transparently, so you don't need to -// specify anything. For more information about server-side encryption, including -// SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) +// S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side +// encryption is handled transparently, so you don't need to specify anything. +// For more information about server-side encryption, including SSE-S3 and +// SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) // in the Amazon S3 User Guide. // // # Working with the Response Body @@ -10545,9 +10655,13 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // in the request parameters), you cannot specify the range of bytes of an // object to return. // -// - GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot -// specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes. -// For more information, about storage classes see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro) +// - The GLACIER, DEEP_ARCHIVE, and REDUCED_REDUNDANCY storage classes, or +// the ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING +// storage class: You cannot query objects in the GLACIER, DEEP_ARCHIVE, +// or REDUCED_REDUNDANCY storage classes, nor objects in the ARCHIVE_ACCESS +// or DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage +// class. For more information about storage classes, see Using Amazon S3 +// storage classes (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html) // in the Amazon S3 User Guide. // // # Special Errors @@ -10555,7 +10669,7 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // For a list of special errors for this operation, see List of SELECT Object // Content Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList) // -// Related Resources +// The following operations are related to SelectObjectContent: // // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // @@ -10847,24 +10961,32 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) // in the Amazon S3 User Guide. // -// You can optionally request server-side encryption where Amazon S3 encrypts -// your data as it writes it to disks in its data centers and decrypts it for -// you when you access it. You have the option of providing your own encryption -// key, or you can use the Amazon Web Services managed encryption keys. If you -// choose to provide your own encryption key, the request headers you provide -// in the request must match the headers you used in the request to initiate -// the upload by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// Server-side encryption is for data encryption at rest. Amazon S3 encrypts +// your data as it writes it to disks in its data centers and decrypts it when +// you access it. You have three mutually exclusive options to protect data +// using server-side encryption in Amazon S3, depending on how you choose to +// manage the encryption keys. Specifically, the encryption key options are +// Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), +// and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side +// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally +// tell Amazon S3 to encrypt data at rest using server-side encryption with +// other key options. The option you use depends on whether you want to use +// KMS keys (SSE-KMS) or provide your own encryption key (SSE-C). If you choose +// to provide your own encryption key, the request headers you provide in the +// request must match the headers you used in the request to initiate the upload +// by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). // For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) // in the Amazon S3 User Guide. // // Server-side encryption is supported by the S3 Multipart Upload actions. Unless -// you are using a customer-provided encryption key, you don't need to specify -// the encryption parameters in each UploadPart request. Instead, you only need -// to specify the server-side encryption parameters in the initial Initiate -// Multipart request. For more information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// you are using a customer-provided encryption key (SSE-C), you don't need +// to specify the encryption parameters in each UploadPart request. Instead, +// you only need to specify the server-side encryption parameters in the initial +// Initiate Multipart request. For more information, see CreateMultipartUpload +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). // // If you requested server-side encryption using a customer-provided encryption -// key in your initiate multipart upload request, you must provide identical +// key (SSE-C) in your initiate multipart upload request, you must provide identical // encryption information in each part upload using the following headers. // // - x-amz-server-side-encryption-customer-algorithm @@ -10873,14 +10995,14 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // // - x-amz-server-side-encryption-customer-key-MD5 // -// Special Errors +// UploadPart has the following special errors: // // - Code: NoSuchUpload Cause: The specified multipart upload does not exist. // The upload ID might be invalid, or the multipart upload might have been // aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault Code // Prefix: Client // -// Related Resources +// The following operations are related to UploadPart: // // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // @@ -11030,7 +11152,7 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req // // x-amz-copy-source: /bucket/object?versionId=version id // -// Special Errors +// Special errors // // - Code: NoSuchUpload Cause: The specified multipart upload does not exist. // The upload ID might be invalid, or the multipart upload might have been @@ -11039,7 +11161,7 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req // - Code: InvalidRequest Cause: The specified copy source is not supported // as a byte-range copy source. HTTP Status Code: 400 Bad Request // -// Related Resources +// The following operations are related to UploadPartCopy: // // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // @@ -11205,7 +11327,7 @@ func (c *S3) WriteGetObjectResponseWithContext(ctx aws.Context, input *WriteGetO // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket -// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) +// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) // in the Amazon S3 User Guide. type AbortIncompleteMultipartUpload struct { _ struct{} `type:"structure"` @@ -11251,12 +11373,12 @@ type AbortMultipartUploadInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -12261,7 +12383,9 @@ type CSVInput struct { // A single character used to indicate that a row should be ignored when the // character is present at the start of that row. You can specify any character - // to indicate a comment line. + // to indicate a comment line. The default character is #. + // + // Default: # Comments *string `type:"string"` // A single character used to separate individual fields in a record. You can @@ -12638,12 +12762,12 @@ type CompleteMultipartUploadInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -12900,17 +13024,17 @@ type CompleteMultipartUploadOutput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. Bucket *string `type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be @@ -12969,19 +13093,16 @@ type CompleteMultipartUploadOutput struct { // request. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CompleteMultipartUploadOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If you specified server-side encryption either with an Amazon S3-managed - // encryption key or an Amazon Web Services KMS key in your initiate multipart - // upload request, the response includes this header. It confirms the encryption - // algorithm that Amazon S3 used to encrypt the object. + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created object, in case the bucket has versioning @@ -13347,21 +13468,21 @@ type CopyObjectInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. // // Specifying this header with a COPY action doesn’t affect bucket-level settings // for S3 Bucket Key. @@ -13544,12 +13665,11 @@ type CopyObjectInput struct { // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the Amazon Web Services KMS key ID to use for object encryption. - // All GET and PUT requests for an object protected by Amazon Web Services KMS - // will fail if not made via SSL or using SigV4. For information about configuring - // using any of the officially supported Amazon Web Services SDKs and Amazon - // Web Services CLI, see Specifying the Signature Version in Request Authentication - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) + // Specifies the KMS key ID to use for object encryption. All GET and PUT requests + // for an object protected by KMS will fail if they're not made via SSL or using + // SigV4. For information about configuring any of the officially supported + // Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the + // Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) // in the Amazon S3 User Guide. // // SSEKMSKeyId is a sensitive parameter and its value will be @@ -13558,7 +13678,7 @@ type CopyObjectInput struct { SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // S3 (for example, AES256, aws:kms, aws:kms:dsse). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created @@ -13580,7 +13700,9 @@ type CopyObjectInput struct { // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores - // the value of this header in the object metadata. + // the value of this header in the object metadata. This value is unique to + // each object and is not copied when using the x-amz-metadata-directive header. + // Instead, you may opt to provide this header in combination with the directive. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -13925,7 +14047,7 @@ type CopyObjectOutput struct { _ struct{} `type:"structure" payload:"CopyObjectResult"` // Indicates whether the copied object uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. @@ -13960,9 +14082,8 @@ type CopyObjectOutput struct { // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectOutput's @@ -13970,7 +14091,7 @@ type CopyObjectOutput struct { SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // S3 (for example, AES256, aws:kms, aws:kms:dsse). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created copy. @@ -14491,21 +14612,21 @@ type CreateMultipartUploadInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. // // Specifying this header with an object action doesn’t affect bucket-level // settings for S3 Bucket Key. @@ -14614,12 +14735,12 @@ type CreateMultipartUploadInput struct { // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the ID of the symmetric customer managed key to use for object - // encryption. All GET and PUT requests for an object protected by Amazon Web - // Services KMS will fail if not made via SSL or using SigV4. For information - // about configuring using any of the officially supported Amazon Web Services - // SDKs and Amazon Web Services CLI, see Specifying the Signature Version in - // Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) + // Specifies the ID of the symmetric encryption customer managed key to use + // for object encryption. All GET and PUT requests for an object protected by + // KMS will fail if they're not made via SSL or using SigV4. For information + // about configuring any of the officially supported Amazon Web Services SDKs + // and Amazon Web Services CLI, see Specifying the Signature Version in Request + // Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) // in the Amazon S3 User Guide. // // SSEKMSKeyId is a sensitive parameter and its value will be @@ -14917,7 +15038,7 @@ type CreateMultipartUploadOutput struct { // name in the request, the response includes this header. The header indicates // when the initiated multipart upload becomes eligible for an abort operation. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). // // The response also includes the x-amz-abort-rule-id header that provides the // ID of the lifecycle configuration rule that defines this action. @@ -14938,17 +15059,17 @@ type CreateMultipartUploadOutput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. Bucket *string `locationName:"Bucket" type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The algorithm that was used to create a checksum of the object. @@ -14980,9 +15101,8 @@ type CreateMultipartUploadOutput struct { // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's @@ -15163,7 +15283,7 @@ func (s *DefaultRetention) SetYears(v int64) *DefaultRetention { type Delete struct { _ struct{} `type:"structure"` - // The objects to delete. + // The object to delete. // // Objects is a required field Objects []*ObjectIdentifier `locationName:"Object" type:"list" flattened:"true" required:"true"` @@ -16062,7 +16182,8 @@ type DeleteBucketMetricsConfigurationInput struct { // (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -16908,12 +17029,12 @@ type DeleteObjectInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -17131,12 +17252,12 @@ type DeleteObjectTaggingInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -17298,12 +17419,12 @@ type DeleteObjectsInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -17871,9 +17992,9 @@ type Encryption struct { KMSContext *string `type:"string"` // If the encryption type is aws:kms, this optional value specifies the ID of - // the symmetric customer managed key to use for encryption of job results. - // Amazon S3 only supports symmetric keys. For more information, see Using symmetric - // and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // the symmetric encryption customer managed key to use for encryption of job + // results. Amazon S3 only supports symmetric encryption KMS keys. For more + // information, see Asymmetric keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Amazon Web Services Key Management Service Developer Guide. // // KMSKeyId is a sensitive parameter and its value will be @@ -17939,8 +18060,8 @@ type EncryptionConfiguration struct { // Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web // Services KMS key stored in Amazon Web Services Key Management Service (KMS) // for the destination bucket. Amazon S3 uses this key to encrypt replica objects. - // Amazon S3 only supports symmetric, customer managed KMS keys. For more information, - // see Using symmetric and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // Amazon S3 only supports symmetric encryption KMS keys. For more information, + // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Amazon Web Services Key Management Service Developer Guide. ReplicaKmsKeyID *string `type:"string"` } @@ -18019,9 +18140,8 @@ type Error struct { // The error code is a string that uniquely identifies an error condition. It // is meant to be read and understood by programs that detect and handle errors - // by type. - // - // Amazon S3 error codes + // by type. The following is a list of Amazon S3 error codes. For more information, + // see Error responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // // * Code: AccessDenied Description: Access Denied HTTP Status Code: 403 // Forbidden SOAP Fault Code Prefix: Client @@ -18341,8 +18461,8 @@ type Error struct { // and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html) // for details. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client // - // * Code: ServiceUnavailable Description: Reduce your request rate. HTTP - // Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server + // * Code: ServiceUnavailable Description: Service is unable to handle request. + // HTTP Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server // // * Code: SlowDown Description: Reduce your request rate. HTTP Status Code: // 503 Slow Down SOAP Fault Code Prefix: Server @@ -18510,6 +18630,8 @@ func (s EventBridgeConfiguration) GoString() string { type ExistingObjectReplication struct { _ struct{} `type:"structure"` + // Specifies whether Amazon S3 replicates existing source bucket objects. + // // Status is a required field Status *string `type:"string" required:"true" enum:"ExistingObjectReplicationStatus"` } @@ -18609,6 +18731,13 @@ type GetBucketAccelerateConfigurationInput struct { // different account, the request fails with the HTTP status code 403 Forbidden // (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` + + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } // String returns the string representation. @@ -18664,6 +18793,12 @@ func (s *GetBucketAccelerateConfigurationInput) SetExpectedBucketOwner(v string) return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *GetBucketAccelerateConfigurationInput) SetRequestPayer(v string) *GetBucketAccelerateConfigurationInput { + s.RequestPayer = &v + return s +} + func (s *GetBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) { if s.Bucket == nil { return nil, fmt.Errorf("member Bucket is nil") @@ -18694,6 +18829,10 @@ func (s GetBucketAccelerateConfigurationInput) updateArnableField(v string) (int type GetBucketAccelerateConfigurationOutput struct { _ struct{} `type:"structure"` + // If present, indicates that the requester was successfully charged for the + // request. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // The accelerate configuration of the bucket. Status *string `type:"string" enum:"BucketAccelerateStatus"` } @@ -18716,6 +18855,12 @@ func (s GetBucketAccelerateConfigurationOutput) GoString() string { return s.String() } +// SetRequestCharged sets the RequestCharged field's value. +func (s *GetBucketAccelerateConfigurationOutput) SetRequestCharged(v string) *GetBucketAccelerateConfigurationOutput { + s.RequestCharged = &v + return s +} + // SetStatus sets the Status field's value. func (s *GetBucketAccelerateConfigurationOutput) SetStatus(v string) *GetBucketAccelerateConfigurationOutput { s.Status = &v @@ -18727,6 +18872,15 @@ type GetBucketAclInput struct { // Specifies the S3 bucket whose ACL is being requested. // + // To use this API operation against an access point, provide the alias of the + // access point in place of the bucket name. + // + // To use this API operation against an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -19000,6 +19154,15 @@ type GetBucketCorsInput struct { // The bucket name for which to get the cors configuration. // + // To use this API operation against an access point, provide the alias of the + // access point in place of the bucket name. + // + // To use this API operation against an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -19770,6 +19933,15 @@ type GetBucketLocationInput struct { // The name of the bucket for which to get the location. // + // To use this API operation against an access point, provide the alias of the + // access point in place of the bucket name. + // + // To use this API operation against an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -20033,7 +20205,8 @@ type GetBucketMetricsConfigurationInput struct { // (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -20164,6 +20337,15 @@ type GetBucketNotificationConfigurationRequest struct { // The name of the bucket for which to get the notification configuration. // + // To use this API operation against an access point, provide the alias of the + // access point in place of the bucket name. + // + // To use this API operation against an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -20384,6 +20566,15 @@ type GetBucketPolicyInput struct { // The bucket name for which to get the bucket policy. // + // To use this API operation against an access point, provide the alias of the + // access point in place of the bucket name. + // + // To use this API operation against an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -21498,12 +21689,12 @@ type GetObjectAttributesInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -21917,12 +22108,12 @@ type GetObjectInput struct { // // When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -21966,8 +22157,8 @@ type GetObjectInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` // Downloads the specified range bytes of an object. For more information about - // the HTTP Range header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35 - // (https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35). + // the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range + // (https://www.rfc-editor.org/rfc/rfc9110.html#name-range). // // Amazon S3 doesn't support retrieving multiple ranges of data per GET request. Range *string `location:"header" locationName:"Range" type:"string"` @@ -22542,7 +22733,7 @@ type GetObjectOutput struct { Body io.ReadCloser `type:"blob"` // Indicates whether the object uses an S3 Bucket Key for server-side encryption - // with Amazon Web Services KMS (SSE-KMS). + // with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. @@ -22668,9 +22859,8 @@ type GetObjectOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectOutput's @@ -22678,7 +22868,7 @@ type GetObjectOutput struct { SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // S3 (for example, AES256, aws:kms, aws:kms:dsse). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this @@ -23115,12 +23305,12 @@ type GetObjectTaggingInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -23807,12 +23997,18 @@ type HeadBucketInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with an Object Lambda access point, provide the + // alias of the Object Lambda access point in place of the bucket name. If the + // Object Lambda access point alias in a request is not valid, the error code + // InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, + // see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -23938,12 +24134,12 @@ type HeadObjectInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -23988,8 +24184,9 @@ type HeadObjectInput struct { // object. PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` - // Because HeadObject returns only the metadata for an object, this parameter - // has no effect. + // HeadObject returns only the metadata for an object. If the Range is satisfiable, + // only the ContentLength is affected in the response. If the Range is not satisfiable, + // S3 returns a 416 - Requested Range Not Satisfiable error. Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. @@ -24204,7 +24401,7 @@ type HeadObjectOutput struct { ArchiveStatus *string `location:"header" locationName:"x-amz-archive-status" type:"string" enum:"ArchiveStatus"` // Indicates whether the object uses an S3 Bucket Key for server-side encryption - // with Amazon Web Services KMS (SSE-KMS). + // with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. @@ -24376,19 +24573,16 @@ type HeadObjectOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by HeadObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If the object is stored using server-side encryption either with an Amazon - // Web Services KMS key or an Amazon S3-managed encryption key, the response - // includes this header with the value of the server-side encryption algorithm - // used when storing this object in Amazon S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this @@ -25596,7 +25790,8 @@ type LambdaFunctionConfiguration struct { Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -25670,6 +25865,9 @@ func (s *LambdaFunctionConfiguration) SetLambdaFunctionArn(v string) *LambdaFunc } // Container for lifecycle rules. You can add as many as 1000 rules. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleConfiguration struct { _ struct{} `type:"structure"` @@ -25727,11 +25925,14 @@ func (s *LifecycleConfiguration) SetRules(v []*Rule) *LifecycleConfiguration { } // Container for the expiration for the lifecycle of the object. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleExpiration struct { _ struct{} `type:"structure"` - // Indicates at what date the object is to be moved or deleted. Should be in - // GMT ISO 8601 Format. + // Indicates at what date the object is to be moved or deleted. The date value + // must conform to the ISO 8601 format. The time is always midnight UTC. Date *time.Time `type:"timestamp" timestampFormat:"iso8601"` // Indicates the lifetime, in days, of the objects that are subject to the rule. @@ -25782,13 +25983,16 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp } // A lifecycle rule for individual objects in an Amazon S3 bucket. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleRule struct { _ struct{} `type:"structure"` // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) // in the Amazon S3 User Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` @@ -26842,12 +27046,12 @@ type ListMultipartUploadsInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -26898,6 +27102,13 @@ type ListMultipartUploadsInput struct { // use a folder in a file system.) Prefix *string `location:"querystring" locationName:"prefix" type:"string"` + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // Together with key-marker, specifies the multipart upload after which listing // should begin. If key-marker is not specified, the upload-id-marker parameter // is ignored. Otherwise, any multipart uploads for a key equal to the key-marker @@ -26989,6 +27200,12 @@ func (s *ListMultipartUploadsInput) SetPrefix(v string) *ListMultipartUploadsInp return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *ListMultipartUploadsInput) SetRequestPayer(v string) *ListMultipartUploadsInput { + s.RequestPayer = &v + return s +} + // SetUploadIdMarker sets the UploadIdMarker field's value. func (s *ListMultipartUploadsInput) SetUploadIdMarker(v string) *ListMultipartUploadsInput { s.UploadIdMarker = &v @@ -27072,6 +27289,10 @@ type ListMultipartUploadsOutput struct { // prefix. The result contains only keys starting with the specified prefix. Prefix *string `type:"string"` + // If present, indicates that the requester was successfully charged for the + // request. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // Upload ID after which listing began. UploadIdMarker *string `type:"string"` @@ -27165,6 +27386,12 @@ func (s *ListMultipartUploadsOutput) SetPrefix(v string) *ListMultipartUploadsOu return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListMultipartUploadsOutput) SetRequestCharged(v string) *ListMultipartUploadsOutput { + s.RequestCharged = &v + return s +} + // SetUploadIdMarker sets the UploadIdMarker field's value. func (s *ListMultipartUploadsOutput) SetUploadIdMarker(v string) *ListMultipartUploadsOutput { s.UploadIdMarker = &v @@ -27223,6 +27450,13 @@ type ListObjectVersionsInput struct { // up numerous objects into a single result under CommonPrefixes. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // Specifies the object version you want to start listing from. VersionIdMarker *string `location:"querystring" locationName:"version-id-marker" type:"string"` } @@ -27310,6 +27544,12 @@ func (s *ListObjectVersionsInput) SetPrefix(v string) *ListObjectVersionsInput { return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *ListObjectVersionsInput) SetRequestPayer(v string) *ListObjectVersionsInput { + s.RequestPayer = &v + return s +} + // SetVersionIdMarker sets the VersionIdMarker field's value. func (s *ListObjectVersionsInput) SetVersionIdMarker(v string) *ListObjectVersionsInput { s.VersionIdMarker = &v @@ -27400,6 +27640,10 @@ type ListObjectVersionsOutput struct { // Selects objects that start with the value supplied by this parameter. Prefix *string `type:"string"` + // If present, indicates that the requester was successfully charged for the + // request. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // Marks the last version of the key returned in a truncated response. VersionIdMarker *string `type:"string"` @@ -27491,6 +27735,12 @@ func (s *ListObjectVersionsOutput) SetPrefix(v string) *ListObjectVersionsOutput return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectVersionsOutput) SetRequestCharged(v string) *ListObjectVersionsOutput { + s.RequestCharged = &v + return s +} + // SetVersionIdMarker sets the VersionIdMarker field's value. func (s *ListObjectVersionsOutput) SetVersionIdMarker(v string) *ListObjectVersionsOutput { s.VersionIdMarker = &v @@ -27515,12 +27765,12 @@ type ListObjectsInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -27734,6 +27984,10 @@ type ListObjectsOutput struct { // Keys that begin with the indicated prefix. Prefix *string `type:"string"` + + // If present, indicates that the requester was successfully charged for the + // request. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } // String returns the string representation. @@ -27814,6 +28068,12 @@ func (s *ListObjectsOutput) SetPrefix(v string) *ListObjectsOutput { return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectsOutput) SetRequestCharged(v string) *ListObjectsOutput { + s.RequestCharged = &v + return s +} + type ListObjectsV2Input struct { _ struct{} `locationName:"ListObjectsV2Request" type:"structure"` @@ -27826,12 +28086,12 @@ type ListObjectsV2Input struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -28052,8 +28312,8 @@ type ListObjectsV2Output struct { IsTruncated *bool `type:"boolean"` // KeyCount is the number of keys returned with this request. KeyCount will - // always be less than or equals to MaxKeys field. Say you ask for 50 keys, - // your result will include less than equals 50 keys + // always be less than or equal to the MaxKeys field. Say you ask for 50 keys, + // your result will include 50 keys or fewer. KeyCount *int64 `type:"integer"` // Sets the maximum number of keys returned in the response. By default the @@ -28070,12 +28330,12 @@ type ListObjectsV2Output struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. Name *string `type:"string"` @@ -28088,6 +28348,10 @@ type ListObjectsV2Output struct { // Keys that begin with the indicated prefix. Prefix *string `type:"string"` + // If present, indicates that the requester was successfully charged for the + // request. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // If StartAfter was sent with the request, it is included in the response. StartAfter *string `type:"string"` } @@ -28176,6 +28440,12 @@ func (s *ListObjectsV2Output) SetPrefix(v string) *ListObjectsV2Output { return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectsV2Output) SetRequestCharged(v string) *ListObjectsV2Output { + s.RequestCharged = &v + return s +} + // SetStartAfter sets the StartAfter field's value. func (s *ListObjectsV2Output) SetStartAfter(v string) *ListObjectsV2Output { s.StartAfter = &v @@ -28194,12 +28464,12 @@ type ListPartsInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -28409,7 +28679,7 @@ type ListPartsOutput struct { // name in the request, then the response includes this header indicating when // the initiated multipart upload will become eligible for abort operation. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). // // The response will also include the x-amz-abort-rule-id header that will provide // the ID of the lifecycle configuration rule that defines this action. @@ -29006,7 +29276,8 @@ type MetricsConfiguration struct { // prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). Filter *MetricsFilter `type:"structure"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `type:"string" required:"true"` @@ -29504,7 +29775,8 @@ func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConf } // Specifies object key name filtering rules. For information about key name -// filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) +// filtering, see Configuring event notifications using object key name filtering +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) // in the Amazon S3 User Guide. type NotificationConfigurationFilter struct { _ struct{} `type:"structure"` @@ -30153,7 +30425,24 @@ func (s *OutputSerialization) SetJSON(v *JSONOutput) *OutputSerialization { type Owner struct { _ struct{} `type:"structure"` - // Container for the display name of the owner. + // Container for the display name of the owner. This value is only supported + // in the following Amazon Web Services Regions: + // + // * US East (N. Virginia) + // + // * US West (N. California) + // + // * US West (Oregon) + // + // * Asia Pacific (Singapore) + // + // * Asia Pacific (Sydney) + // + // * Asia Pacific (Tokyo) + // + // * Europe (Ireland) + // + // * South America (São Paulo) DisplayName *string `type:"string"` // Container for the ID of the owner. @@ -31364,9 +31653,12 @@ type PutBucketEncryptionInput struct { _ struct{} `locationName:"PutBucketEncryptionRequest" type:"structure" payload:"ServerSideEncryptionConfiguration"` // Specifies default encryption for a bucket using server-side encryption with - // Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). For information - // about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket - // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) + // different key options. By default, all buckets have a default encryption + // configuration that uses server-side encryption with Amazon S3 managed keys + // (SSE-S3). You can optionally configure default encryption for a bucket by + // using server-side encryption with an Amazon Web Services KMS key (SSE-KMS) + // or a customer-provided key (SSE-C). For information about the bucket default + // encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -32004,6 +32296,9 @@ type PutBucketLifecycleInput struct { ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1000 rules. + // + // For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) + // in the Amazon S3 User Guide. LifecycleConfiguration *LifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } @@ -32301,7 +32596,8 @@ type PutBucketMetricsConfigurationInput struct { // (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -33953,12 +34249,12 @@ type PutObjectAclInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Key is a required field @@ -34185,21 +34481,21 @@ type PutObjectInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. // // Specifying this header with a PUT action doesn’t affect bucket-level settings // for S3 Bucket Key. @@ -34256,21 +34552,21 @@ type PutObjectInput struct { ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1). + // see https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4). ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced - // by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11 - // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11). + // by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding + // (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding). ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` // The language the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` // Size of the body in bytes. This parameter is useful when the size of the - // body cannot be determined automatically. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13 - // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13). + // body cannot be determined automatically. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length + // (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length). ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` // The base64-encoded 128-bit MD5 digest of the message (without the headers) @@ -34282,7 +34578,7 @@ type PutObjectInput struct { ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` // A standard MIME type describing the format of the contents. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17). + // see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type). ContentType *string `location:"header" locationName:"Content-Type" type:"string"` // The account ID of the expected bucket owner. If the bucket is owned by a @@ -34291,7 +34587,7 @@ type PutObjectInput struct { ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21). + // see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3). Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"` // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. @@ -34362,21 +34658,23 @@ type PutObjectInput struct { // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding - // JSON with the encryption context key-value pairs. + // JSON with the encryption context key-value pairs. This value is stored as + // object metadata and automatically gets passed on to Amazon Web Services KMS + // for future GetObject or CopyObject operations on this object. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If x-amz-server-side-encryption is present and has the value of aws:kms, - // this header specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetrical customer managed key that was used - // for the object. If you specify x-amz-server-side-encryption:aws:kms, but - // do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses - // the Amazon Web Services managed key to protect the data. If the KMS key does - // not exist in the same account issuing the command, you must use the full - // ARN and not just the ID. + // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, + // this header specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. If you specify + // x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, + // but do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 + // uses the Amazon Web Services managed key (aws/s3) to protect the data. If + // the KMS key does not exist in the same account that's issuing the command, + // you must use the full ARN and not just the ID. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's @@ -34384,7 +34682,7 @@ type PutObjectInput struct { SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // S3 (for example, AES256, aws:kms, aws:kms:dsse). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created @@ -35121,7 +35419,7 @@ type PutObjectOutput struct { _ struct{} `type:"structure"` // Indicates whether the uploaded object uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be @@ -35182,27 +35480,26 @@ type PutObjectOutput struct { // If present, specifies the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 - // string holding JSON with the encryption context key-value pairs. + // string holding JSON with the encryption context key-value pairs. This value + // is stored as object metadata and automatically gets passed on to Amazon Web + // Services KMS for future GetObject or CopyObject operations on this object. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If x-amz-server-side-encryption is present and has the value of aws:kms, - // this header specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, + // this header specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If you specified server-side encryption either with an Amazon Web Services - // KMS key or Amazon S3-managed encryption key in your PUT request, the response - // includes this header. It confirms the encryption algorithm that Amazon S3 - // used to encrypt the object. + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version of the object. @@ -35543,12 +35840,12 @@ type PutObjectTaggingInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -35929,7 +36226,8 @@ type QueueConfiguration struct { Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -36929,12 +37227,12 @@ type RestoreObjectInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -37334,7 +37632,7 @@ type Rule struct { // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) // in the Amazon S3 User Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` @@ -37469,9 +37767,8 @@ func (s *Rule) SetTransition(v *Transition) *Rule { type SSEKMS struct { _ struct{} `locationName:"SSE-KMS" type:"structure"` - // Specifies the ID of the Amazon Web Services Key Management Service (Amazon - // Web Services KMS) symmetric customer managed key to use for encrypting inventory - // reports. + // Specifies the ID of the Key Management Service (KMS) symmetric encryption + // customer managed key to use for encrypting inventory reports. // // KeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SSEKMS's @@ -38157,18 +38454,19 @@ type ServerSideEncryptionByDefault struct { // and only if SSEAlgorithm is set to aws:kms. // // You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. - // However, if you are using encryption with cross-account or Amazon Web Services - // service operations you must use a fully qualified KMS key ARN. For more information, - // see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + // If you use a key ID, you can run into a LogDestination undeliverable error + // when creating a VPC flow log. // - // For example: + // If you are using encryption with cross-account or Amazon Web Services service + // operations you must use a fully qualified KMS key ARN. For more information, + // see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For - // more information, see Using symmetric and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // Amazon S3 only supports symmetric encryption KMS keys. For more information, + // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Amazon Web Services Key Management Service Developer Guide. // // KMSMasterKeyID is a sensitive parameter and its value will be @@ -38966,7 +39264,8 @@ type TopicConfiguration struct { Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -39173,12 +39472,12 @@ type UploadPartCopyInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -39525,7 +39824,7 @@ type UploadPartCopyOutput struct { _ struct{} `type:"structure" payload:"CopyPartResult"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. @@ -39549,9 +39848,8 @@ type UploadPartCopyOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // the object. + // If present, specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyOutput's @@ -39644,12 +39942,12 @@ type UploadPartInput struct { // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using this action with Amazon S3 on Outposts, you must direct requests + // When you use this action with Amazon S3 on Outposts, you must direct requests // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts bucket ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // you use this action with S3 on Outposts through the Amazon Web Services SDKs, + // you provide the Outposts access point ARN in place of the bucket name. For + // more information about S3 on Outposts ARNs, see What is S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -39955,7 +40253,7 @@ type UploadPartOutput struct { _ struct{} `type:"structure"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Amazon Web Services KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be @@ -40007,9 +40305,8 @@ type UploadPartOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key was used for the - // object. + // If present, specifies the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key was used for the object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartOutput's @@ -40428,8 +40725,8 @@ type WriteGetObjectResponseInput struct { SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"` // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric customer managed key that was used for - // stored in Amazon S3 object. + // (Amazon Web Services KMS) symmetric encryption customer managed key that + // was used for stored in Amazon S3 object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by WriteGetObjectResponseInput's @@ -40441,9 +40738,7 @@ type WriteGetObjectResponseInput struct { ServerSideEncryption *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // The integer status code for an HTTP response of a corresponding GetObject - // request. - // - // Status Codes + // request. The following is a list of status codes. // // * 200 - OK // @@ -41704,6 +41999,9 @@ const ( // ObjectStorageClassGlacierIr is a ObjectStorageClass enum value ObjectStorageClassGlacierIr = "GLACIER_IR" + + // ObjectStorageClassSnow is a ObjectStorageClass enum value + ObjectStorageClassSnow = "SNOW" ) // ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum @@ -41718,6 +42016,7 @@ func ObjectStorageClass_Values() []string { ObjectStorageClassDeepArchive, ObjectStorageClassOutposts, ObjectStorageClassGlacierIr, + ObjectStorageClassSnow, } } @@ -41942,6 +42241,9 @@ const ( // ServerSideEncryptionAwsKms is a ServerSideEncryption enum value ServerSideEncryptionAwsKms = "aws:kms" + + // ServerSideEncryptionAwsKmsDsse is a ServerSideEncryption enum value + ServerSideEncryptionAwsKmsDsse = "aws:kms:dsse" ) // ServerSideEncryption_Values returns all elements of the ServerSideEncryption enum @@ -41949,6 +42251,7 @@ func ServerSideEncryption_Values() []string { return []string{ ServerSideEncryptionAes256, ServerSideEncryptionAwsKms, + ServerSideEncryptionAwsKmsDsse, } } @@ -41995,6 +42298,9 @@ const ( // StorageClassGlacierIr is a StorageClass enum value StorageClassGlacierIr = "GLACIER_IR" + + // StorageClassSnow is a StorageClass enum value + StorageClassSnow = "SNOW" ) // StorageClass_Values returns all elements of the StorageClass enum @@ -42009,6 +42315,7 @@ func StorageClass_Values() []string { StorageClassDeepArchive, StorageClassOutposts, StorageClassGlacierIr, + StorageClassSnow, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go index 339019d..70feffa 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go @@ -25,5 +25,5 @@ func add100Continue(r *request.Request) { return } - r.HTTPRequest.Header.Set("Expect", "100-Continue") + r.HTTPRequest.Header.Set("Expect", "100-continue") } diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go index 426c50c..44b2f36 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go @@ -2754,8 +2754,8 @@ func (c *SecretsManager) ValidateResourcePolicyRequest(input *ValidateResourcePo // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // -// Required permissions: secretsmanager:ValidateResourcePolicy. For more information, -// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// Required permissions: secretsmanager:ValidateResourcePolicy and secretsmanager:PutResourcePolicy. +// For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2963,7 +2963,7 @@ type CreateSecretInput struct { Description *string `type:"string"` // Specifies whether to overwrite a secret with the same name in the destination - // Region. + // Region. By default, secrets aren't overwritten. ForceOverwriteReplicaSecret *bool `type:"boolean"` // The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt @@ -3008,7 +3008,7 @@ type CreateSecretInput struct { // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. - SecretBinary []byte `type:"blob" sensitive:"true"` + SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The text data to encrypt and store in this new version of the secret. We // recommend you use a JSON structure of key/value pairs for your secret value. @@ -3023,7 +3023,7 @@ type CreateSecretInput struct { // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateSecretInput's // String and GoString methods. - SecretString *string `type:"string" sensitive:"true"` + SecretString *string `min:"1" type:"string" sensitive:"true"` // A list of tags to attach to the secret. Each tag is a key and value pair // of strings in a JSON text string, for example: @@ -3101,6 +3101,12 @@ func (s *CreateSecretInput) Validate() error { if s.Name != nil && len(*s.Name) < 1 { invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } + if s.SecretBinary != nil && len(s.SecretBinary) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) + } + if s.SecretString != nil && len(*s.SecretString) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) + } if s.AddReplicaRegions != nil { for i, v := range s.AddReplicaRegions { if v == nil { @@ -3413,13 +3419,17 @@ type DeleteSecretInput struct { // Specifies whether to delete the secret without any recovery window. You can't // use both this parameter and RecoveryWindowInDays in the same call. If you - // don't use either, then Secrets Manager defaults to a 30 day recovery window. + // don't use either, then by default Secrets Manager uses a 30 day recovery + // window. // // Secrets Manager performs the actual deletion with an asynchronous background // process, so there might be a short delay before the secret is permanently // deleted. If you delete a secret and then immediately create a secret with // the same name, use appropriate back off and retry logic. // + // If you forcibly delete an already deleted or nonexistent secret, the operation + // does not return ResourceNotFoundException. + // // Use this parameter with caution. This parameter causes the operation to skip // the normal recovery window before the permanent deletion that Secrets Manager // would normally impose with the RecoveryWindowInDays parameter. If you delete @@ -3429,8 +3439,8 @@ type DeleteSecretInput struct { // The number of days from 7 to 30 that Secrets Manager waits before permanently // deleting the secret. You can't use both this parameter and ForceDeleteWithoutRecovery - // in the same call. If you don't use either, then Secrets Manager defaults - // to a 30 day recovery window. + // in the same call. If you don't use either, then by default Secrets Manager + // uses a 30 day recovery window. RecoveryWindowInDays *int64 `type:"long"` // The ARN or name of the secret to delete. @@ -3640,9 +3650,8 @@ type DescribeSecretOutput struct { // The name of the secret. Name *string `min:"1" type:"string"` - // The next date and time that Secrets Manager will rotate the secret, rounded - // to the nearest hour. If the secret isn't configured for rotation, Secrets - // Manager returns null. + // The next rotation is scheduled to occur on or before this date. If the secret + // isn't configured for rotation, Secrets Manager returns null. NextRotationDate *time.Time `type:"timestamp"` // The ID of the service that created this secret. For more information, see @@ -4341,7 +4350,7 @@ type GetSecretValueOutput struct { // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. - SecretBinary []byte `type:"blob" sensitive:"true"` + SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The decrypted secret value, if the secret value was originally provided as // a string or through the Secrets Manager console. @@ -4352,7 +4361,7 @@ type GetSecretValueOutput struct { // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetSecretValueOutput's // String and GoString methods. - SecretString *string `type:"string" sensitive:"true"` + SecretString *string `min:"1" type:"string" sensitive:"true"` // The unique identifier of this version of the secret. VersionId *string `min:"32" type:"string"` @@ -4759,7 +4768,8 @@ type ListSecretVersionIdsInput struct { // Specifies whether to include versions of secrets that don't have any staging // labels attached to them. Versions without staging labels are considered deprecated - // and are subject to deletion by Secrets Manager. + // and are subject to deletion by Secrets Manager. By default, versions without + // staging labels aren't included. IncludeDeprecated *bool `type:"boolean"` // The number of results to include in the response. @@ -4915,7 +4925,8 @@ type ListSecretsInput struct { // The filters to apply to the list of secrets. Filters []*Filter `type:"list"` - // Specifies whether to include secrets scheduled for deletion. + // Specifies whether to include secrets scheduled for deletion. By default, + // secrets scheduled for deletion aren't included. IncludePlannedDeletion *bool `type:"boolean"` // The number of results to include in the response. @@ -5248,7 +5259,8 @@ type PutResourcePolicyInput struct { _ struct{} `type:"structure"` // Specifies whether to block resource-based policies that allow broad access - // to the secret, for example those that use a wildcard for the principal. + // to the secret, for example those that use a wildcard for the principal. By + // default, public policies aren't blocked. BlockPublicPolicy *bool `type:"boolean"` // A JSON-formatted string for an Amazon Web Services resource-based policy. @@ -5410,7 +5422,7 @@ type PutSecretValueInput struct { // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. - SecretBinary []byte `type:"blob" sensitive:"true"` + SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The ARN or name of the secret to add a new version to. // @@ -5432,7 +5444,7 @@ type PutSecretValueInput struct { // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutSecretValueInput's // String and GoString methods. - SecretString *string `type:"string" sensitive:"true"` + SecretString *string `min:"1" type:"string" sensitive:"true"` // A list of staging labels to attach to this version of the secret. Secrets // Manager uses staging labels to track versions of a secret through the rotation @@ -5474,12 +5486,18 @@ func (s *PutSecretValueInput) Validate() error { if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) } + if s.SecretBinary != nil && len(s.SecretBinary) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) + } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } + if s.SecretString != nil && len(*s.SecretString) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) + } if s.VersionStages != nil && len(s.VersionStages) < 1 { invalidParams.Add(request.NewErrParamMinLen("VersionStages", 1)) } @@ -5750,7 +5768,7 @@ type ReplicateSecretToRegionsInput struct { AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list" required:"true"` // Specifies whether to overwrite a secret with the same name in the destination - // Region. + // Region. By default, secrets aren't overwritten. ForceOverwriteReplicaSecret *bool `type:"boolean"` // The ARN or name of the secret to replicate. @@ -6188,8 +6206,7 @@ type RotateSecretInput struct { // of the Lambda rotation function. The test creates an AWSPENDING version of // the secret and then removes it. // - // If you don't specify this value, then by default, Secrets Manager rotates - // the secret immediately. + // By default, Secrets Manager rotates the secret immediately. RotateImmediately *bool `type:"boolean"` // For secrets that use a Lambda rotation function to rotate, the ARN of the @@ -6485,9 +6502,8 @@ type SecretListEntry struct { // in the folder prod. Name *string `min:"1" type:"string"` - // The next date and time that Secrets Manager will attempt to rotate the secret, - // rounded to the nearest hour. This value is null if the secret is not set - // up for rotation. + // The next rotation is scheduled to occur on or before this date. If the secret + // isn't configured for rotation, Secrets Manager returns null. NextRotationDate *time.Time `type:"timestamp"` // Returns the name of the service that created the secret. @@ -7104,7 +7120,7 @@ type UpdateSecretInput struct { // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. - SecretBinary []byte `type:"blob" sensitive:"true"` + SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The ARN or name of the secret. // @@ -7122,7 +7138,7 @@ type UpdateSecretInput struct { // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateSecretInput's // String and GoString methods. - SecretString *string `type:"string" sensitive:"true"` + SecretString *string `min:"1" type:"string" sensitive:"true"` } // String returns the string representation. @@ -7149,12 +7165,18 @@ func (s *UpdateSecretInput) Validate() error { if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) } + if s.SecretBinary != nil && len(s.SecretBinary) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) + } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } + if s.SecretString != nil && len(*s.SecretString) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) + } if invalidParams.Len() > 0 { return invalidParams diff --git a/vendor/github.com/aws/aws-sdk-go/service/securityhub/api.go b/vendor/github.com/aws/aws-sdk-go/service/securityhub/api.go index f390859..46401bc 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/securityhub/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/securityhub/api.go @@ -235,6 +235,100 @@ func (c *SecurityHub) AcceptInvitationWithContext(ctx aws.Context, input *Accept return out, req.Send() } +const opBatchDeleteAutomationRules = "BatchDeleteAutomationRules" + +// BatchDeleteAutomationRulesRequest generates a "aws/request.Request" representing the +// client's request for the BatchDeleteAutomationRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchDeleteAutomationRules for more information on using the BatchDeleteAutomationRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchDeleteAutomationRulesRequest method. +// req, resp := client.BatchDeleteAutomationRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchDeleteAutomationRules +func (c *SecurityHub) BatchDeleteAutomationRulesRequest(input *BatchDeleteAutomationRulesInput) (req *request.Request, output *BatchDeleteAutomationRulesOutput) { + op := &request.Operation{ + Name: opBatchDeleteAutomationRules, + HTTPMethod: "POST", + HTTPPath: "/automationrules/delete", + } + + if input == nil { + input = &BatchDeleteAutomationRulesInput{} + } + + output = &BatchDeleteAutomationRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchDeleteAutomationRules API operation for AWS SecurityHub. +// +// Deletes one or more automation rules. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchDeleteAutomationRules for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchDeleteAutomationRules +func (c *SecurityHub) BatchDeleteAutomationRules(input *BatchDeleteAutomationRulesInput) (*BatchDeleteAutomationRulesOutput, error) { + req, out := c.BatchDeleteAutomationRulesRequest(input) + return out, req.Send() +} + +// BatchDeleteAutomationRulesWithContext is the same as BatchDeleteAutomationRules with the addition of +// the ability to pass a context and additional request options. +// +// See BatchDeleteAutomationRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchDeleteAutomationRulesWithContext(ctx aws.Context, input *BatchDeleteAutomationRulesInput, opts ...request.Option) (*BatchDeleteAutomationRulesOutput, error) { + req, out := c.BatchDeleteAutomationRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opBatchDisableStandards = "BatchDisableStandards" // BatchDisableStandardsRequest generates a "aws/request.Request" representing the @@ -424,6 +518,288 @@ func (c *SecurityHub) BatchEnableStandardsWithContext(ctx aws.Context, input *Ba return out, req.Send() } +const opBatchGetAutomationRules = "BatchGetAutomationRules" + +// BatchGetAutomationRulesRequest generates a "aws/request.Request" representing the +// client's request for the BatchGetAutomationRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchGetAutomationRules for more information on using the BatchGetAutomationRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchGetAutomationRulesRequest method. +// req, resp := client.BatchGetAutomationRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetAutomationRules +func (c *SecurityHub) BatchGetAutomationRulesRequest(input *BatchGetAutomationRulesInput) (req *request.Request, output *BatchGetAutomationRulesOutput) { + op := &request.Operation{ + Name: opBatchGetAutomationRules, + HTTPMethod: "POST", + HTTPPath: "/automationrules/get", + } + + if input == nil { + input = &BatchGetAutomationRulesInput{} + } + + output = &BatchGetAutomationRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchGetAutomationRules API operation for AWS SecurityHub. +// +// Retrieves a list of details for automation rules based on rule Amazon Resource +// Names (ARNs). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchGetAutomationRules for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You don't have permission to perform the action specified in the request. +// +// - InternalException +// Internal server error. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetAutomationRules +func (c *SecurityHub) BatchGetAutomationRules(input *BatchGetAutomationRulesInput) (*BatchGetAutomationRulesOutput, error) { + req, out := c.BatchGetAutomationRulesRequest(input) + return out, req.Send() +} + +// BatchGetAutomationRulesWithContext is the same as BatchGetAutomationRules with the addition of +// the ability to pass a context and additional request options. +// +// See BatchGetAutomationRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchGetAutomationRulesWithContext(ctx aws.Context, input *BatchGetAutomationRulesInput, opts ...request.Option) (*BatchGetAutomationRulesOutput, error) { + req, out := c.BatchGetAutomationRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opBatchGetSecurityControls = "BatchGetSecurityControls" + +// BatchGetSecurityControlsRequest generates a "aws/request.Request" representing the +// client's request for the BatchGetSecurityControls operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchGetSecurityControls for more information on using the BatchGetSecurityControls +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchGetSecurityControlsRequest method. +// req, resp := client.BatchGetSecurityControlsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControls +func (c *SecurityHub) BatchGetSecurityControlsRequest(input *BatchGetSecurityControlsInput) (req *request.Request, output *BatchGetSecurityControlsOutput) { + op := &request.Operation{ + Name: opBatchGetSecurityControls, + HTTPMethod: "POST", + HTTPPath: "/securityControls/batchGet", + } + + if input == nil { + input = &BatchGetSecurityControlsInput{} + } + + output = &BatchGetSecurityControlsOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchGetSecurityControls API operation for AWS SecurityHub. +// +// Provides details about a batch of security controls for the current Amazon +// Web Services account and Amazon Web Services Region. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchGetSecurityControls for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControls +func (c *SecurityHub) BatchGetSecurityControls(input *BatchGetSecurityControlsInput) (*BatchGetSecurityControlsOutput, error) { + req, out := c.BatchGetSecurityControlsRequest(input) + return out, req.Send() +} + +// BatchGetSecurityControlsWithContext is the same as BatchGetSecurityControls with the addition of +// the ability to pass a context and additional request options. +// +// See BatchGetSecurityControls for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchGetSecurityControlsWithContext(ctx aws.Context, input *BatchGetSecurityControlsInput, opts ...request.Option) (*BatchGetSecurityControlsOutput, error) { + req, out := c.BatchGetSecurityControlsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opBatchGetStandardsControlAssociations = "BatchGetStandardsControlAssociations" + +// BatchGetStandardsControlAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the BatchGetStandardsControlAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchGetStandardsControlAssociations for more information on using the BatchGetStandardsControlAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchGetStandardsControlAssociationsRequest method. +// req, resp := client.BatchGetStandardsControlAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociations +func (c *SecurityHub) BatchGetStandardsControlAssociationsRequest(input *BatchGetStandardsControlAssociationsInput) (req *request.Request, output *BatchGetStandardsControlAssociationsOutput) { + op := &request.Operation{ + Name: opBatchGetStandardsControlAssociations, + HTTPMethod: "POST", + HTTPPath: "/associations/batchGet", + } + + if input == nil { + input = &BatchGetStandardsControlAssociationsInput{} + } + + output = &BatchGetStandardsControlAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchGetStandardsControlAssociations API operation for AWS SecurityHub. +// +// For a batch of security controls and standards, identifies whether each control +// is currently enabled or disabled in a standard. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchGetStandardsControlAssociations for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociations +func (c *SecurityHub) BatchGetStandardsControlAssociations(input *BatchGetStandardsControlAssociationsInput) (*BatchGetStandardsControlAssociationsOutput, error) { + req, out := c.BatchGetStandardsControlAssociationsRequest(input) + return out, req.Send() +} + +// BatchGetStandardsControlAssociationsWithContext is the same as BatchGetStandardsControlAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See BatchGetStandardsControlAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchGetStandardsControlAssociationsWithContext(ctx aws.Context, input *BatchGetStandardsControlAssociationsInput, opts ...request.Option) (*BatchGetStandardsControlAssociationsOutput, error) { + req, out := c.BatchGetStandardsControlAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opBatchImportFindings = "BatchImportFindings" // BatchImportFindingsRequest generates a "aws/request.Request" representing the @@ -562,6 +938,101 @@ func (c *SecurityHub) BatchImportFindingsWithContext(ctx aws.Context, input *Bat return out, req.Send() } +const opBatchUpdateAutomationRules = "BatchUpdateAutomationRules" + +// BatchUpdateAutomationRulesRequest generates a "aws/request.Request" representing the +// client's request for the BatchUpdateAutomationRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchUpdateAutomationRules for more information on using the BatchUpdateAutomationRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchUpdateAutomationRulesRequest method. +// req, resp := client.BatchUpdateAutomationRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateAutomationRules +func (c *SecurityHub) BatchUpdateAutomationRulesRequest(input *BatchUpdateAutomationRulesInput) (req *request.Request, output *BatchUpdateAutomationRulesOutput) { + op := &request.Operation{ + Name: opBatchUpdateAutomationRules, + HTTPMethod: "PATCH", + HTTPPath: "/automationrules/update", + } + + if input == nil { + input = &BatchUpdateAutomationRulesInput{} + } + + output = &BatchUpdateAutomationRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchUpdateAutomationRules API operation for AWS SecurityHub. +// +// Updates one or more automation rules based on rule Amazon Resource Names +// (ARNs) and input parameters. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchUpdateAutomationRules for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateAutomationRules +func (c *SecurityHub) BatchUpdateAutomationRules(input *BatchUpdateAutomationRulesInput) (*BatchUpdateAutomationRulesOutput, error) { + req, out := c.BatchUpdateAutomationRulesRequest(input) + return out, req.Send() +} + +// BatchUpdateAutomationRulesWithContext is the same as BatchUpdateAutomationRules with the addition of +// the ability to pass a context and additional request options. +// +// See BatchUpdateAutomationRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchUpdateAutomationRulesWithContext(ctx aws.Context, input *BatchUpdateAutomationRulesInput, opts ...request.Option) (*BatchUpdateAutomationRulesOutput, error) { + req, out := c.BatchUpdateAutomationRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opBatchUpdateFindings = "BatchUpdateFindings" // BatchUpdateFindingsRequest generates a "aws/request.Request" representing the @@ -686,6 +1157,98 @@ func (c *SecurityHub) BatchUpdateFindingsWithContext(ctx aws.Context, input *Bat return out, req.Send() } +const opBatchUpdateStandardsControlAssociations = "BatchUpdateStandardsControlAssociations" + +// BatchUpdateStandardsControlAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the BatchUpdateStandardsControlAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchUpdateStandardsControlAssociations for more information on using the BatchUpdateStandardsControlAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchUpdateStandardsControlAssociationsRequest method. +// req, resp := client.BatchUpdateStandardsControlAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociations +func (c *SecurityHub) BatchUpdateStandardsControlAssociationsRequest(input *BatchUpdateStandardsControlAssociationsInput) (req *request.Request, output *BatchUpdateStandardsControlAssociationsOutput) { + op := &request.Operation{ + Name: opBatchUpdateStandardsControlAssociations, + HTTPMethod: "PATCH", + HTTPPath: "/associations", + } + + if input == nil { + input = &BatchUpdateStandardsControlAssociationsInput{} + } + + output = &BatchUpdateStandardsControlAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchUpdateStandardsControlAssociations API operation for AWS SecurityHub. +// +// For a batch of security controls and standards, this operation updates the +// enablement status of a control in a standard. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchUpdateStandardsControlAssociations for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociations +func (c *SecurityHub) BatchUpdateStandardsControlAssociations(input *BatchUpdateStandardsControlAssociationsInput) (*BatchUpdateStandardsControlAssociationsOutput, error) { + req, out := c.BatchUpdateStandardsControlAssociationsRequest(input) + return out, req.Send() +} + +// BatchUpdateStandardsControlAssociationsWithContext is the same as BatchUpdateStandardsControlAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See BatchUpdateStandardsControlAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchUpdateStandardsControlAssociationsWithContext(ctx aws.Context, input *BatchUpdateStandardsControlAssociationsInput, opts ...request.Option) (*BatchUpdateStandardsControlAssociationsOutput, error) { + req, out := c.BatchUpdateStandardsControlAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateActionTarget = "CreateActionTarget" // CreateActionTargetRequest generates a "aws/request.Request" representing the @@ -783,6 +1346,100 @@ func (c *SecurityHub) CreateActionTargetWithContext(ctx aws.Context, input *Crea return out, req.Send() } +const opCreateAutomationRule = "CreateAutomationRule" + +// CreateAutomationRuleRequest generates a "aws/request.Request" representing the +// client's request for the CreateAutomationRule operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateAutomationRule for more information on using the CreateAutomationRule +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateAutomationRuleRequest method. +// req, resp := client.CreateAutomationRuleRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateAutomationRule +func (c *SecurityHub) CreateAutomationRuleRequest(input *CreateAutomationRuleInput) (req *request.Request, output *CreateAutomationRuleOutput) { + op := &request.Operation{ + Name: opCreateAutomationRule, + HTTPMethod: "POST", + HTTPPath: "/automationrules/create", + } + + if input == nil { + input = &CreateAutomationRuleInput{} + } + + output = &CreateAutomationRuleOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateAutomationRule API operation for AWS SecurityHub. +// +// Creates an automation rule based on input parameters. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation CreateAutomationRule for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You don't have permission to perform the action specified in the request. +// +// - InternalException +// Internal server error. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateAutomationRule +func (c *SecurityHub) CreateAutomationRule(input *CreateAutomationRuleInput) (*CreateAutomationRuleOutput, error) { + req, out := c.CreateAutomationRuleRequest(input) + return out, req.Send() +} + +// CreateAutomationRuleWithContext is the same as CreateAutomationRule with the addition of +// the ability to pass a context and additional request options. +// +// See CreateAutomationRule for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) CreateAutomationRuleWithContext(ctx aws.Context, input *CreateAutomationRuleInput, opts ...request.Option) (*CreateAutomationRuleOutput, error) { + req, out := c.CreateAutomationRuleRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateFindingAggregator = "CreateFindingAggregator" // CreateFindingAggregatorRequest generates a "aws/request.Request" representing the @@ -1157,8 +1814,11 @@ func (c *SecurityHub) DeclineInvitationsRequest(input *DeclineInvitationsInput) // // Declines invitations to become a member account. // -// This operation is only used by accounts that are not part of an organization. -// Organization accounts do not receive invitations. +// A prospective member account uses this operation to decline an invitation +// to become a member. +// +// This operation is only called by member accounts that aren't part of an organization. +// Organization accounts don't receive invitations. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1539,8 +2199,12 @@ func (c *SecurityHub) DeleteInvitationsRequest(input *DeleteInvitationsInput) (r // Deletes invitations received by the Amazon Web Services account to become // a member account. // -// This operation is only used by accounts that are not part of an organization. -// Organization accounts do not receive invitations. +// A Security Hub administrator account can use this operation to delete invitations +// sent to one or more member accounts. +// +// This operation is only used to delete invitations that are sent to member +// accounts that aren't part of an organization. Organization accounts don't +// receive invitations. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3324,16 +3988,16 @@ func (c *SecurityHub) EnableSecurityHubRequest(input *EnableSecurityHubInput) (r // Hub. // // When you use the EnableSecurityHub operation to enable Security Hub, you -// also automatically enable the following standards. +// also automatically enable the following standards: // -// - CIS Amazon Web Services Foundations +// - Center for Internet Security (CIS) Amazon Web Services Foundations Benchmark +// v1.2.0 // // - Amazon Web Services Foundational Security Best Practices // -// You do not enable the Payment Card Industry Data Security Standard (PCI DSS) -// standard. +// Other standards are not automatically enabled. // -// To not enable the automatically enabled standards, set EnableDefaultStandards +// To opt out of automatically enabled standards, set EnableDefaultStandards // to false. // // After you enable Security Hub, to enable a standard, use the BatchEnableStandards @@ -3733,36 +4397,36 @@ func (c *SecurityHub) GetFindingAggregatorWithContext(ctx aws.Context, input *Ge return out, req.Send() } -const opGetFindings = "GetFindings" +const opGetFindingHistory = "GetFindingHistory" -// GetFindingsRequest generates a "aws/request.Request" representing the -// client's request for the GetFindings operation. The "output" return +// GetFindingHistoryRequest generates a "aws/request.Request" representing the +// client's request for the GetFindingHistory operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetFindings for more information on using the GetFindings +// See GetFindingHistory for more information on using the GetFindingHistory // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the GetFindingsRequest method. -// req, resp := client.GetFindingsRequest(params) +// // Example sending a request using the GetFindingHistoryRequest method. +// req, resp := client.GetFindingHistoryRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings -func (c *SecurityHub) GetFindingsRequest(input *GetFindingsInput) (req *request.Request, output *GetFindingsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingHistory +func (c *SecurityHub) GetFindingHistoryRequest(input *GetFindingHistoryInput) (req *request.Request, output *GetFindingHistoryOutput) { op := &request.Operation{ - Name: opGetFindings, + Name: opGetFindingHistory, HTTPMethod: "POST", - HTTPPath: "/findings", + HTTPPath: "/findingHistory/get", Paginator: &request.Paginator{ InputTokens: []string{"NextToken"}, OutputTokens: []string{"NextToken"}, @@ -3772,28 +4436,26 @@ func (c *SecurityHub) GetFindingsRequest(input *GetFindingsInput) (req *request. } if input == nil { - input = &GetFindingsInput{} + input = &GetFindingHistoryInput{} } - output = &GetFindingsOutput{} + output = &GetFindingHistoryOutput{} req = c.newRequest(op, input, output) return } -// GetFindings API operation for AWS SecurityHub. -// -// Returns a list of findings that match the specified criteria. +// GetFindingHistory API operation for AWS SecurityHub. // -// If finding aggregation is enabled, then when you call GetFindings from the -// aggregation Region, the results include all of the matching findings from -// both the aggregation Region and the linked Regions. +// Returns history for a Security Hub finding in the last 90 days. The history +// includes changes made to any fields in the Amazon Web Services Security Finding +// Format (ASFF). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS SecurityHub's -// API operation GetFindings for usage and error information. +// API operation GetFindingHistory for usage and error information. // // Returned Error Types: // @@ -3812,64 +4474,64 @@ func (c *SecurityHub) GetFindingsRequest(input *GetFindingsInput) (req *request. // the current Amazon Web Services account or throttling limits. The error code // describes the limit exceeded. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings -func (c *SecurityHub) GetFindings(input *GetFindingsInput) (*GetFindingsOutput, error) { - req, out := c.GetFindingsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingHistory +func (c *SecurityHub) GetFindingHistory(input *GetFindingHistoryInput) (*GetFindingHistoryOutput, error) { + req, out := c.GetFindingHistoryRequest(input) return out, req.Send() } -// GetFindingsWithContext is the same as GetFindings with the addition of +// GetFindingHistoryWithContext is the same as GetFindingHistory with the addition of // the ability to pass a context and additional request options. // -// See GetFindings for details on how to use this API operation. +// See GetFindingHistory for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *SecurityHub) GetFindingsWithContext(ctx aws.Context, input *GetFindingsInput, opts ...request.Option) (*GetFindingsOutput, error) { - req, out := c.GetFindingsRequest(input) +func (c *SecurityHub) GetFindingHistoryWithContext(ctx aws.Context, input *GetFindingHistoryInput, opts ...request.Option) (*GetFindingHistoryOutput, error) { + req, out := c.GetFindingHistoryRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// GetFindingsPages iterates over the pages of a GetFindings operation, +// GetFindingHistoryPages iterates over the pages of a GetFindingHistory operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See GetFindings method for more information on how to use this operation. +// See GetFindingHistory method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a GetFindings operation. +// // Example iterating over at most 3 pages of a GetFindingHistory operation. // pageNum := 0 -// err := client.GetFindingsPages(params, -// func(page *securityhub.GetFindingsOutput, lastPage bool) bool { +// err := client.GetFindingHistoryPages(params, +// func(page *securityhub.GetFindingHistoryOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) -func (c *SecurityHub) GetFindingsPages(input *GetFindingsInput, fn func(*GetFindingsOutput, bool) bool) error { - return c.GetFindingsPagesWithContext(aws.BackgroundContext(), input, fn) +func (c *SecurityHub) GetFindingHistoryPages(input *GetFindingHistoryInput, fn func(*GetFindingHistoryOutput, bool) bool) error { + return c.GetFindingHistoryPagesWithContext(aws.BackgroundContext(), input, fn) } -// GetFindingsPagesWithContext same as GetFindingsPages except +// GetFindingHistoryPagesWithContext same as GetFindingHistoryPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *SecurityHub) GetFindingsPagesWithContext(ctx aws.Context, input *GetFindingsInput, fn func(*GetFindingsOutput, bool) bool, opts ...request.Option) error { +func (c *SecurityHub) GetFindingHistoryPagesWithContext(ctx aws.Context, input *GetFindingHistoryInput, fn func(*GetFindingHistoryOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *GetFindingsInput + var inCpy *GetFindingHistoryInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.GetFindingsRequest(inCpy) + req, _ := c.GetFindingHistoryRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -3877,7 +4539,7 @@ func (c *SecurityHub) GetFindingsPagesWithContext(ctx aws.Context, input *GetFin } for p.Next() { - if !fn(p.Page().(*GetFindingsOutput), !p.HasNextPage()) { + if !fn(p.Page().(*GetFindingHistoryOutput), !p.HasNextPage()) { break } } @@ -3885,130 +4547,36 @@ func (c *SecurityHub) GetFindingsPagesWithContext(ctx aws.Context, input *GetFin return p.Err() } -const opGetInsightResults = "GetInsightResults" - -// GetInsightResultsRequest generates a "aws/request.Request" representing the -// client's request for the GetInsightResults operation. The "output" return -// value will be populated with the request's response once the request completes -// successfully. -// -// Use "Send" method on the returned Request to send the API call to the service. -// the "output" return value is not valid until after Send returns without error. -// -// See GetInsightResults for more information on using the GetInsightResults -// API call, and error handling. -// -// This method is useful when you want to inject custom logic or configuration -// into the SDK's request lifecycle. Such as custom headers, or retry logic. -// -// // Example sending a request using the GetInsightResultsRequest method. -// req, resp := client.GetInsightResultsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsightResults -func (c *SecurityHub) GetInsightResultsRequest(input *GetInsightResultsInput) (req *request.Request, output *GetInsightResultsOutput) { - op := &request.Operation{ - Name: opGetInsightResults, - HTTPMethod: "GET", - HTTPPath: "/insights/results/{InsightArn+}", - } - - if input == nil { - input = &GetInsightResultsInput{} - } - - output = &GetInsightResultsOutput{} - req = c.newRequest(op, input, output) - return -} - -// GetInsightResults API operation for AWS SecurityHub. -// -// Lists the results of the Security Hub insight specified by the insight ARN. -// -// Returns awserr.Error for service API and SDK errors. Use runtime type assertions -// with awserr.Error's Code and Message methods to get detailed information about -// the error. -// -// See the AWS API reference guide for AWS SecurityHub's -// API operation GetInsightResults for usage and error information. -// -// Returned Error Types: -// -// - InternalException -// Internal server error. -// -// - InvalidInputException -// The request was rejected because you supplied an invalid or out-of-range -// value for an input parameter. -// -// - InvalidAccessException -// The account doesn't have permission to perform this action. -// -// - LimitExceededException -// The request was rejected because it attempted to create resources beyond -// the current Amazon Web Services account or throttling limits. The error code -// describes the limit exceeded. -// -// - ResourceNotFoundException -// The request was rejected because we can't find the specified resource. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsightResults -func (c *SecurityHub) GetInsightResults(input *GetInsightResultsInput) (*GetInsightResultsOutput, error) { - req, out := c.GetInsightResultsRequest(input) - return out, req.Send() -} - -// GetInsightResultsWithContext is the same as GetInsightResults with the addition of -// the ability to pass a context and additional request options. -// -// See GetInsightResults for details on how to use this API operation. -// -// The context must be non-nil and will be used for request cancellation. If -// the context is nil a panic will occur. In the future the SDK may create -// sub-contexts for http.Requests. See https://golang.org/pkg/context/ -// for more information on using Contexts. -func (c *SecurityHub) GetInsightResultsWithContext(ctx aws.Context, input *GetInsightResultsInput, opts ...request.Option) (*GetInsightResultsOutput, error) { - req, out := c.GetInsightResultsRequest(input) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return out, req.Send() -} - -const opGetInsights = "GetInsights" +const opGetFindings = "GetFindings" -// GetInsightsRequest generates a "aws/request.Request" representing the -// client's request for the GetInsights operation. The "output" return +// GetFindingsRequest generates a "aws/request.Request" representing the +// client's request for the GetFindings operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetInsights for more information on using the GetInsights +// See GetFindings for more information on using the GetFindings // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the GetInsightsRequest method. -// req, resp := client.GetInsightsRequest(params) +// // Example sending a request using the GetFindingsRequest method. +// req, resp := client.GetFindingsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsights -func (c *SecurityHub) GetInsightsRequest(input *GetInsightsInput) (req *request.Request, output *GetInsightsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings +func (c *SecurityHub) GetFindingsRequest(input *GetFindingsInput) (req *request.Request, output *GetFindingsOutput) { op := &request.Operation{ - Name: opGetInsights, + Name: opGetFindings, HTTPMethod: "POST", - HTTPPath: "/insights/get", + HTTPPath: "/findings", Paginator: &request.Paginator{ InputTokens: []string{"NextToken"}, OutputTokens: []string{"NextToken"}, @@ -4018,24 +4586,28 @@ func (c *SecurityHub) GetInsightsRequest(input *GetInsightsInput) (req *request. } if input == nil { - input = &GetInsightsInput{} + input = &GetFindingsInput{} } - output = &GetInsightsOutput{} + output = &GetFindingsOutput{} req = c.newRequest(op, input, output) return } -// GetInsights API operation for AWS SecurityHub. +// GetFindings API operation for AWS SecurityHub. // -// Lists and describes insights for the specified insight ARNs. +// Returns a list of findings that match the specified criteria. +// +// If finding aggregation is enabled, then when you call GetFindings from the +// aggregation Region, the results include all of the matching findings from +// both the aggregation Region and the linked Regions. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS SecurityHub's -// API operation GetInsights for usage and error information. +// API operation GetFindings for usage and error information. // // Returned Error Types: // @@ -4054,67 +4626,64 @@ func (c *SecurityHub) GetInsightsRequest(input *GetInsightsInput) (req *request. // the current Amazon Web Services account or throttling limits. The error code // describes the limit exceeded. // -// - ResourceNotFoundException -// The request was rejected because we can't find the specified resource. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsights -func (c *SecurityHub) GetInsights(input *GetInsightsInput) (*GetInsightsOutput, error) { - req, out := c.GetInsightsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings +func (c *SecurityHub) GetFindings(input *GetFindingsInput) (*GetFindingsOutput, error) { + req, out := c.GetFindingsRequest(input) return out, req.Send() } -// GetInsightsWithContext is the same as GetInsights with the addition of +// GetFindingsWithContext is the same as GetFindings with the addition of // the ability to pass a context and additional request options. // -// See GetInsights for details on how to use this API operation. +// See GetFindings for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *SecurityHub) GetInsightsWithContext(ctx aws.Context, input *GetInsightsInput, opts ...request.Option) (*GetInsightsOutput, error) { - req, out := c.GetInsightsRequest(input) +func (c *SecurityHub) GetFindingsWithContext(ctx aws.Context, input *GetFindingsInput, opts ...request.Option) (*GetFindingsOutput, error) { + req, out := c.GetFindingsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// GetInsightsPages iterates over the pages of a GetInsights operation, +// GetFindingsPages iterates over the pages of a GetFindings operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See GetInsights method for more information on how to use this operation. +// See GetFindings method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a GetInsights operation. +// // Example iterating over at most 3 pages of a GetFindings operation. // pageNum := 0 -// err := client.GetInsightsPages(params, -// func(page *securityhub.GetInsightsOutput, lastPage bool) bool { +// err := client.GetFindingsPages(params, +// func(page *securityhub.GetFindingsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) -func (c *SecurityHub) GetInsightsPages(input *GetInsightsInput, fn func(*GetInsightsOutput, bool) bool) error { - return c.GetInsightsPagesWithContext(aws.BackgroundContext(), input, fn) +func (c *SecurityHub) GetFindingsPages(input *GetFindingsInput, fn func(*GetFindingsOutput, bool) bool) error { + return c.GetFindingsPagesWithContext(aws.BackgroundContext(), input, fn) } -// GetInsightsPagesWithContext same as GetInsightsPages except +// GetFindingsPagesWithContext same as GetFindingsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *SecurityHub) GetInsightsPagesWithContext(ctx aws.Context, input *GetInsightsInput, fn func(*GetInsightsOutput, bool) bool, opts ...request.Option) error { +func (c *SecurityHub) GetFindingsPagesWithContext(ctx aws.Context, input *GetFindingsInput, fn func(*GetFindingsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *GetInsightsInput + var inCpy *GetFindingsInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.GetInsightsRequest(inCpy) + req, _ := c.GetFindingsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -4122,7 +4691,7 @@ func (c *SecurityHub) GetInsightsPagesWithContext(ctx aws.Context, input *GetIns } for p.Next() { - if !fn(p.Page().(*GetInsightsOutput), !p.HasNextPage()) { + if !fn(p.Page().(*GetFindingsOutput), !p.HasNextPage()) { break } } @@ -4130,58 +4699,57 @@ func (c *SecurityHub) GetInsightsPagesWithContext(ctx aws.Context, input *GetIns return p.Err() } -const opGetInvitationsCount = "GetInvitationsCount" +const opGetInsightResults = "GetInsightResults" -// GetInvitationsCountRequest generates a "aws/request.Request" representing the -// client's request for the GetInvitationsCount operation. The "output" return +// GetInsightResultsRequest generates a "aws/request.Request" representing the +// client's request for the GetInsightResults operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetInvitationsCount for more information on using the GetInvitationsCount +// See GetInsightResults for more information on using the GetInsightResults // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the GetInvitationsCountRequest method. -// req, resp := client.GetInvitationsCountRequest(params) +// // Example sending a request using the GetInsightResultsRequest method. +// req, resp := client.GetInsightResultsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInvitationsCount -func (c *SecurityHub) GetInvitationsCountRequest(input *GetInvitationsCountInput) (req *request.Request, output *GetInvitationsCountOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsightResults +func (c *SecurityHub) GetInsightResultsRequest(input *GetInsightResultsInput) (req *request.Request, output *GetInsightResultsOutput) { op := &request.Operation{ - Name: opGetInvitationsCount, + Name: opGetInsightResults, HTTPMethod: "GET", - HTTPPath: "/invitations/count", + HTTPPath: "/insights/results/{InsightArn+}", } if input == nil { - input = &GetInvitationsCountInput{} + input = &GetInsightResultsInput{} } - output = &GetInvitationsCountOutput{} + output = &GetInsightResultsOutput{} req = c.newRequest(op, input, output) return } -// GetInvitationsCount API operation for AWS SecurityHub. +// GetInsightResults API operation for AWS SecurityHub. // -// Returns the count of all Security Hub membership invitations that were sent -// to the current member account, not including the currently accepted invitation. +// Lists the results of the Security Hub insight specified by the insight ARN. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS SecurityHub's -// API operation GetInvitationsCount for usage and error information. +// API operation GetInsightResults for usage and error information. // // Returned Error Types: // @@ -4200,96 +4768,342 @@ func (c *SecurityHub) GetInvitationsCountRequest(input *GetInvitationsCountInput // the current Amazon Web Services account or throttling limits. The error code // describes the limit exceeded. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInvitationsCount -func (c *SecurityHub) GetInvitationsCount(input *GetInvitationsCountInput) (*GetInvitationsCountOutput, error) { - req, out := c.GetInvitationsCountRequest(input) +// - ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsightResults +func (c *SecurityHub) GetInsightResults(input *GetInsightResultsInput) (*GetInsightResultsOutput, error) { + req, out := c.GetInsightResultsRequest(input) return out, req.Send() } -// GetInvitationsCountWithContext is the same as GetInvitationsCount with the addition of +// GetInsightResultsWithContext is the same as GetInsightResults with the addition of // the ability to pass a context and additional request options. // -// See GetInvitationsCount for details on how to use this API operation. +// See GetInsightResults for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *SecurityHub) GetInvitationsCountWithContext(ctx aws.Context, input *GetInvitationsCountInput, opts ...request.Option) (*GetInvitationsCountOutput, error) { - req, out := c.GetInvitationsCountRequest(input) +func (c *SecurityHub) GetInsightResultsWithContext(ctx aws.Context, input *GetInsightResultsInput, opts ...request.Option) (*GetInsightResultsOutput, error) { + req, out := c.GetInsightResultsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opGetMasterAccount = "GetMasterAccount" +const opGetInsights = "GetInsights" -// GetMasterAccountRequest generates a "aws/request.Request" representing the -// client's request for the GetMasterAccount operation. The "output" return +// GetInsightsRequest generates a "aws/request.Request" representing the +// client's request for the GetInsights operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetMasterAccount for more information on using the GetMasterAccount +// See GetInsights for more information on using the GetInsights // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the GetMasterAccountRequest method. -// req, resp := client.GetMasterAccountRequest(params) +// // Example sending a request using the GetInsightsRequest method. +// req, resp := client.GetInsightsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMasterAccount -// -// Deprecated: This API has been deprecated, use GetAdministratorAccount API instead. -func (c *SecurityHub) GetMasterAccountRequest(input *GetMasterAccountInput) (req *request.Request, output *GetMasterAccountOutput) { - if c.Client.Config.Logger != nil { - c.Client.Config.Logger.Log("This operation, GetMasterAccount, has been deprecated") - } +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsights +func (c *SecurityHub) GetInsightsRequest(input *GetInsightsInput) (req *request.Request, output *GetInsightsOutput) { op := &request.Operation{ - Name: opGetMasterAccount, - HTTPMethod: "GET", - HTTPPath: "/master", + Name: opGetInsights, + HTTPMethod: "POST", + HTTPPath: "/insights/get", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { - input = &GetMasterAccountInput{} + input = &GetInsightsInput{} } - output = &GetMasterAccountOutput{} + output = &GetInsightsOutput{} req = c.newRequest(op, input, output) return } -// GetMasterAccount API operation for AWS SecurityHub. -// -// This method is deprecated. Instead, use GetAdministratorAccount. -// -// The Security Hub console continues to use GetMasterAccount. It will eventually -// change to use GetAdministratorAccount. Any IAM policies that specifically -// control access to this function must continue to use GetMasterAccount. You -// should also add GetAdministratorAccount to your policies to ensure that the -// correct permissions are in place after the console begins to use GetAdministratorAccount. -// -// Provides the details for the Security Hub administrator account for the current -// member account. +// GetInsights API operation for AWS SecurityHub. // -// Can be used by both member accounts that are managed using Organizations -// and accounts that were invited manually. +// Lists and describes insights for the specified insight ARNs. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS SecurityHub's -// API operation GetMasterAccount for usage and error information. +// API operation GetInsights for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsights +func (c *SecurityHub) GetInsights(input *GetInsightsInput) (*GetInsightsOutput, error) { + req, out := c.GetInsightsRequest(input) + return out, req.Send() +} + +// GetInsightsWithContext is the same as GetInsights with the addition of +// the ability to pass a context and additional request options. +// +// See GetInsights for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) GetInsightsWithContext(ctx aws.Context, input *GetInsightsInput, opts ...request.Option) (*GetInsightsOutput, error) { + req, out := c.GetInsightsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// GetInsightsPages iterates over the pages of a GetInsights operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetInsights method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetInsights operation. +// pageNum := 0 +// err := client.GetInsightsPages(params, +// func(page *securityhub.GetInsightsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SecurityHub) GetInsightsPages(input *GetInsightsInput, fn func(*GetInsightsOutput, bool) bool) error { + return c.GetInsightsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetInsightsPagesWithContext same as GetInsightsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) GetInsightsPagesWithContext(ctx aws.Context, input *GetInsightsInput, fn func(*GetInsightsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetInsightsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetInsightsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetInsightsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opGetInvitationsCount = "GetInvitationsCount" + +// GetInvitationsCountRequest generates a "aws/request.Request" representing the +// client's request for the GetInvitationsCount operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetInvitationsCount for more information on using the GetInvitationsCount +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetInvitationsCountRequest method. +// req, resp := client.GetInvitationsCountRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInvitationsCount +func (c *SecurityHub) GetInvitationsCountRequest(input *GetInvitationsCountInput) (req *request.Request, output *GetInvitationsCountOutput) { + op := &request.Operation{ + Name: opGetInvitationsCount, + HTTPMethod: "GET", + HTTPPath: "/invitations/count", + } + + if input == nil { + input = &GetInvitationsCountInput{} + } + + output = &GetInvitationsCountOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetInvitationsCount API operation for AWS SecurityHub. +// +// Returns the count of all Security Hub membership invitations that were sent +// to the current member account, not including the currently accepted invitation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation GetInvitationsCount for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInvitationsCount +func (c *SecurityHub) GetInvitationsCount(input *GetInvitationsCountInput) (*GetInvitationsCountOutput, error) { + req, out := c.GetInvitationsCountRequest(input) + return out, req.Send() +} + +// GetInvitationsCountWithContext is the same as GetInvitationsCount with the addition of +// the ability to pass a context and additional request options. +// +// See GetInvitationsCount for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) GetInvitationsCountWithContext(ctx aws.Context, input *GetInvitationsCountInput, opts ...request.Option) (*GetInvitationsCountOutput, error) { + req, out := c.GetInvitationsCountRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetMasterAccount = "GetMasterAccount" + +// GetMasterAccountRequest generates a "aws/request.Request" representing the +// client's request for the GetMasterAccount operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetMasterAccount for more information on using the GetMasterAccount +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetMasterAccountRequest method. +// req, resp := client.GetMasterAccountRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMasterAccount +// +// Deprecated: This API has been deprecated, use GetAdministratorAccount API instead. +func (c *SecurityHub) GetMasterAccountRequest(input *GetMasterAccountInput) (req *request.Request, output *GetMasterAccountOutput) { + if c.Client.Config.Logger != nil { + c.Client.Config.Logger.Log("This operation, GetMasterAccount, has been deprecated") + } + op := &request.Operation{ + Name: opGetMasterAccount, + HTTPMethod: "GET", + HTTPPath: "/master", + } + + if input == nil { + input = &GetMasterAccountInput{} + } + + output = &GetMasterAccountOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetMasterAccount API operation for AWS SecurityHub. +// +// This method is deprecated. Instead, use GetAdministratorAccount. +// +// The Security Hub console continues to use GetMasterAccount. It will eventually +// change to use GetAdministratorAccount. Any IAM policies that specifically +// control access to this function must continue to use GetMasterAccount. You +// should also add GetAdministratorAccount to your policies to ensure that the +// correct permissions are in place after the console begins to use GetAdministratorAccount. +// +// Provides the details for the Security Hub administrator account for the current +// member account. +// +// Can be used by both member accounts that are managed using Organizations +// and accounts that were invited manually. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation GetMasterAccount for usage and error information. // // Returned Error Types: // @@ -4544,6 +5358,100 @@ func (c *SecurityHub) InviteMembersWithContext(ctx aws.Context, input *InviteMem return out, req.Send() } +const opListAutomationRules = "ListAutomationRules" + +// ListAutomationRulesRequest generates a "aws/request.Request" representing the +// client's request for the ListAutomationRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListAutomationRules for more information on using the ListAutomationRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListAutomationRulesRequest method. +// req, resp := client.ListAutomationRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListAutomationRules +func (c *SecurityHub) ListAutomationRulesRequest(input *ListAutomationRulesInput) (req *request.Request, output *ListAutomationRulesOutput) { + op := &request.Operation{ + Name: opListAutomationRules, + HTTPMethod: "GET", + HTTPPath: "/automationrules/list", + } + + if input == nil { + input = &ListAutomationRulesInput{} + } + + output = &ListAutomationRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListAutomationRules API operation for AWS SecurityHub. +// +// A list of automation rules and their metadata for the calling account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation ListAutomationRules for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You don't have permission to perform the action specified in the request. +// +// - InternalException +// Internal server error. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListAutomationRules +func (c *SecurityHub) ListAutomationRules(input *ListAutomationRulesInput) (*ListAutomationRulesOutput, error) { + req, out := c.ListAutomationRulesRequest(input) + return out, req.Send() +} + +// ListAutomationRulesWithContext is the same as ListAutomationRules with the addition of +// the ability to pass a context and additional request options. +// +// See ListAutomationRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListAutomationRulesWithContext(ctx aws.Context, input *ListAutomationRulesInput, opts ...request.Option) (*ListAutomationRulesOutput, error) { + req, out := c.ListAutomationRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opListEnabledProductsForImport = "ListEnabledProductsForImport" // ListEnabledProductsForImportRequest generates a "aws/request.Request" representing the @@ -5295,6 +6203,303 @@ func (c *SecurityHub) ListOrganizationAdminAccountsPagesWithContext(ctx aws.Cont return p.Err() } +const opListSecurityControlDefinitions = "ListSecurityControlDefinitions" + +// ListSecurityControlDefinitionsRequest generates a "aws/request.Request" representing the +// client's request for the ListSecurityControlDefinitions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListSecurityControlDefinitions for more information on using the ListSecurityControlDefinitions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListSecurityControlDefinitionsRequest method. +// req, resp := client.ListSecurityControlDefinitionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions +func (c *SecurityHub) ListSecurityControlDefinitionsRequest(input *ListSecurityControlDefinitionsInput) (req *request.Request, output *ListSecurityControlDefinitionsOutput) { + op := &request.Operation{ + Name: opListSecurityControlDefinitions, + HTTPMethod: "GET", + HTTPPath: "/securityControls/definitions", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListSecurityControlDefinitionsInput{} + } + + output = &ListSecurityControlDefinitionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSecurityControlDefinitions API operation for AWS SecurityHub. +// +// Lists all of the security controls that apply to a specified standard. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation ListSecurityControlDefinitions for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions +func (c *SecurityHub) ListSecurityControlDefinitions(input *ListSecurityControlDefinitionsInput) (*ListSecurityControlDefinitionsOutput, error) { + req, out := c.ListSecurityControlDefinitionsRequest(input) + return out, req.Send() +} + +// ListSecurityControlDefinitionsWithContext is the same as ListSecurityControlDefinitions with the addition of +// the ability to pass a context and additional request options. +// +// See ListSecurityControlDefinitions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListSecurityControlDefinitionsWithContext(ctx aws.Context, input *ListSecurityControlDefinitionsInput, opts ...request.Option) (*ListSecurityControlDefinitionsOutput, error) { + req, out := c.ListSecurityControlDefinitionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListSecurityControlDefinitionsPages iterates over the pages of a ListSecurityControlDefinitions operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListSecurityControlDefinitions method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListSecurityControlDefinitions operation. +// pageNum := 0 +// err := client.ListSecurityControlDefinitionsPages(params, +// func(page *securityhub.ListSecurityControlDefinitionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SecurityHub) ListSecurityControlDefinitionsPages(input *ListSecurityControlDefinitionsInput, fn func(*ListSecurityControlDefinitionsOutput, bool) bool) error { + return c.ListSecurityControlDefinitionsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListSecurityControlDefinitionsPagesWithContext same as ListSecurityControlDefinitionsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListSecurityControlDefinitionsPagesWithContext(ctx aws.Context, input *ListSecurityControlDefinitionsInput, fn func(*ListSecurityControlDefinitionsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListSecurityControlDefinitionsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListSecurityControlDefinitionsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListSecurityControlDefinitionsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListStandardsControlAssociations = "ListStandardsControlAssociations" + +// ListStandardsControlAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the ListStandardsControlAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListStandardsControlAssociations for more information on using the ListStandardsControlAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListStandardsControlAssociationsRequest method. +// req, resp := client.ListStandardsControlAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociations +func (c *SecurityHub) ListStandardsControlAssociationsRequest(input *ListStandardsControlAssociationsInput) (req *request.Request, output *ListStandardsControlAssociationsOutput) { + op := &request.Operation{ + Name: opListStandardsControlAssociations, + HTTPMethod: "GET", + HTTPPath: "/associations", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListStandardsControlAssociationsInput{} + } + + output = &ListStandardsControlAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListStandardsControlAssociations API operation for AWS SecurityHub. +// +// Specifies whether a control is currently enabled or disabled in each enabled +// standard in the calling account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation ListStandardsControlAssociations for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociations +func (c *SecurityHub) ListStandardsControlAssociations(input *ListStandardsControlAssociationsInput) (*ListStandardsControlAssociationsOutput, error) { + req, out := c.ListStandardsControlAssociationsRequest(input) + return out, req.Send() +} + +// ListStandardsControlAssociationsWithContext is the same as ListStandardsControlAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See ListStandardsControlAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListStandardsControlAssociationsWithContext(ctx aws.Context, input *ListStandardsControlAssociationsInput, opts ...request.Option) (*ListStandardsControlAssociationsOutput, error) { + req, out := c.ListStandardsControlAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListStandardsControlAssociationsPages iterates over the pages of a ListStandardsControlAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListStandardsControlAssociations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListStandardsControlAssociations operation. +// pageNum := 0 +// err := client.ListStandardsControlAssociationsPages(params, +// func(page *securityhub.ListStandardsControlAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SecurityHub) ListStandardsControlAssociationsPages(input *ListStandardsControlAssociationsInput, fn func(*ListStandardsControlAssociationsOutput, bool) bool) error { + return c.ListStandardsControlAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListStandardsControlAssociationsPagesWithContext same as ListStandardsControlAssociationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListStandardsControlAssociationsPagesWithContext(ctx aws.Context, input *ListStandardsControlAssociationsInput, fn func(*ListStandardsControlAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListStandardsControlAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListStandardsControlAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListStandardsControlAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListTagsForResource = "ListTagsForResource" // ListTagsForResourceRequest generates a "aws/request.Request" representing the @@ -6963,80 +8168,27 @@ func (s *AssociatedStandard) SetStandardsId(v string) *AssociatedStandard { return s } -// Information about an Availability Zone. -type AvailabilityZone struct { - _ struct{} `type:"structure"` - - // The ID of the subnet. You can specify one subnet per Availability Zone. - SubnetId *string `type:"string"` - - // The name of the Availability Zone. - ZoneName *string `type:"string"` -} - -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AvailabilityZone) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AvailabilityZone) GoString() string { - return s.String() -} - -// SetSubnetId sets the SubnetId field's value. -func (s *AvailabilityZone) SetSubnetId(v string) *AvailabilityZone { - s.SubnetId = &v - return s -} - -// SetZoneName sets the ZoneName field's value. -func (s *AvailabilityZone) SetZoneName(v string) *AvailabilityZone { - s.ZoneName = &v - return s -} - -// Provided if ActionType is AWS_API_CALL. It provides details about the API -// call that was detected. -type AwsApiCallAction struct { +// The associations between a route table and one or more subnets or a gateway. +type AssociationSetDetails struct { _ struct{} `type:"structure"` - // Identifies the resources that were affected by the API call. - AffectedResources map[string]*string `type:"map"` - - // The name of the API method that was issued. - Api *string `type:"string"` - - // Indicates whether the API call originated from a remote IP address (remoteip) - // or from a DNS domain (domain). - CallerType *string `type:"string"` + // The state of the association between a route table and a subnet or gateway. + AssociationState *AssociationStateDetails `type:"structure"` - // Provided if CallerType is domain. Provides information about the DNS domain - // that the API call originated from. - DomainDetails *AwsApiCallActionDomainDetails `type:"structure"` + // The ID of the internet gateway or virtual private gateway. + GatewayId *string `type:"string"` - // An ISO8601-formatted timestamp that indicates when the API call was first - // observed. - FirstSeen *string `type:"string"` + // Indicates whether this is the main route table. + Main *bool `type:"boolean"` - // An ISO8601-formatted timestamp that indicates when the API call was most - // recently observed. - LastSeen *string `type:"string"` + // The ID of the association. + RouteTableAssociationId *string `type:"string"` - // Provided if CallerType is remoteIp. Provides information about the remote - // IP address that the API call originated from. - RemoteIpDetails *ActionRemoteIpDetails `type:"structure"` + // The ID of the route table. + RouteTableId *string `type:"string"` - // The name of the Amazon Web Services service that the API method belongs to. - ServiceName *string `type:"string"` + // The ID of the subnet. A subnet ID is not returned for an implicit association. + SubnetId *string `type:"string"` } // String returns the string representation. @@ -7044,7 +8196,7 @@ type AwsApiCallAction struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiCallAction) String() string { +func (s AssociationSetDetails) String() string { return awsutil.Prettify(s) } @@ -7053,65 +8205,56 @@ func (s AwsApiCallAction) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiCallAction) GoString() string { +func (s AssociationSetDetails) GoString() string { return s.String() } -// SetAffectedResources sets the AffectedResources field's value. -func (s *AwsApiCallAction) SetAffectedResources(v map[string]*string) *AwsApiCallAction { - s.AffectedResources = v - return s -} - -// SetApi sets the Api field's value. -func (s *AwsApiCallAction) SetApi(v string) *AwsApiCallAction { - s.Api = &v - return s -} - -// SetCallerType sets the CallerType field's value. -func (s *AwsApiCallAction) SetCallerType(v string) *AwsApiCallAction { - s.CallerType = &v +// SetAssociationState sets the AssociationState field's value. +func (s *AssociationSetDetails) SetAssociationState(v *AssociationStateDetails) *AssociationSetDetails { + s.AssociationState = v return s } -// SetDomainDetails sets the DomainDetails field's value. -func (s *AwsApiCallAction) SetDomainDetails(v *AwsApiCallActionDomainDetails) *AwsApiCallAction { - s.DomainDetails = v +// SetGatewayId sets the GatewayId field's value. +func (s *AssociationSetDetails) SetGatewayId(v string) *AssociationSetDetails { + s.GatewayId = &v return s } -// SetFirstSeen sets the FirstSeen field's value. -func (s *AwsApiCallAction) SetFirstSeen(v string) *AwsApiCallAction { - s.FirstSeen = &v +// SetMain sets the Main field's value. +func (s *AssociationSetDetails) SetMain(v bool) *AssociationSetDetails { + s.Main = &v return s } -// SetLastSeen sets the LastSeen field's value. -func (s *AwsApiCallAction) SetLastSeen(v string) *AwsApiCallAction { - s.LastSeen = &v +// SetRouteTableAssociationId sets the RouteTableAssociationId field's value. +func (s *AssociationSetDetails) SetRouteTableAssociationId(v string) *AssociationSetDetails { + s.RouteTableAssociationId = &v return s } -// SetRemoteIpDetails sets the RemoteIpDetails field's value. -func (s *AwsApiCallAction) SetRemoteIpDetails(v *ActionRemoteIpDetails) *AwsApiCallAction { - s.RemoteIpDetails = v +// SetRouteTableId sets the RouteTableId field's value. +func (s *AssociationSetDetails) SetRouteTableId(v string) *AssociationSetDetails { + s.RouteTableId = &v return s } -// SetServiceName sets the ServiceName field's value. -func (s *AwsApiCallAction) SetServiceName(v string) *AwsApiCallAction { - s.ServiceName = &v +// SetSubnetId sets the SubnetId field's value. +func (s *AssociationSetDetails) SetSubnetId(v string) *AssociationSetDetails { + s.SubnetId = &v return s } -// Provided if CallerType is domain. It provides information about the DNS domain -// that issued the API call. -type AwsApiCallActionDomainDetails struct { +// Describes the state of an association between a route table and a subnet +// or gateway. +type AssociationStateDetails struct { _ struct{} `type:"structure"` - // The name of the DNS domain that issued the API call. - Domain *string `type:"string"` + // The state of the association. + State *string `type:"string"` + + // The status message, if applicable. + StatusMessage *string `type:"string"` } // String returns the string representation. @@ -7119,7 +8262,7 @@ type AwsApiCallActionDomainDetails struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiCallActionDomainDetails) String() string { +func (s AssociationStateDetails) String() string { return awsutil.Prettify(s) } @@ -7128,26 +8271,36 @@ func (s AwsApiCallActionDomainDetails) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiCallActionDomainDetails) GoString() string { +func (s AssociationStateDetails) GoString() string { return s.String() } -// SetDomain sets the Domain field's value. -func (s *AwsApiCallActionDomainDetails) SetDomain(v string) *AwsApiCallActionDomainDetails { - s.Domain = &v +// SetState sets the State field's value. +func (s *AssociationStateDetails) SetState(v string) *AssociationStateDetails { + s.State = &v return s } -// Contains information about settings for logging access for the stage. -type AwsApiGatewayAccessLogSettings struct { +// SetStatusMessage sets the StatusMessage field's value. +func (s *AssociationStateDetails) SetStatusMessage(v string) *AssociationStateDetails { + s.StatusMessage = &v + return s +} + +// One or more actions to update finding fields if a finding matches the defined +// criteria of the rule. +type AutomationRulesAction struct { _ struct{} `type:"structure"` - // The ARN of the CloudWatch Logs log group that receives the access logs. - DestinationArn *string `type:"string"` + // Specifies that the automation rule action is an update to a finding field. + FindingFieldsUpdate *AutomationRulesFindingFieldsUpdate `type:"structure"` - // A single-line format of the access logs of data, as specified by selected - // $context variables. The format must include at least $context.requestId. - Format *string `type:"string"` + // Specifies that the rule action should update the Types finding field. The + // Types finding field provides one or more finding types in the format of namespace/category/classifier + // that classify a finding. For more information, see Types taxonomy for ASFF + // (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) + // in the Security Hub User Guide. + Type *string `type:"string" enum:"AutomationRulesActionType"` } // String returns the string representation. @@ -7155,7 +8308,7 @@ type AwsApiGatewayAccessLogSettings struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiGatewayAccessLogSettings) String() string { +func (s AutomationRulesAction) String() string { return awsutil.Prettify(s) } @@ -7164,41 +8317,94 @@ func (s AwsApiGatewayAccessLogSettings) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiGatewayAccessLogSettings) GoString() string { +func (s AutomationRulesAction) GoString() string { return s.String() } -// SetDestinationArn sets the DestinationArn field's value. -func (s *AwsApiGatewayAccessLogSettings) SetDestinationArn(v string) *AwsApiGatewayAccessLogSettings { - s.DestinationArn = &v +// Validate inspects the fields of the type to determine if they are valid. +func (s *AutomationRulesAction) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AutomationRulesAction"} + if s.FindingFieldsUpdate != nil { + if err := s.FindingFieldsUpdate.Validate(); err != nil { + invalidParams.AddNested("FindingFieldsUpdate", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFindingFieldsUpdate sets the FindingFieldsUpdate field's value. +func (s *AutomationRulesAction) SetFindingFieldsUpdate(v *AutomationRulesFindingFieldsUpdate) *AutomationRulesAction { + s.FindingFieldsUpdate = v return s } -// SetFormat sets the Format field's value. -func (s *AwsApiGatewayAccessLogSettings) SetFormat(v string) *AwsApiGatewayAccessLogSettings { - s.Format = &v +// SetType sets the Type field's value. +func (s *AutomationRulesAction) SetType(v string) *AutomationRulesAction { + s.Type = &v return s } -// Contains information about settings for canary deployment in the stage. -type AwsApiGatewayCanarySettings struct { +// Defines the configuration of an automation rule. +type AutomationRulesConfig struct { _ struct{} `type:"structure"` - // The deployment identifier for the canary deployment. - DeploymentId *string `type:"string"` - - // The percentage of traffic that is diverted to a canary deployment. - PercentTraffic *float64 `type:"double"` + // One or more actions to update finding fields if a finding matches the defined + // criteria of the rule. + Actions []*AutomationRulesAction `min:"1" type:"list"` - // Stage variables that are overridden in the canary release deployment. The - // variables include new stage variables that are introduced in the canary. + // A timestamp that indicates when the rule was created. // - // Each variable is represented as a string-to-string map between the stage - // variable name and the variable value. - StageVariableOverrides map[string]*string `type:"map"` + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces. For example, 2020-03-22T13:22:13.933Z. + CreatedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` - // Indicates whether the canary deployment uses the stage cache. - UseStageCache *bool `type:"boolean"` + // The principal that created a rule. + CreatedBy *string `type:"string"` + + // A set of Amazon Web Services Security Finding Format (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) + // finding field attributes and corresponding expected values that Security + // Hub uses to filter findings. If a finding matches the conditions specified + // in this parameter, Security Hub applies the rule action to the finding. + Criteria *AutomationRulesFindingFilters `type:"structure"` + + // A description of the rule. + Description *string `type:"string"` + + // Specifies whether a rule is the last to be applied with respect to a finding + // that matches the rule criteria. This is useful when a finding matches the + // criteria for multiple rules, and each rule has different actions. If the + // value of this field is set to true for a rule, Security Hub applies the rule + // action to a finding that matches the rule criteria and won't evaluate other + // rules for the finding. The default value of this field is false. + IsTerminal *bool `type:"boolean"` + + // The Amazon Resource Name (ARN) of a rule. + RuleArn *string `type:"string"` + + // The name of the rule. + RuleName *string `type:"string"` + + // An integer ranging from 1 to 1000 that represents the order in which the + // rule action is applied to findings. Security Hub applies rules with lower + // values for this parameter first. + RuleOrder *int64 `min:"1" type:"integer"` + + // Whether the rule is active after it is created. If this parameter is equal + // to >ENABLED, Security Hub will apply the rule to findings and finding updates + // after the rule is created. + RuleStatus *string `type:"string" enum:"RuleStatus"` + + // A timestamp that indicates when the rule was most recently updated. + // + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces. For example, 2020-03-22T13:22:13.933Z. + UpdatedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` } // String returns the string representation. @@ -7206,7 +8412,7 @@ type AwsApiGatewayCanarySettings struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiGatewayCanarySettings) String() string { +func (s AutomationRulesConfig) String() string { return awsutil.Prettify(s) } @@ -7215,43 +8421,107 @@ func (s AwsApiGatewayCanarySettings) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiGatewayCanarySettings) GoString() string { +func (s AutomationRulesConfig) GoString() string { return s.String() } -// SetDeploymentId sets the DeploymentId field's value. -func (s *AwsApiGatewayCanarySettings) SetDeploymentId(v string) *AwsApiGatewayCanarySettings { - s.DeploymentId = &v +// SetActions sets the Actions field's value. +func (s *AutomationRulesConfig) SetActions(v []*AutomationRulesAction) *AutomationRulesConfig { + s.Actions = v return s } -// SetPercentTraffic sets the PercentTraffic field's value. -func (s *AwsApiGatewayCanarySettings) SetPercentTraffic(v float64) *AwsApiGatewayCanarySettings { - s.PercentTraffic = &v +// SetCreatedAt sets the CreatedAt field's value. +func (s *AutomationRulesConfig) SetCreatedAt(v time.Time) *AutomationRulesConfig { + s.CreatedAt = &v return s } -// SetStageVariableOverrides sets the StageVariableOverrides field's value. -func (s *AwsApiGatewayCanarySettings) SetStageVariableOverrides(v map[string]*string) *AwsApiGatewayCanarySettings { - s.StageVariableOverrides = v +// SetCreatedBy sets the CreatedBy field's value. +func (s *AutomationRulesConfig) SetCreatedBy(v string) *AutomationRulesConfig { + s.CreatedBy = &v return s } -// SetUseStageCache sets the UseStageCache field's value. -func (s *AwsApiGatewayCanarySettings) SetUseStageCache(v bool) *AwsApiGatewayCanarySettings { - s.UseStageCache = &v +// SetCriteria sets the Criteria field's value. +func (s *AutomationRulesConfig) SetCriteria(v *AutomationRulesFindingFilters) *AutomationRulesConfig { + s.Criteria = v return s } -// Contains information about the endpoints for the API. -type AwsApiGatewayEndpointConfiguration struct { +// SetDescription sets the Description field's value. +func (s *AutomationRulesConfig) SetDescription(v string) *AutomationRulesConfig { + s.Description = &v + return s +} + +// SetIsTerminal sets the IsTerminal field's value. +func (s *AutomationRulesConfig) SetIsTerminal(v bool) *AutomationRulesConfig { + s.IsTerminal = &v + return s +} + +// SetRuleArn sets the RuleArn field's value. +func (s *AutomationRulesConfig) SetRuleArn(v string) *AutomationRulesConfig { + s.RuleArn = &v + return s +} + +// SetRuleName sets the RuleName field's value. +func (s *AutomationRulesConfig) SetRuleName(v string) *AutomationRulesConfig { + s.RuleName = &v + return s +} + +// SetRuleOrder sets the RuleOrder field's value. +func (s *AutomationRulesConfig) SetRuleOrder(v int64) *AutomationRulesConfig { + s.RuleOrder = &v + return s +} + +// SetRuleStatus sets the RuleStatus field's value. +func (s *AutomationRulesConfig) SetRuleStatus(v string) *AutomationRulesConfig { + s.RuleStatus = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *AutomationRulesConfig) SetUpdatedAt(v time.Time) *AutomationRulesConfig { + s.UpdatedAt = &v + return s +} + +// Identifies the finding fields that the automation rule action will update +// when a finding matches the defined criteria. +type AutomationRulesFindingFieldsUpdate struct { _ struct{} `type:"structure"` - // A list of endpoint types for the REST API. - // - // For an edge-optimized API, the endpoint type is EDGE. For a Regional API, - // the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE. + // The rule action will update the Confidence field of a finding. + Confidence *int64 `type:"integer"` + + // The rule action will update the Criticality field of a finding. + Criticality *int64 `type:"integer"` + + // The updated note. + Note *NoteUpdate `type:"structure"` + + // A list of findings that are related to a finding. + RelatedFindings []*RelatedFinding `type:"list"` + + // Updates to the severity information for a finding. + Severity *SeverityUpdate `type:"structure"` + + // The rule action will update the Types field of a finding. Types []*string `type:"list"` + + // The rule action will update the UserDefinedFields field of a finding. + UserDefinedFields map[string]*string `type:"map"` + + // The rule action will update the VerificationState field of a finding. + VerificationState *string `type:"string" enum:"VerificationState"` + + // Used to update information about the investigation into the finding. + Workflow *WorkflowUpdate `type:"structure"` } // String returns the string representation. @@ -7259,7 +8529,7 @@ type AwsApiGatewayEndpointConfiguration struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiGatewayEndpointConfiguration) String() string { +func (s AutomationRulesFindingFieldsUpdate) String() string { return awsutil.Prettify(s) } @@ -7268,18 +8538,1495 @@ func (s AwsApiGatewayEndpointConfiguration) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsApiGatewayEndpointConfiguration) GoString() string { +func (s AutomationRulesFindingFieldsUpdate) GoString() string { return s.String() } -// SetTypes sets the Types field's value. -func (s *AwsApiGatewayEndpointConfiguration) SetTypes(v []*string) *AwsApiGatewayEndpointConfiguration { - s.Types = v +// Validate inspects the fields of the type to determine if they are valid. +func (s *AutomationRulesFindingFieldsUpdate) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AutomationRulesFindingFieldsUpdate"} + if s.Note != nil { + if err := s.Note.Validate(); err != nil { + invalidParams.AddNested("Note", err.(request.ErrInvalidParams)) + } + } + if s.RelatedFindings != nil { + for i, v := range s.RelatedFindings { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RelatedFindings", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetConfidence sets the Confidence field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetConfidence(v int64) *AutomationRulesFindingFieldsUpdate { + s.Confidence = &v return s } -// Defines settings for a method for the stage. -type AwsApiGatewayMethodSettings struct { +// SetCriticality sets the Criticality field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetCriticality(v int64) *AutomationRulesFindingFieldsUpdate { + s.Criticality = &v + return s +} + +// SetNote sets the Note field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetNote(v *NoteUpdate) *AutomationRulesFindingFieldsUpdate { + s.Note = v + return s +} + +// SetRelatedFindings sets the RelatedFindings field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetRelatedFindings(v []*RelatedFinding) *AutomationRulesFindingFieldsUpdate { + s.RelatedFindings = v + return s +} + +// SetSeverity sets the Severity field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetSeverity(v *SeverityUpdate) *AutomationRulesFindingFieldsUpdate { + s.Severity = v + return s +} + +// SetTypes sets the Types field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetTypes(v []*string) *AutomationRulesFindingFieldsUpdate { + s.Types = v + return s +} + +// SetUserDefinedFields sets the UserDefinedFields field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetUserDefinedFields(v map[string]*string) *AutomationRulesFindingFieldsUpdate { + s.UserDefinedFields = v + return s +} + +// SetVerificationState sets the VerificationState field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetVerificationState(v string) *AutomationRulesFindingFieldsUpdate { + s.VerificationState = &v + return s +} + +// SetWorkflow sets the Workflow field's value. +func (s *AutomationRulesFindingFieldsUpdate) SetWorkflow(v *WorkflowUpdate) *AutomationRulesFindingFieldsUpdate { + s.Workflow = v + return s +} + +// The criteria that determine which findings a rule applies to. +type AutomationRulesFindingFilters struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services account ID in which a finding was generated. + AwsAccountId []*StringFilter `type:"list"` + + // The name of the company for the product that generated the finding. For control-based + // findings, the company is Amazon Web Services. + CompanyName []*StringFilter `type:"list"` + + // The unique identifier of a standard in which a control is enabled. This field + // consists of the resource portion of the Amazon Resource Name (ARN) returned + // for a standard in the DescribeStandards (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) + // API response. + ComplianceAssociatedStandardsId []*StringFilter `type:"list"` + + // The security control ID for which a finding was generated. Security control + // IDs are the same across standards. + ComplianceSecurityControlId []*StringFilter `type:"list"` + + // The result of a security check. This field is only used for findings generated + // from controls. + ComplianceStatus []*StringFilter `type:"list"` + + // The likelihood that a finding accurately identifies the behavior or issue + // that it was intended to identify. Confidence is scored on a 0–100 basis + // using a ratio scale. A value of 0 means 0 percent confidence, and a value + // of 100 means 100 percent confidence. For example, a data exfiltration detection + // based on a statistical deviation of network traffic has low confidence because + // an actual exfiltration hasn't been verified. For more information, see Confidence + // (https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) + // in the Security Hub User Guide. + Confidence []*NumberFilter `type:"list"` + + // A timestamp that indicates when this finding record was created. + // + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces. For example, 2020-03-22T13:22:13.933Z. + CreatedAt []*DateFilter `type:"list"` + + // The level of importance that is assigned to the resources that are associated + // with a finding. Criticality is scored on a 0–100 basis, using a ratio scale + // that supports only full integers. A score of 0 means that the underlying + // resources have no criticality, and a score of 100 is reserved for the most + // critical resources. For more information, see Criticality (https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) + // in the Security Hub User Guide. + Criticality []*NumberFilter `type:"list"` + + // A finding's description. + Description []*StringFilter `type:"list"` + + // A timestamp that indicates when the potential security issue captured by + // a finding was first observed by the security findings product. + // + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces. For example, 2020-03-22T13:22:13.933Z. + FirstObservedAt []*DateFilter `type:"list"` + + // The identifier for the solution-specific component that generated a finding. + GeneratorId []*StringFilter `type:"list"` + + // The product-specific identifier for a finding. + Id []*StringFilter `type:"list"` + + // A timestamp that indicates when the potential security issue captured by + // a finding was most recently observed by the security findings product. + // + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces. For example, 2020-03-22T13:22:13.933Z. + LastObservedAt []*DateFilter `type:"list"` + + // The text of a user-defined note that's added to a finding. + NoteText []*StringFilter `type:"list"` + + // The timestamp of when the note was updated. Uses the date-time format specified + // in RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). + // The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z. + NoteUpdatedAt []*DateFilter `type:"list"` + + // The principal that created a note. + NoteUpdatedBy []*StringFilter `type:"list"` + + // The Amazon Resource Name (ARN) for a third-party product that generated a + // finding in Security Hub. + ProductArn []*StringFilter `type:"list"` + + // Provides the name of the product that generated the finding. For control-based + // findings, the product name is Security Hub. + ProductName []*StringFilter `type:"list"` + + // Provides the current state of a finding. + RecordState []*StringFilter `type:"list"` + + // The product-generated identifier for a related finding. + RelatedFindingsId []*StringFilter `type:"list"` + + // The ARN for the product that generated a related finding. + RelatedFindingsProductArn []*StringFilter `type:"list"` + + // Custom fields and values about the resource that a finding pertains to. + ResourceDetailsOther []*MapFilter `type:"list"` + + // The identifier for the given resource type. For Amazon Web Services resources + // that are identified by Amazon Resource Names (ARNs), this is the ARN. For + // Amazon Web Services resources that lack ARNs, this is the identifier as defined + // by the Amazon Web Service that created the resource. For non-Amazon Web Services + // resources, this is a unique identifier that is associated with the resource. + ResourceId []*StringFilter `type:"list"` + + // The partition in which the resource that the finding pertains to is located. + // A partition is a group of Amazon Web Services Regions. Each Amazon Web Services + // account is scoped to one partition. + ResourcePartition []*StringFilter `type:"list"` + + // The Amazon Web Services Region where the resource that a finding pertains + // to is located. + ResourceRegion []*StringFilter `type:"list"` + + // A list of Amazon Web Services tags associated with a resource at the time + // the finding was processed. + ResourceTags []*MapFilter `type:"list"` + + // The type of resource that the finding pertains to. + ResourceType []*StringFilter `type:"list"` + + // The severity value of the finding. + SeverityLabel []*StringFilter `type:"list"` + + // Provides a URL that links to a page about the current finding in the finding + // product. + SourceUrl []*StringFilter `type:"list"` + + // A finding's title. + Title []*StringFilter `type:"list"` + + // One or more finding types in the format of namespace/category/classifier + // that classify a finding. For a list of namespaces, classifiers, and categories, + // see Types taxonomy for ASFF (https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) + // in the Security Hub User Guide. + Type []*StringFilter `type:"list"` + + // A timestamp that indicates when the finding record was most recently updated. + // + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces. For example, 2020-03-22T13:22:13.933Z. + UpdatedAt []*DateFilter `type:"list"` + + // A list of user-defined name and value string pairs added to a finding. + UserDefinedFields []*MapFilter `type:"list"` + + // Provides the veracity of a finding. + VerificationState []*StringFilter `type:"list"` + + // Provides information about the status of the investigation into a finding. + WorkflowStatus []*StringFilter `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AutomationRulesFindingFilters) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AutomationRulesFindingFilters) GoString() string { + return s.String() +} + +// SetAwsAccountId sets the AwsAccountId field's value. +func (s *AutomationRulesFindingFilters) SetAwsAccountId(v []*StringFilter) *AutomationRulesFindingFilters { + s.AwsAccountId = v + return s +} + +// SetCompanyName sets the CompanyName field's value. +func (s *AutomationRulesFindingFilters) SetCompanyName(v []*StringFilter) *AutomationRulesFindingFilters { + s.CompanyName = v + return s +} + +// SetComplianceAssociatedStandardsId sets the ComplianceAssociatedStandardsId field's value. +func (s *AutomationRulesFindingFilters) SetComplianceAssociatedStandardsId(v []*StringFilter) *AutomationRulesFindingFilters { + s.ComplianceAssociatedStandardsId = v + return s +} + +// SetComplianceSecurityControlId sets the ComplianceSecurityControlId field's value. +func (s *AutomationRulesFindingFilters) SetComplianceSecurityControlId(v []*StringFilter) *AutomationRulesFindingFilters { + s.ComplianceSecurityControlId = v + return s +} + +// SetComplianceStatus sets the ComplianceStatus field's value. +func (s *AutomationRulesFindingFilters) SetComplianceStatus(v []*StringFilter) *AutomationRulesFindingFilters { + s.ComplianceStatus = v + return s +} + +// SetConfidence sets the Confidence field's value. +func (s *AutomationRulesFindingFilters) SetConfidence(v []*NumberFilter) *AutomationRulesFindingFilters { + s.Confidence = v + return s +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *AutomationRulesFindingFilters) SetCreatedAt(v []*DateFilter) *AutomationRulesFindingFilters { + s.CreatedAt = v + return s +} + +// SetCriticality sets the Criticality field's value. +func (s *AutomationRulesFindingFilters) SetCriticality(v []*NumberFilter) *AutomationRulesFindingFilters { + s.Criticality = v + return s +} + +// SetDescription sets the Description field's value. +func (s *AutomationRulesFindingFilters) SetDescription(v []*StringFilter) *AutomationRulesFindingFilters { + s.Description = v + return s +} + +// SetFirstObservedAt sets the FirstObservedAt field's value. +func (s *AutomationRulesFindingFilters) SetFirstObservedAt(v []*DateFilter) *AutomationRulesFindingFilters { + s.FirstObservedAt = v + return s +} + +// SetGeneratorId sets the GeneratorId field's value. +func (s *AutomationRulesFindingFilters) SetGeneratorId(v []*StringFilter) *AutomationRulesFindingFilters { + s.GeneratorId = v + return s +} + +// SetId sets the Id field's value. +func (s *AutomationRulesFindingFilters) SetId(v []*StringFilter) *AutomationRulesFindingFilters { + s.Id = v + return s +} + +// SetLastObservedAt sets the LastObservedAt field's value. +func (s *AutomationRulesFindingFilters) SetLastObservedAt(v []*DateFilter) *AutomationRulesFindingFilters { + s.LastObservedAt = v + return s +} + +// SetNoteText sets the NoteText field's value. +func (s *AutomationRulesFindingFilters) SetNoteText(v []*StringFilter) *AutomationRulesFindingFilters { + s.NoteText = v + return s +} + +// SetNoteUpdatedAt sets the NoteUpdatedAt field's value. +func (s *AutomationRulesFindingFilters) SetNoteUpdatedAt(v []*DateFilter) *AutomationRulesFindingFilters { + s.NoteUpdatedAt = v + return s +} + +// SetNoteUpdatedBy sets the NoteUpdatedBy field's value. +func (s *AutomationRulesFindingFilters) SetNoteUpdatedBy(v []*StringFilter) *AutomationRulesFindingFilters { + s.NoteUpdatedBy = v + return s +} + +// SetProductArn sets the ProductArn field's value. +func (s *AutomationRulesFindingFilters) SetProductArn(v []*StringFilter) *AutomationRulesFindingFilters { + s.ProductArn = v + return s +} + +// SetProductName sets the ProductName field's value. +func (s *AutomationRulesFindingFilters) SetProductName(v []*StringFilter) *AutomationRulesFindingFilters { + s.ProductName = v + return s +} + +// SetRecordState sets the RecordState field's value. +func (s *AutomationRulesFindingFilters) SetRecordState(v []*StringFilter) *AutomationRulesFindingFilters { + s.RecordState = v + return s +} + +// SetRelatedFindingsId sets the RelatedFindingsId field's value. +func (s *AutomationRulesFindingFilters) SetRelatedFindingsId(v []*StringFilter) *AutomationRulesFindingFilters { + s.RelatedFindingsId = v + return s +} + +// SetRelatedFindingsProductArn sets the RelatedFindingsProductArn field's value. +func (s *AutomationRulesFindingFilters) SetRelatedFindingsProductArn(v []*StringFilter) *AutomationRulesFindingFilters { + s.RelatedFindingsProductArn = v + return s +} + +// SetResourceDetailsOther sets the ResourceDetailsOther field's value. +func (s *AutomationRulesFindingFilters) SetResourceDetailsOther(v []*MapFilter) *AutomationRulesFindingFilters { + s.ResourceDetailsOther = v + return s +} + +// SetResourceId sets the ResourceId field's value. +func (s *AutomationRulesFindingFilters) SetResourceId(v []*StringFilter) *AutomationRulesFindingFilters { + s.ResourceId = v + return s +} + +// SetResourcePartition sets the ResourcePartition field's value. +func (s *AutomationRulesFindingFilters) SetResourcePartition(v []*StringFilter) *AutomationRulesFindingFilters { + s.ResourcePartition = v + return s +} + +// SetResourceRegion sets the ResourceRegion field's value. +func (s *AutomationRulesFindingFilters) SetResourceRegion(v []*StringFilter) *AutomationRulesFindingFilters { + s.ResourceRegion = v + return s +} + +// SetResourceTags sets the ResourceTags field's value. +func (s *AutomationRulesFindingFilters) SetResourceTags(v []*MapFilter) *AutomationRulesFindingFilters { + s.ResourceTags = v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *AutomationRulesFindingFilters) SetResourceType(v []*StringFilter) *AutomationRulesFindingFilters { + s.ResourceType = v + return s +} + +// SetSeverityLabel sets the SeverityLabel field's value. +func (s *AutomationRulesFindingFilters) SetSeverityLabel(v []*StringFilter) *AutomationRulesFindingFilters { + s.SeverityLabel = v + return s +} + +// SetSourceUrl sets the SourceUrl field's value. +func (s *AutomationRulesFindingFilters) SetSourceUrl(v []*StringFilter) *AutomationRulesFindingFilters { + s.SourceUrl = v + return s +} + +// SetTitle sets the Title field's value. +func (s *AutomationRulesFindingFilters) SetTitle(v []*StringFilter) *AutomationRulesFindingFilters { + s.Title = v + return s +} + +// SetType sets the Type field's value. +func (s *AutomationRulesFindingFilters) SetType(v []*StringFilter) *AutomationRulesFindingFilters { + s.Type = v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *AutomationRulesFindingFilters) SetUpdatedAt(v []*DateFilter) *AutomationRulesFindingFilters { + s.UpdatedAt = v + return s +} + +// SetUserDefinedFields sets the UserDefinedFields field's value. +func (s *AutomationRulesFindingFilters) SetUserDefinedFields(v []*MapFilter) *AutomationRulesFindingFilters { + s.UserDefinedFields = v + return s +} + +// SetVerificationState sets the VerificationState field's value. +func (s *AutomationRulesFindingFilters) SetVerificationState(v []*StringFilter) *AutomationRulesFindingFilters { + s.VerificationState = v + return s +} + +// SetWorkflowStatus sets the WorkflowStatus field's value. +func (s *AutomationRulesFindingFilters) SetWorkflowStatus(v []*StringFilter) *AutomationRulesFindingFilters { + s.WorkflowStatus = v + return s +} + +// Metadata for automation rules in the calling account. The response includes +// rules with a RuleStatus of ENABLED and DISABLED. +type AutomationRulesMetadata struct { + _ struct{} `type:"structure"` + + // A timestamp that indicates when the rule was created. + // + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces. For example, 2020-03-22T13:22:13.933Z. + CreatedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // The principal that created a rule. + CreatedBy *string `type:"string"` + + // A description of the rule. + Description *string `type:"string"` + + // Specifies whether a rule is the last to be applied with respect to a finding + // that matches the rule criteria. This is useful when a finding matches the + // criteria for multiple rules, and each rule has different actions. If the + // value of this field is set to true for a rule, Security Hub applies the rule + // action to a finding that matches the rule criteria and won't evaluate other + // rules for the finding. The default value of this field is false. + IsTerminal *bool `type:"boolean"` + + // The Amazon Resource Name (ARN) for the rule. + RuleArn *string `type:"string"` + + // The name of the rule. + RuleName *string `type:"string"` + + // An integer ranging from 1 to 1000 that represents the order in which the + // rule action is applied to findings. Security Hub applies rules with lower + // values for this parameter first. + RuleOrder *int64 `min:"1" type:"integer"` + + // Whether the rule is active after it is created. If this parameter is equal + // to ENABLED, Security Hub will apply the rule to findings and finding updates + // after the rule is created. To change the value of this parameter after creating + // a rule, use BatchUpdateAutomationRules. + RuleStatus *string `type:"string" enum:"RuleStatus"` + + // A timestamp that indicates when the rule was most recently updated. + // + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces. For example, 2020-03-22T13:22:13.933Z. + UpdatedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AutomationRulesMetadata) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AutomationRulesMetadata) GoString() string { + return s.String() +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *AutomationRulesMetadata) SetCreatedAt(v time.Time) *AutomationRulesMetadata { + s.CreatedAt = &v + return s +} + +// SetCreatedBy sets the CreatedBy field's value. +func (s *AutomationRulesMetadata) SetCreatedBy(v string) *AutomationRulesMetadata { + s.CreatedBy = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *AutomationRulesMetadata) SetDescription(v string) *AutomationRulesMetadata { + s.Description = &v + return s +} + +// SetIsTerminal sets the IsTerminal field's value. +func (s *AutomationRulesMetadata) SetIsTerminal(v bool) *AutomationRulesMetadata { + s.IsTerminal = &v + return s +} + +// SetRuleArn sets the RuleArn field's value. +func (s *AutomationRulesMetadata) SetRuleArn(v string) *AutomationRulesMetadata { + s.RuleArn = &v + return s +} + +// SetRuleName sets the RuleName field's value. +func (s *AutomationRulesMetadata) SetRuleName(v string) *AutomationRulesMetadata { + s.RuleName = &v + return s +} + +// SetRuleOrder sets the RuleOrder field's value. +func (s *AutomationRulesMetadata) SetRuleOrder(v int64) *AutomationRulesMetadata { + s.RuleOrder = &v + return s +} + +// SetRuleStatus sets the RuleStatus field's value. +func (s *AutomationRulesMetadata) SetRuleStatus(v string) *AutomationRulesMetadata { + s.RuleStatus = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *AutomationRulesMetadata) SetUpdatedAt(v time.Time) *AutomationRulesMetadata { + s.UpdatedAt = &v + return s +} + +// Information about an Availability Zone. +type AvailabilityZone struct { + _ struct{} `type:"structure"` + + // The ID of the subnet. You can specify one subnet per Availability Zone. + SubnetId *string `type:"string"` + + // The name of the Availability Zone. + ZoneName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AvailabilityZone) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AvailabilityZone) GoString() string { + return s.String() +} + +// SetSubnetId sets the SubnetId field's value. +func (s *AvailabilityZone) SetSubnetId(v string) *AvailabilityZone { + s.SubnetId = &v + return s +} + +// SetZoneName sets the ZoneName field's value. +func (s *AvailabilityZone) SetZoneName(v string) *AvailabilityZone { + s.ZoneName = &v + return s +} + +// Provides details about an Amazon MQ message broker. A message broker allows +// software applications and components to communicate using various programming +// languages, operating systems, and formal messaging protocols. +type AwsAmazonMqBrokerDetails struct { + _ struct{} `type:"structure"` + + // The authentication strategy used to secure the broker. The default is SIMPLE. + AuthenticationStrategy *string `type:"string"` + + // Whether automatically upgrade new minor versions for brokers, as new versions + // are released and supported by Amazon MQ. Automatic upgrades occur during + // the scheduled maintenance window of the broker or after a manual broker reboot. + AutoMinorVersionUpgrade *bool `type:"boolean"` + + // The Amazon Resource Name (ARN) of the broker. + BrokerArn *string `type:"string"` + + // The unique ID that Amazon MQ generates for the broker. + BrokerId *string `type:"string"` + + // The broker's name. + BrokerName *string `type:"string"` + + // The broker's deployment mode. + DeploymentMode *string `type:"string"` + + // Encryption options for the broker. Doesn’t apply to RabbitMQ brokers. + EncryptionOptions *AwsAmazonMqBrokerEncryptionOptionsDetails `type:"structure"` + + // The type of broker engine. + EngineType *string `type:"string"` + + // The version of the broker engine. + EngineVersion *string `type:"string"` + + // The broker's instance type. + HostInstanceType *string `type:"string"` + + // The metadata of the Lightweight Directory Access Protocol (LDAP) server used + // to authenticate and authorize connections to the broker. This is an optional + // failover server. + LdapServerMetadata *AwsAmazonMqBrokerLdapServerMetadataDetails `type:"structure"` + + // Turns on Amazon CloudWatch logging for brokers. + Logs *AwsAmazonMqBrokerLogsDetails `type:"structure"` + + // The scheduled time period (UTC) during which Amazon MQ begins to apply pending + // updates or patches to the broker. + MaintenanceWindowStartTime *AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails `type:"structure"` + + // Permits connections from applications outside of the VPC that hosts the broker's + // subnets. + PubliclyAccessible *bool `type:"boolean"` + + // The list of rules (one minimum, 125 maximum) that authorize connections to + // brokers. + SecurityGroups []*string `type:"list"` + + // The broker's storage type. + StorageType *string `type:"string"` + + // The list of groups that define which subnets and IP ranges the broker can + // use from different Availability Zones. + SubnetIds []*string `type:"list"` + + // The list of all broker usernames for the specified broker. Doesn't apply + // to RabbitMQ brokers. + Users []*AwsAmazonMqBrokerUsersDetails `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerDetails) GoString() string { + return s.String() +} + +// SetAuthenticationStrategy sets the AuthenticationStrategy field's value. +func (s *AwsAmazonMqBrokerDetails) SetAuthenticationStrategy(v string) *AwsAmazonMqBrokerDetails { + s.AuthenticationStrategy = &v + return s +} + +// SetAutoMinorVersionUpgrade sets the AutoMinorVersionUpgrade field's value. +func (s *AwsAmazonMqBrokerDetails) SetAutoMinorVersionUpgrade(v bool) *AwsAmazonMqBrokerDetails { + s.AutoMinorVersionUpgrade = &v + return s +} + +// SetBrokerArn sets the BrokerArn field's value. +func (s *AwsAmazonMqBrokerDetails) SetBrokerArn(v string) *AwsAmazonMqBrokerDetails { + s.BrokerArn = &v + return s +} + +// SetBrokerId sets the BrokerId field's value. +func (s *AwsAmazonMqBrokerDetails) SetBrokerId(v string) *AwsAmazonMqBrokerDetails { + s.BrokerId = &v + return s +} + +// SetBrokerName sets the BrokerName field's value. +func (s *AwsAmazonMqBrokerDetails) SetBrokerName(v string) *AwsAmazonMqBrokerDetails { + s.BrokerName = &v + return s +} + +// SetDeploymentMode sets the DeploymentMode field's value. +func (s *AwsAmazonMqBrokerDetails) SetDeploymentMode(v string) *AwsAmazonMqBrokerDetails { + s.DeploymentMode = &v + return s +} + +// SetEncryptionOptions sets the EncryptionOptions field's value. +func (s *AwsAmazonMqBrokerDetails) SetEncryptionOptions(v *AwsAmazonMqBrokerEncryptionOptionsDetails) *AwsAmazonMqBrokerDetails { + s.EncryptionOptions = v + return s +} + +// SetEngineType sets the EngineType field's value. +func (s *AwsAmazonMqBrokerDetails) SetEngineType(v string) *AwsAmazonMqBrokerDetails { + s.EngineType = &v + return s +} + +// SetEngineVersion sets the EngineVersion field's value. +func (s *AwsAmazonMqBrokerDetails) SetEngineVersion(v string) *AwsAmazonMqBrokerDetails { + s.EngineVersion = &v + return s +} + +// SetHostInstanceType sets the HostInstanceType field's value. +func (s *AwsAmazonMqBrokerDetails) SetHostInstanceType(v string) *AwsAmazonMqBrokerDetails { + s.HostInstanceType = &v + return s +} + +// SetLdapServerMetadata sets the LdapServerMetadata field's value. +func (s *AwsAmazonMqBrokerDetails) SetLdapServerMetadata(v *AwsAmazonMqBrokerLdapServerMetadataDetails) *AwsAmazonMqBrokerDetails { + s.LdapServerMetadata = v + return s +} + +// SetLogs sets the Logs field's value. +func (s *AwsAmazonMqBrokerDetails) SetLogs(v *AwsAmazonMqBrokerLogsDetails) *AwsAmazonMqBrokerDetails { + s.Logs = v + return s +} + +// SetMaintenanceWindowStartTime sets the MaintenanceWindowStartTime field's value. +func (s *AwsAmazonMqBrokerDetails) SetMaintenanceWindowStartTime(v *AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails) *AwsAmazonMqBrokerDetails { + s.MaintenanceWindowStartTime = v + return s +} + +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *AwsAmazonMqBrokerDetails) SetPubliclyAccessible(v bool) *AwsAmazonMqBrokerDetails { + s.PubliclyAccessible = &v + return s +} + +// SetSecurityGroups sets the SecurityGroups field's value. +func (s *AwsAmazonMqBrokerDetails) SetSecurityGroups(v []*string) *AwsAmazonMqBrokerDetails { + s.SecurityGroups = v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *AwsAmazonMqBrokerDetails) SetStorageType(v string) *AwsAmazonMqBrokerDetails { + s.StorageType = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *AwsAmazonMqBrokerDetails) SetSubnetIds(v []*string) *AwsAmazonMqBrokerDetails { + s.SubnetIds = v + return s +} + +// SetUsers sets the Users field's value. +func (s *AwsAmazonMqBrokerDetails) SetUsers(v []*AwsAmazonMqBrokerUsersDetails) *AwsAmazonMqBrokerDetails { + s.Users = v + return s +} + +// Provides details about broker encryption options. +type AwsAmazonMqBrokerEncryptionOptionsDetails struct { + _ struct{} `type:"structure"` + + // The KMS key that’s used to encrypt your data at rest. If not provided, + // Amazon MQ will use a default KMS key to encrypt your data. + KmsKeyId *string `type:"string"` + + // Specifies that an KMS key should be used for at-rest encryption. Set to true + // by default if no value is provided (for example, for RabbitMQ brokers). + UseAwsOwnedKey *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerEncryptionOptionsDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerEncryptionOptionsDetails) GoString() string { + return s.String() +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *AwsAmazonMqBrokerEncryptionOptionsDetails) SetKmsKeyId(v string) *AwsAmazonMqBrokerEncryptionOptionsDetails { + s.KmsKeyId = &v + return s +} + +// SetUseAwsOwnedKey sets the UseAwsOwnedKey field's value. +func (s *AwsAmazonMqBrokerEncryptionOptionsDetails) SetUseAwsOwnedKey(v bool) *AwsAmazonMqBrokerEncryptionOptionsDetails { + s.UseAwsOwnedKey = &v + return s +} + +// The metadata of the Lightweight Directory Access Protocol (LDAP) server used +// to authenticate and authorize connections to the broker. This is an optional +// failover server. +type AwsAmazonMqBrokerLdapServerMetadataDetails struct { + _ struct{} `type:"structure"` + + // Specifies the location of the LDAP server, such as Amazon Web Services Directory + // Service for Microsoft Active Directory. + Hosts []*string `type:"list"` + + // The distinguished name of the node in the directory information tree (DIT) + // to search for roles or groups. + RoleBase *string `type:"string"` + + // The group name attribute in a role entry whose value is the name of that + // role. + RoleName *string `type:"string"` + + // The LDAP search filter used to find roles within the roleBase. + RoleSearchMatching *string `type:"string"` + + // The directory search scope for the role. If set to true, the scope is to + // search the entire subtree. + RoleSearchSubtree *bool `type:"boolean"` + + // A username for the service account, which is an account in your LDAP server + // that has access to initiate a connection. + ServiceAccountUsername *string `type:"string"` + + // Selects a particular subtree of the directory information tree (DIT) to search + // for user entries. + UserBase *string `type:"string"` + + // The name of the LDAP attribute in the user's directory entry for the user's + // group membership. + UserRoleName *string `type:"string"` + + // The LDAP search filter used to find users within the userBase. + UserSearchMatching *string `type:"string"` + + // The directory search scope for the user. If set to true, the scope is to + // search the entire subtree. + UserSearchSubtree *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerLdapServerMetadataDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerLdapServerMetadataDetails) GoString() string { + return s.String() +} + +// SetHosts sets the Hosts field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetHosts(v []*string) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.Hosts = v + return s +} + +// SetRoleBase sets the RoleBase field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetRoleBase(v string) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.RoleBase = &v + return s +} + +// SetRoleName sets the RoleName field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetRoleName(v string) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.RoleName = &v + return s +} + +// SetRoleSearchMatching sets the RoleSearchMatching field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetRoleSearchMatching(v string) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.RoleSearchMatching = &v + return s +} + +// SetRoleSearchSubtree sets the RoleSearchSubtree field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetRoleSearchSubtree(v bool) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.RoleSearchSubtree = &v + return s +} + +// SetServiceAccountUsername sets the ServiceAccountUsername field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetServiceAccountUsername(v string) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.ServiceAccountUsername = &v + return s +} + +// SetUserBase sets the UserBase field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetUserBase(v string) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.UserBase = &v + return s +} + +// SetUserRoleName sets the UserRoleName field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetUserRoleName(v string) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.UserRoleName = &v + return s +} + +// SetUserSearchMatching sets the UserSearchMatching field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetUserSearchMatching(v string) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.UserSearchMatching = &v + return s +} + +// SetUserSearchSubtree sets the UserSearchSubtree field's value. +func (s *AwsAmazonMqBrokerLdapServerMetadataDetails) SetUserSearchSubtree(v bool) *AwsAmazonMqBrokerLdapServerMetadataDetails { + s.UserSearchSubtree = &v + return s +} + +// Provides information about logs to be activated for the specified broker. +type AwsAmazonMqBrokerLogsDetails struct { + _ struct{} `type:"structure"` + + // Activates audit logging. Every user management action made using JMX or the + // ActiveMQ Web Console is logged. Doesn't apply to RabbitMQ brokers. + Audit *bool `type:"boolean"` + + // The location of the CloudWatch Logs log group where audit logs are sent. + AuditLogGroup *string `type:"string"` + + // Activates general logging. + General *bool `type:"boolean"` + + // The location of the CloudWatch Logs log group where general logs are sent. + GeneralLogGroup *string `type:"string"` + + // The list of information about logs that are to be turned on for the specified + // broker. + Pending *AwsAmazonMqBrokerLogsPendingDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerLogsDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerLogsDetails) GoString() string { + return s.String() +} + +// SetAudit sets the Audit field's value. +func (s *AwsAmazonMqBrokerLogsDetails) SetAudit(v bool) *AwsAmazonMqBrokerLogsDetails { + s.Audit = &v + return s +} + +// SetAuditLogGroup sets the AuditLogGroup field's value. +func (s *AwsAmazonMqBrokerLogsDetails) SetAuditLogGroup(v string) *AwsAmazonMqBrokerLogsDetails { + s.AuditLogGroup = &v + return s +} + +// SetGeneral sets the General field's value. +func (s *AwsAmazonMqBrokerLogsDetails) SetGeneral(v bool) *AwsAmazonMqBrokerLogsDetails { + s.General = &v + return s +} + +// SetGeneralLogGroup sets the GeneralLogGroup field's value. +func (s *AwsAmazonMqBrokerLogsDetails) SetGeneralLogGroup(v string) *AwsAmazonMqBrokerLogsDetails { + s.GeneralLogGroup = &v + return s +} + +// SetPending sets the Pending field's value. +func (s *AwsAmazonMqBrokerLogsDetails) SetPending(v *AwsAmazonMqBrokerLogsPendingDetails) *AwsAmazonMqBrokerLogsDetails { + s.Pending = v + return s +} + +// Provides information about logs to be activated for the specified broker. +type AwsAmazonMqBrokerLogsPendingDetails struct { + _ struct{} `type:"structure"` + + // Activates audit logging. Every user management action made using JMX or the + // ActiveMQ Web Console is logged. Doesn't apply to RabbitMQ brokers. + Audit *bool `type:"boolean"` + + // Activates general logging. + General *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerLogsPendingDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerLogsPendingDetails) GoString() string { + return s.String() +} + +// SetAudit sets the Audit field's value. +func (s *AwsAmazonMqBrokerLogsPendingDetails) SetAudit(v bool) *AwsAmazonMqBrokerLogsPendingDetails { + s.Audit = &v + return s +} + +// SetGeneral sets the General field's value. +func (s *AwsAmazonMqBrokerLogsPendingDetails) SetGeneral(v bool) *AwsAmazonMqBrokerLogsPendingDetails { + s.General = &v + return s +} + +// The scheduled time period (UTC) during which Amazon MQ begins to apply pending +// updates or patches to the broker. +type AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails struct { + _ struct{} `type:"structure"` + + // The day of the week on which the maintenance window falls. + DayOfWeek *string `type:"string"` + + // The time, in 24-hour format, on which the maintenance window falls. + TimeOfDay *string `type:"string"` + + // The time zone in either the Country/City format or the UTC offset format. + // UTC is the default format. + TimeZone *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails) GoString() string { + return s.String() +} + +// SetDayOfWeek sets the DayOfWeek field's value. +func (s *AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails) SetDayOfWeek(v string) *AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails { + s.DayOfWeek = &v + return s +} + +// SetTimeOfDay sets the TimeOfDay field's value. +func (s *AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails) SetTimeOfDay(v string) *AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails { + s.TimeOfDay = &v + return s +} + +// SetTimeZone sets the TimeZone field's value. +func (s *AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails) SetTimeZone(v string) *AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails { + s.TimeZone = &v + return s +} + +// Provides details about the broker usernames for the specified broker. Doesn't +// apply to RabbitMQ brokers. +type AwsAmazonMqBrokerUsersDetails struct { + _ struct{} `type:"structure"` + + // The type of change pending for the broker user. + PendingChange *string `type:"string"` + + // The username of the broker user. + Username *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerUsersDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAmazonMqBrokerUsersDetails) GoString() string { + return s.String() +} + +// SetPendingChange sets the PendingChange field's value. +func (s *AwsAmazonMqBrokerUsersDetails) SetPendingChange(v string) *AwsAmazonMqBrokerUsersDetails { + s.PendingChange = &v + return s +} + +// SetUsername sets the Username field's value. +func (s *AwsAmazonMqBrokerUsersDetails) SetUsername(v string) *AwsAmazonMqBrokerUsersDetails { + s.Username = &v + return s +} + +// Provided if ActionType is AWS_API_CALL. It provides details about the API +// call that was detected. +type AwsApiCallAction struct { + _ struct{} `type:"structure"` + + // Identifies the resources that were affected by the API call. + AffectedResources map[string]*string `type:"map"` + + // The name of the API method that was issued. + Api *string `type:"string"` + + // Indicates whether the API call originated from a remote IP address (remoteip) + // or from a DNS domain (domain). + CallerType *string `type:"string"` + + // Provided if CallerType is domain. Provides information about the DNS domain + // that the API call originated from. + DomainDetails *AwsApiCallActionDomainDetails `type:"structure"` + + // An ISO8601-formatted timestamp that indicates when the API call was first + // observed. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). + FirstSeen *string `type:"string"` + + // An ISO8601-formatted timestamp that indicates when the API call was most + // recently observed. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). + LastSeen *string `type:"string"` + + // Provided if CallerType is remoteIp. Provides information about the remote + // IP address that the API call originated from. + RemoteIpDetails *ActionRemoteIpDetails `type:"structure"` + + // The name of the Amazon Web Services service that the API method belongs to. + ServiceName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiCallAction) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiCallAction) GoString() string { + return s.String() +} + +// SetAffectedResources sets the AffectedResources field's value. +func (s *AwsApiCallAction) SetAffectedResources(v map[string]*string) *AwsApiCallAction { + s.AffectedResources = v + return s +} + +// SetApi sets the Api field's value. +func (s *AwsApiCallAction) SetApi(v string) *AwsApiCallAction { + s.Api = &v + return s +} + +// SetCallerType sets the CallerType field's value. +func (s *AwsApiCallAction) SetCallerType(v string) *AwsApiCallAction { + s.CallerType = &v + return s +} + +// SetDomainDetails sets the DomainDetails field's value. +func (s *AwsApiCallAction) SetDomainDetails(v *AwsApiCallActionDomainDetails) *AwsApiCallAction { + s.DomainDetails = v + return s +} + +// SetFirstSeen sets the FirstSeen field's value. +func (s *AwsApiCallAction) SetFirstSeen(v string) *AwsApiCallAction { + s.FirstSeen = &v + return s +} + +// SetLastSeen sets the LastSeen field's value. +func (s *AwsApiCallAction) SetLastSeen(v string) *AwsApiCallAction { + s.LastSeen = &v + return s +} + +// SetRemoteIpDetails sets the RemoteIpDetails field's value. +func (s *AwsApiCallAction) SetRemoteIpDetails(v *ActionRemoteIpDetails) *AwsApiCallAction { + s.RemoteIpDetails = v + return s +} + +// SetServiceName sets the ServiceName field's value. +func (s *AwsApiCallAction) SetServiceName(v string) *AwsApiCallAction { + s.ServiceName = &v + return s +} + +// Provided if CallerType is domain. It provides information about the DNS domain +// that issued the API call. +type AwsApiCallActionDomainDetails struct { + _ struct{} `type:"structure"` + + // The name of the DNS domain that issued the API call. + Domain *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiCallActionDomainDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiCallActionDomainDetails) GoString() string { + return s.String() +} + +// SetDomain sets the Domain field's value. +func (s *AwsApiCallActionDomainDetails) SetDomain(v string) *AwsApiCallActionDomainDetails { + s.Domain = &v + return s +} + +// Contains information about settings for logging access for the stage. +type AwsApiGatewayAccessLogSettings struct { + _ struct{} `type:"structure"` + + // The ARN of the CloudWatch Logs log group that receives the access logs. + DestinationArn *string `type:"string"` + + // A single-line format of the access logs of data, as specified by selected + // $context variables. The format must include at least $context.requestId. + Format *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiGatewayAccessLogSettings) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiGatewayAccessLogSettings) GoString() string { + return s.String() +} + +// SetDestinationArn sets the DestinationArn field's value. +func (s *AwsApiGatewayAccessLogSettings) SetDestinationArn(v string) *AwsApiGatewayAccessLogSettings { + s.DestinationArn = &v + return s +} + +// SetFormat sets the Format field's value. +func (s *AwsApiGatewayAccessLogSettings) SetFormat(v string) *AwsApiGatewayAccessLogSettings { + s.Format = &v + return s +} + +// Contains information about settings for canary deployment in the stage. +type AwsApiGatewayCanarySettings struct { + _ struct{} `type:"structure"` + + // The deployment identifier for the canary deployment. + DeploymentId *string `type:"string"` + + // The percentage of traffic that is diverted to a canary deployment. + PercentTraffic *float64 `type:"double"` + + // Stage variables that are overridden in the canary release deployment. The + // variables include new stage variables that are introduced in the canary. + // + // Each variable is represented as a string-to-string map between the stage + // variable name and the variable value. + StageVariableOverrides map[string]*string `type:"map"` + + // Indicates whether the canary deployment uses the stage cache. + UseStageCache *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiGatewayCanarySettings) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiGatewayCanarySettings) GoString() string { + return s.String() +} + +// SetDeploymentId sets the DeploymentId field's value. +func (s *AwsApiGatewayCanarySettings) SetDeploymentId(v string) *AwsApiGatewayCanarySettings { + s.DeploymentId = &v + return s +} + +// SetPercentTraffic sets the PercentTraffic field's value. +func (s *AwsApiGatewayCanarySettings) SetPercentTraffic(v float64) *AwsApiGatewayCanarySettings { + s.PercentTraffic = &v + return s +} + +// SetStageVariableOverrides sets the StageVariableOverrides field's value. +func (s *AwsApiGatewayCanarySettings) SetStageVariableOverrides(v map[string]*string) *AwsApiGatewayCanarySettings { + s.StageVariableOverrides = v + return s +} + +// SetUseStageCache sets the UseStageCache field's value. +func (s *AwsApiGatewayCanarySettings) SetUseStageCache(v bool) *AwsApiGatewayCanarySettings { + s.UseStageCache = &v + return s +} + +// Contains information about the endpoints for the API. +type AwsApiGatewayEndpointConfiguration struct { + _ struct{} `type:"structure"` + + // A list of endpoint types for the REST API. + // + // For an edge-optimized API, the endpoint type is EDGE. For a Regional API, + // the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE. + Types []*string `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiGatewayEndpointConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsApiGatewayEndpointConfiguration) GoString() string { + return s.String() +} + +// SetTypes sets the Types field's value. +func (s *AwsApiGatewayEndpointConfiguration) SetTypes(v []*string) *AwsApiGatewayEndpointConfiguration { + s.Types = v + return s +} + +// Defines settings for a method for the stage. +type AwsApiGatewayMethodSettings struct { _ struct{} `type:"structure"` // Indicates whether the cached responses are encrypted. @@ -7449,7 +10196,8 @@ type AwsApiGatewayRestApiDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedDate *string `type:"string"` // A description of the REST API. @@ -7573,7 +10321,8 @@ type AwsApiGatewayStageDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedDate *string `type:"string"` // The identifier of the deployment that the stage points to. @@ -7589,7 +10338,8 @@ type AwsApiGatewayStageDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastUpdatedDate *string `type:"string"` // Defines the method settings for the stage. @@ -7758,7 +10508,8 @@ type AwsApiGatewayV2ApiDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedDate *string `type:"string"` // A description of the API. @@ -7961,7 +10712,8 @@ type AwsApiGatewayV2StageDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedDate *string `type:"string"` // Default route settings for the stage. @@ -7981,7 +10733,8 @@ type AwsApiGatewayV2StageDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastUpdatedDate *string `type:"string"` // The route settings for the stage. @@ -8100,6 +10853,437 @@ func (s *AwsApiGatewayV2StageDetails) SetStageVariables(v map[string]*string) *A return s } +// A list of additional authentication providers for the GraphqlApi API. +type AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails struct { + _ struct{} `type:"structure"` + + // The type of security configuration for your GraphQL API: API key, Identity + // and Access Management (IAM), OpenID Connect (OIDC), Amazon Cognito user pools, + // or Lambda. + AuthenticationType *string `type:"string"` + + // The configuration for Lambda function authorization. + LambdaAuthorizerConfig *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails `type:"structure"` + + // The OpenID Connect configuration. + OpenIdConnectConfig *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails `type:"structure"` + + // The Amazon Cognito user pools configuration. + UserPoolConfig *AwsAppSyncGraphQlApiUserPoolConfigDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails) GoString() string { + return s.String() +} + +// SetAuthenticationType sets the AuthenticationType field's value. +func (s *AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails) SetAuthenticationType(v string) *AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails { + s.AuthenticationType = &v + return s +} + +// SetLambdaAuthorizerConfig sets the LambdaAuthorizerConfig field's value. +func (s *AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails) SetLambdaAuthorizerConfig(v *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails) *AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails { + s.LambdaAuthorizerConfig = v + return s +} + +// SetOpenIdConnectConfig sets the OpenIdConnectConfig field's value. +func (s *AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails) SetOpenIdConnectConfig(v *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails) *AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails { + s.OpenIdConnectConfig = v + return s +} + +// SetUserPoolConfig sets the UserPoolConfig field's value. +func (s *AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails) SetUserPoolConfig(v *AwsAppSyncGraphQlApiUserPoolConfigDetails) *AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails { + s.UserPoolConfig = v + return s +} + +// Provides details about an AppSync Graph QL API, which lets you query multiple +// databases, microservices, and APIs from a single GraphQL endpoint. +type AwsAppSyncGraphQlApiDetails struct { + _ struct{} `type:"structure"` + + // A list of additional authentication providers for the GraphQL API. + AdditionalAuthenticationProviders []*AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails `type:"list"` + + // The unique identifier for the API. + ApiId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the API. + Arn *string `type:"string"` + + // The type of security configuration for your GraphQL API: API key, Identity + // and Access Management (IAM), OpenID Connect (OIDC), Amazon Cognito user pools, + // or Lambda. + AuthenticationType *string `type:"string"` + + // The unique identifier for the API. + Id *string `type:"string"` + + // Specifies the configuration for Lambda function authorization. + LambdaAuthorizerConfig *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails `type:"structure"` + + // The Amazon CloudWatch Logs configuration. + LogConfig *AwsAppSyncGraphQlApiLogConfigDetails `type:"structure"` + + // The API name. + Name *string `type:"string"` + + // Specifies the authorization configuration for using an OpenID Connect compliant + // service with an AppSync GraphQL API endpoint. + OpenIdConnectConfig *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails `type:"structure"` + + // The Amazon Cognito user pools configuration. + UserPoolConfig *AwsAppSyncGraphQlApiUserPoolConfigDetails `type:"structure"` + + // The Amazon Resource Name (ARN) of the WAF web access control list (web ACL) + // associated with this GraphQL API, if one exists. + WafWebAclArn *string `type:"string"` + + // Indicates whether to use X-Ray tracing for the GraphQL API. + XrayEnabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiDetails) GoString() string { + return s.String() +} + +// SetAdditionalAuthenticationProviders sets the AdditionalAuthenticationProviders field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetAdditionalAuthenticationProviders(v []*AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails) *AwsAppSyncGraphQlApiDetails { + s.AdditionalAuthenticationProviders = v + return s +} + +// SetApiId sets the ApiId field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetApiId(v string) *AwsAppSyncGraphQlApiDetails { + s.ApiId = &v + return s +} + +// SetArn sets the Arn field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetArn(v string) *AwsAppSyncGraphQlApiDetails { + s.Arn = &v + return s +} + +// SetAuthenticationType sets the AuthenticationType field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetAuthenticationType(v string) *AwsAppSyncGraphQlApiDetails { + s.AuthenticationType = &v + return s +} + +// SetId sets the Id field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetId(v string) *AwsAppSyncGraphQlApiDetails { + s.Id = &v + return s +} + +// SetLambdaAuthorizerConfig sets the LambdaAuthorizerConfig field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetLambdaAuthorizerConfig(v *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails) *AwsAppSyncGraphQlApiDetails { + s.LambdaAuthorizerConfig = v + return s +} + +// SetLogConfig sets the LogConfig field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetLogConfig(v *AwsAppSyncGraphQlApiLogConfigDetails) *AwsAppSyncGraphQlApiDetails { + s.LogConfig = v + return s +} + +// SetName sets the Name field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetName(v string) *AwsAppSyncGraphQlApiDetails { + s.Name = &v + return s +} + +// SetOpenIdConnectConfig sets the OpenIdConnectConfig field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetOpenIdConnectConfig(v *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails) *AwsAppSyncGraphQlApiDetails { + s.OpenIdConnectConfig = v + return s +} + +// SetUserPoolConfig sets the UserPoolConfig field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetUserPoolConfig(v *AwsAppSyncGraphQlApiUserPoolConfigDetails) *AwsAppSyncGraphQlApiDetails { + s.UserPoolConfig = v + return s +} + +// SetWafWebAclArn sets the WafWebAclArn field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetWafWebAclArn(v string) *AwsAppSyncGraphQlApiDetails { + s.WafWebAclArn = &v + return s +} + +// SetXrayEnabled sets the XrayEnabled field's value. +func (s *AwsAppSyncGraphQlApiDetails) SetXrayEnabled(v bool) *AwsAppSyncGraphQlApiDetails { + s.XrayEnabled = &v + return s +} + +// Specifies the authorization configuration for using an Lambda function with +// your AppSync GraphQL API endpoint. +type AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails struct { + _ struct{} `type:"structure"` + + // The number of seconds a response should be cached for. The default is 5 minutes + // (300 seconds). + AuthorizerResultTtlInSeconds *int64 `type:"integer"` + + // The Amazon Resource Name (ARN) of the Lambda function to be called for authorization. + // This can be a standard Lambda ARN, a version ARN (.../v3), or an alias ARN. + AuthorizerUri *string `type:"string"` + + // A regular expression for validation of tokens before the Lambda function + // is called. + IdentityValidationExpression *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails) GoString() string { + return s.String() +} + +// SetAuthorizerResultTtlInSeconds sets the AuthorizerResultTtlInSeconds field's value. +func (s *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails) SetAuthorizerResultTtlInSeconds(v int64) *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails { + s.AuthorizerResultTtlInSeconds = &v + return s +} + +// SetAuthorizerUri sets the AuthorizerUri field's value. +func (s *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails) SetAuthorizerUri(v string) *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails { + s.AuthorizerUri = &v + return s +} + +// SetIdentityValidationExpression sets the IdentityValidationExpression field's value. +func (s *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails) SetIdentityValidationExpression(v string) *AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails { + s.IdentityValidationExpression = &v + return s +} + +// Specifies the logging configuration when writing GraphQL operations and tracing +// to Amazon CloudWatch for an AppSync GraphQL API. +type AwsAppSyncGraphQlApiLogConfigDetails struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the service role that AppSync assumes to + // publish to CloudWatch Logs in your account. + CloudWatchLogsRoleArn *string `type:"string"` + + // Set to TRUE to exclude sections that contain information such as headers, + // context, and evaluated mapping templates, regardless of logging level. + ExcludeVerboseContent *bool `type:"boolean"` + + // The field logging level. + FieldLogLevel *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiLogConfigDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiLogConfigDetails) GoString() string { + return s.String() +} + +// SetCloudWatchLogsRoleArn sets the CloudWatchLogsRoleArn field's value. +func (s *AwsAppSyncGraphQlApiLogConfigDetails) SetCloudWatchLogsRoleArn(v string) *AwsAppSyncGraphQlApiLogConfigDetails { + s.CloudWatchLogsRoleArn = &v + return s +} + +// SetExcludeVerboseContent sets the ExcludeVerboseContent field's value. +func (s *AwsAppSyncGraphQlApiLogConfigDetails) SetExcludeVerboseContent(v bool) *AwsAppSyncGraphQlApiLogConfigDetails { + s.ExcludeVerboseContent = &v + return s +} + +// SetFieldLogLevel sets the FieldLogLevel field's value. +func (s *AwsAppSyncGraphQlApiLogConfigDetails) SetFieldLogLevel(v string) *AwsAppSyncGraphQlApiLogConfigDetails { + s.FieldLogLevel = &v + return s +} + +// Specifies the authorization configuration for using an OpenID Connect compliant +// service with your AppSync GraphQL API endpoint. +type AwsAppSyncGraphQlApiOpenIdConnectConfigDetails struct { + _ struct{} `type:"structure"` + + // The number of milliseconds that a token is valid after being authenticated. + AuthTtL *int64 `type:"long"` + + // The client identifier of the relying party at the OpenID identity provider. + // This identifier is typically obtained when the relying party is registered + // with the OpenID identity provider. You can specify a regular expression so + // that AppSync can validate against multiple client identifiers at a time. + ClientId *string `type:"string"` + + // The number of milliseconds that a token is valid after it's issued to a user. + IatTtL *int64 `type:"long"` + + // The issuer for the OIDC configuration. The issuer returned by discovery must + // exactly match the value of iss in the ID token. + Issuer *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiOpenIdConnectConfigDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiOpenIdConnectConfigDetails) GoString() string { + return s.String() +} + +// SetAuthTtL sets the AuthTtL field's value. +func (s *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails) SetAuthTtL(v int64) *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails { + s.AuthTtL = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails) SetClientId(v string) *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails { + s.ClientId = &v + return s +} + +// SetIatTtL sets the IatTtL field's value. +func (s *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails) SetIatTtL(v int64) *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails { + s.IatTtL = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails) SetIssuer(v string) *AwsAppSyncGraphQlApiOpenIdConnectConfigDetails { + s.Issuer = &v + return s +} + +// Specifies the authorization configuration for using Amazon Cognito user pools +// with your AppSync GraphQL API endpoint. +type AwsAppSyncGraphQlApiUserPoolConfigDetails struct { + _ struct{} `type:"structure"` + + // A regular expression for validating the incoming Amazon Cognito user pools + // app client ID. If this value isn't set, no filtering is applied. + AppIdClientRegex *string `type:"string"` + + // The Amazon Web Services Region in which the user pool was created. + AwsRegion *string `type:"string"` + + // The action that you want your GraphQL API to take when a request that uses + // Amazon Cognito user pools authentication doesn't match the Amazon Cognito + // user pools configuration. + DefaultAction *string `type:"string"` + + // The user pool ID. + UserPoolId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiUserPoolConfigDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsAppSyncGraphQlApiUserPoolConfigDetails) GoString() string { + return s.String() +} + +// SetAppIdClientRegex sets the AppIdClientRegex field's value. +func (s *AwsAppSyncGraphQlApiUserPoolConfigDetails) SetAppIdClientRegex(v string) *AwsAppSyncGraphQlApiUserPoolConfigDetails { + s.AppIdClientRegex = &v + return s +} + +// SetAwsRegion sets the AwsRegion field's value. +func (s *AwsAppSyncGraphQlApiUserPoolConfigDetails) SetAwsRegion(v string) *AwsAppSyncGraphQlApiUserPoolConfigDetails { + s.AwsRegion = &v + return s +} + +// SetDefaultAction sets the DefaultAction field's value. +func (s *AwsAppSyncGraphQlApiUserPoolConfigDetails) SetDefaultAction(v string) *AwsAppSyncGraphQlApiUserPoolConfigDetails { + s.DefaultAction = &v + return s +} + +// SetUserPoolId sets the UserPoolId field's value. +func (s *AwsAppSyncGraphQlApiUserPoolConfigDetails) SetUserPoolId(v string) *AwsAppSyncGraphQlApiUserPoolConfigDetails { + s.UserPoolId = &v + return s +} + // An Availability Zone for the automatic scaling group. type AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails struct { _ struct{} `type:"structure"` @@ -8146,7 +11330,8 @@ type AwsAutoScalingAutoScalingGroupDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedTime *string `type:"string"` // The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before @@ -8761,7 +11946,8 @@ type AwsAutoScalingLaunchConfigurationDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedTime *string `type:"string"` // Whether the launch configuration is optimized for Amazon EBS I/O. @@ -9502,8 +12688,8 @@ type AwsBackupBackupVaultNotificationsDetails struct { // * S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED BackupVaultEvents []*string `type:"list"` - // An ARN that uniquely identifies the Amazon SNS topic for a backup vault’s - // events. + // The Amazon Resource Name (ARN) that uniquely identifies the Amazon SNS topic + // for a backup vault's events. SnsTopicArn *string `type:"string"` } @@ -9931,7 +13117,8 @@ type AwsCertificateManagerCertificateDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedAt *string `type:"string"` // The fully qualified domain name (FQDN), such as www.example.com, that is @@ -9963,7 +13150,8 @@ type AwsCertificateManagerCertificateDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. ImportedAt *string `type:"string"` // The list of ARNs for the Amazon Web Services resources that use the certificate. @@ -9974,7 +13162,8 @@ type AwsCertificateManagerCertificateDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. IssuedAt *string `type:"string"` // The name of the certificate authority that issued and signed the certificate. @@ -9993,14 +13182,16 @@ type AwsCertificateManagerCertificateDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. NotAfter *string `type:"string"` // The time before which the certificate is not valid. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. NotBefore *string `type:"string"` // Provides a value that specifies whether to add the certificate to a transparency @@ -10428,7 +13619,8 @@ type AwsCertificateManagerCertificateRenewalSummary struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. UpdatedAt *string `type:"string"` } @@ -10915,7 +14107,8 @@ type AwsCloudFrontDistributionDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastModifiedTime *string `type:"string"` // A complex type that controls whether access logs are written for the distribution. @@ -12885,7 +16078,8 @@ type AwsDynamoDbTableBillingModeSummary struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastUpdateToPayPerRequestDateTime *string `type:"string"` } @@ -12933,7 +16127,8 @@ type AwsDynamoDbTableDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreationDateTime *string `type:"string"` // List of global secondary indexes for the table. @@ -13406,14 +16601,16 @@ type AwsDynamoDbTableProvisionedThroughput struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastDecreaseDateTime *string `type:"string"` // Indicates when the provisioned throughput was last increased. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastIncreaseDateTime *string `type:"string"` // The number of times during the current UTC calendar day that the provisioned @@ -13646,7 +16843,8 @@ type AwsDynamoDbTableRestoreSummary struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. RestoreDateTime *string `type:"string"` // Whether a restore is currently in progress. @@ -13710,7 +16908,8 @@ type AwsDynamoDbTableSseDescription struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. InaccessibleEncryptionDateTime *string `type:"string"` // The ARN of the KMS key that is used for the KMS encryption. @@ -13948,12 +17147,16 @@ type AwsEc2InstanceDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LaunchedAt *string `type:"string"` // Details about the metadata options for the Amazon EC2 instance. MetadataOptions *AwsEc2InstanceMetadataOptions `type:"structure"` + // Describes the type of monitoring that’s turned on for an instance. + Monitoring *AwsEc2InstanceMonitoringDetails `type:"structure"` + // The identifiers of the network interfaces for the EC2 instance. The details // for each network interface are in a corresponding AwsEc2NetworkInterfacesDetails // object. @@ -14033,6 +17236,12 @@ func (s *AwsEc2InstanceDetails) SetMetadataOptions(v *AwsEc2InstanceMetadataOpti return s } +// SetMonitoring sets the Monitoring field's value. +func (s *AwsEc2InstanceDetails) SetMonitoring(v *AwsEc2InstanceMonitoringDetails) *AwsEc2InstanceDetails { + s.Monitoring = v + return s +} + // SetNetworkInterfaces sets the NetworkInterfaces field's value. func (s *AwsEc2InstanceDetails) SetNetworkInterfaces(v []*AwsEc2InstanceNetworkInterfacesDetails) *AwsEc2InstanceDetails { s.NetworkInterfaces = v @@ -14132,6 +17341,39 @@ func (s *AwsEc2InstanceMetadataOptions) SetInstanceMetadataTags(v string) *AwsEc return s } +// The type of monitoring that’s turned on for an Amazon EC2 instance. +type AwsEc2InstanceMonitoringDetails struct { + _ struct{} `type:"structure"` + + // Indicates whether detailed monitoring is turned on. Otherwise, basic monitoring + // is turned on. + State *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2InstanceMonitoringDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2InstanceMonitoringDetails) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *AwsEc2InstanceMonitoringDetails) SetState(v string) *AwsEc2InstanceMonitoringDetails { + s.State = &v + return s +} + // Identifies a network interface for the Amazon EC2 instance. type AwsEc2InstanceNetworkInterfacesDetails struct { _ struct{} `type:"structure"` @@ -15293,7 +18535,7 @@ type AwsEc2LaunchTemplateDataInstanceRequirementsDetails struct { NetworkInterfaceCount *AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails `type:"structure"` // The price protection threshold for On-Demand Instances. This is the maximum - // you’ll pay for an On-Demand Instance, expressed as a percentage above the + // you'll pay for an On-Demand Instance, expressed as a percentage above the // least expensive current generation M, C, or R instance type with your specified // attributes. When Amazon EC2 selects instance types with your attributes, // it excludes instance types priced above your threshold. @@ -15306,7 +18548,7 @@ type AwsEc2LaunchTemplateDataInstanceRequirementsDetails struct { // Indicates whether instance types must support hibernation for On-Demand Instances. RequireHibernateSupport *bool `type:"boolean"` - // The price protection threshold for Spot Instances. This is the maximum you’ll + // The price protection threshold for Spot Instances. This is the maximum you'll // pay for a Spot Instance, expressed as a percentage above the least expensive // current generation M, C, or R instance type with your specified attributes. // When Amazon EC2 selects instance types with your attributes, it excludes @@ -15746,8 +18988,8 @@ type AwsEc2LaunchTemplateDataMetadataOptionsDetails struct { _ struct{} `type:"structure"` // Enables or disables the HTTP metadata endpoint on your instances. If the - // parameter is not specified, the default state is enabled, and you won’t - // be able to access your instance metadata. + // parameter is not specified, the default state is enabled, and you won't be + // able to access your instance metadata. HttpEndpoint *string `type:"string"` // Enables or disables the IPv6 endpoint for the instance metadata service. @@ -16654,7 +19896,8 @@ type AwsEc2NetworkInterfaceAttachment struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. AttachTime *string `type:"string"` // The identifier of the network interface attachment @@ -16949,6 +20192,83 @@ func (s *AwsEc2NetworkInterfaceSecurityGroup) SetGroupName(v string) *AwsEc2Netw return s } +// Provides details about a route table for the specified VPC. +type AwsEc2RouteTableDetails struct { + _ struct{} `type:"structure"` + + // The associations between a route table and one or more subnets or a gateway. + AssociationSet []*AssociationSetDetails `type:"list"` + + // The ID of the Amazon Web Services account that owns the route table. + OwnerId *string `type:"string"` + + // Describes a virtual private gateway propagating route. + PropagatingVgwSet []*PropagatingVgwSetDetails `type:"list"` + + // The routes in the route table. + RouteSet []*RouteSetDetails `type:"list"` + + // The ID of the route table. + RouteTableId *string `type:"string"` + + // The ID of the virtual private cloud (VPC). + VpcId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2RouteTableDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2RouteTableDetails) GoString() string { + return s.String() +} + +// SetAssociationSet sets the AssociationSet field's value. +func (s *AwsEc2RouteTableDetails) SetAssociationSet(v []*AssociationSetDetails) *AwsEc2RouteTableDetails { + s.AssociationSet = v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *AwsEc2RouteTableDetails) SetOwnerId(v string) *AwsEc2RouteTableDetails { + s.OwnerId = &v + return s +} + +// SetPropagatingVgwSet sets the PropagatingVgwSet field's value. +func (s *AwsEc2RouteTableDetails) SetPropagatingVgwSet(v []*PropagatingVgwSetDetails) *AwsEc2RouteTableDetails { + s.PropagatingVgwSet = v + return s +} + +// SetRouteSet sets the RouteSet field's value. +func (s *AwsEc2RouteTableDetails) SetRouteSet(v []*RouteSetDetails) *AwsEc2RouteTableDetails { + s.RouteSet = v + return s +} + +// SetRouteTableId sets the RouteTableId field's value. +func (s *AwsEc2RouteTableDetails) SetRouteTableId(v string) *AwsEc2RouteTableDetails { + s.RouteTableId = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *AwsEc2RouteTableDetails) SetVpcId(v string) *AwsEc2RouteTableDetails { + s.VpcId = &v + return s +} + // Details about an Amazon EC2 security group. type AwsEc2SecurityGroupDetails struct { _ struct{} `type:"structure"` @@ -17673,7 +20993,8 @@ type AwsEc2VolumeDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreateTime *string `type:"string"` // The device name for the volume that is attached to the instance. @@ -18627,7 +21948,8 @@ type AwsEc2VpnConnectionVgwTelemetryDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastStatusChange *string `type:"string"` // The Internet-routable IP address of the virtual private gateway's outside @@ -18715,7 +22037,8 @@ type AwsEcrContainerImageDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. ImagePublishedAt *string `type:"string"` // The list of tags that are associated with the image. @@ -22901,6 +26224,12 @@ func (s *AwsEksClusterLoggingDetails) SetClusterLogging(v []*AwsEksClusterLoggin type AwsEksClusterResourcesVpcConfigDetails struct { _ struct{} `type:"structure"` + // Indicates whether the Amazon EKS public API server endpoint is turned on. + // If the Amazon EKS public API server endpoint is turned off, your cluster's + // Kubernetes API server can only receive requests that originate from within + // the cluster VPC. + EndpointPublicAccess *bool `type:"boolean"` + // The security groups that are associated with the cross-account elastic network // interfaces that are used to allow communication between your nodes and the // Amazon EKS control plane. @@ -22928,6 +26257,12 @@ func (s AwsEksClusterResourcesVpcConfigDetails) GoString() string { return s.String() } +// SetEndpointPublicAccess sets the EndpointPublicAccess field's value. +func (s *AwsEksClusterResourcesVpcConfigDetails) SetEndpointPublicAccess(v bool) *AwsEksClusterResourcesVpcConfigDetails { + s.EndpointPublicAccess = &v + return s +} + // SetSecurityGroupIds sets the SecurityGroupIds field's value. func (s *AwsEksClusterResourcesVpcConfigDetails) SetSecurityGroupIds(v []*string) *AwsEksClusterResourcesVpcConfigDetails { s.SecurityGroupIds = v @@ -23524,7 +26859,434 @@ type AwsElasticsearchDomainElasticsearchClusterConfigDetails struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainElasticsearchClusterConfigDetails) String() string { +func (s AwsElasticsearchDomainElasticsearchClusterConfigDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainElasticsearchClusterConfigDetails) GoString() string { + return s.String() +} + +// SetDedicatedMasterCount sets the DedicatedMasterCount field's value. +func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetDedicatedMasterCount(v int64) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { + s.DedicatedMasterCount = &v + return s +} + +// SetDedicatedMasterEnabled sets the DedicatedMasterEnabled field's value. +func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetDedicatedMasterEnabled(v bool) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { + s.DedicatedMasterEnabled = &v + return s +} + +// SetDedicatedMasterType sets the DedicatedMasterType field's value. +func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetDedicatedMasterType(v string) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { + s.DedicatedMasterType = &v + return s +} + +// SetInstanceCount sets the InstanceCount field's value. +func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetInstanceCount(v int64) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { + s.InstanceCount = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetInstanceType(v string) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { + s.InstanceType = &v + return s +} + +// SetZoneAwarenessConfig sets the ZoneAwarenessConfig field's value. +func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetZoneAwarenessConfig(v *AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { + s.ZoneAwarenessConfig = v + return s +} + +// SetZoneAwarenessEnabled sets the ZoneAwarenessEnabled field's value. +func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetZoneAwarenessEnabled(v bool) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { + s.ZoneAwarenessEnabled = &v + return s +} + +// Configuration options for zone awareness. +type AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails struct { + _ struct{} `type:"structure"` + + // he number of Availability Zones that the domain uses. Valid values are 2 + // and 3. The default is 2. + AvailabilityZoneCount *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails) GoString() string { + return s.String() +} + +// SetAvailabilityZoneCount sets the AvailabilityZoneCount field's value. +func (s *AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails) SetAvailabilityZoneCount(v int64) *AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails { + s.AvailabilityZoneCount = &v + return s +} + +// Details about the configuration for encryption at rest. +type AwsElasticsearchDomainEncryptionAtRestOptions struct { + _ struct{} `type:"structure"` + + // Whether encryption at rest is enabled. + Enabled *bool `type:"boolean"` + + // The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a. + KmsKeyId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainEncryptionAtRestOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainEncryptionAtRestOptions) GoString() string { + return s.String() +} + +// SetEnabled sets the Enabled field's value. +func (s *AwsElasticsearchDomainEncryptionAtRestOptions) SetEnabled(v bool) *AwsElasticsearchDomainEncryptionAtRestOptions { + s.Enabled = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *AwsElasticsearchDomainEncryptionAtRestOptions) SetKmsKeyId(v string) *AwsElasticsearchDomainEncryptionAtRestOptions { + s.KmsKeyId = &v + return s +} + +// configures the CloudWatch Logs to publish for the Elasticsearch domain. +type AwsElasticsearchDomainLogPublishingOptions struct { + _ struct{} `type:"structure"` + + // The log configuration. + AuditLogs *AwsElasticsearchDomainLogPublishingOptionsLogConfig `type:"structure"` + + // Configures the OpenSearch index logs publishing. + IndexSlowLogs *AwsElasticsearchDomainLogPublishingOptionsLogConfig `type:"structure"` + + // Configures the OpenSearch search slow log publishing. + SearchSlowLogs *AwsElasticsearchDomainLogPublishingOptionsLogConfig `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainLogPublishingOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainLogPublishingOptions) GoString() string { + return s.String() +} + +// SetAuditLogs sets the AuditLogs field's value. +func (s *AwsElasticsearchDomainLogPublishingOptions) SetAuditLogs(v *AwsElasticsearchDomainLogPublishingOptionsLogConfig) *AwsElasticsearchDomainLogPublishingOptions { + s.AuditLogs = v + return s +} + +// SetIndexSlowLogs sets the IndexSlowLogs field's value. +func (s *AwsElasticsearchDomainLogPublishingOptions) SetIndexSlowLogs(v *AwsElasticsearchDomainLogPublishingOptionsLogConfig) *AwsElasticsearchDomainLogPublishingOptions { + s.IndexSlowLogs = v + return s +} + +// SetSearchSlowLogs sets the SearchSlowLogs field's value. +func (s *AwsElasticsearchDomainLogPublishingOptions) SetSearchSlowLogs(v *AwsElasticsearchDomainLogPublishingOptionsLogConfig) *AwsElasticsearchDomainLogPublishingOptions { + s.SearchSlowLogs = v + return s +} + +// The log configuration. +type AwsElasticsearchDomainLogPublishingOptionsLogConfig struct { + _ struct{} `type:"structure"` + + // The ARN of the CloudWatch Logs group to publish the logs to. + CloudWatchLogsLogGroupArn *string `type:"string"` + + // Whether the log publishing is enabled. + Enabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainLogPublishingOptionsLogConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainLogPublishingOptionsLogConfig) GoString() string { + return s.String() +} + +// SetCloudWatchLogsLogGroupArn sets the CloudWatchLogsLogGroupArn field's value. +func (s *AwsElasticsearchDomainLogPublishingOptionsLogConfig) SetCloudWatchLogsLogGroupArn(v string) *AwsElasticsearchDomainLogPublishingOptionsLogConfig { + s.CloudWatchLogsLogGroupArn = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *AwsElasticsearchDomainLogPublishingOptionsLogConfig) SetEnabled(v bool) *AwsElasticsearchDomainLogPublishingOptionsLogConfig { + s.Enabled = &v + return s +} + +// Details about the configuration for node-to-node encryption. +type AwsElasticsearchDomainNodeToNodeEncryptionOptions struct { + _ struct{} `type:"structure"` + + // Whether node-to-node encryption is enabled. + Enabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainNodeToNodeEncryptionOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainNodeToNodeEncryptionOptions) GoString() string { + return s.String() +} + +// SetEnabled sets the Enabled field's value. +func (s *AwsElasticsearchDomainNodeToNodeEncryptionOptions) SetEnabled(v bool) *AwsElasticsearchDomainNodeToNodeEncryptionOptions { + s.Enabled = &v + return s +} + +// Information about the state of the domain relative to the latest service +// software. +type AwsElasticsearchDomainServiceSoftwareOptions struct { + _ struct{} `type:"structure"` + + // The epoch time when the deployment window closes for required updates. After + // this time, Amazon OpenSearch Service schedules the software upgrade automatically. + AutomatedUpdateDate *string `type:"string"` + + // Whether a request to update the domain can be canceled. + Cancellable *bool `type:"boolean"` + + // The version of the service software that is currently installed on the domain. + CurrentVersion *string `type:"string"` + + // A more detailed description of the service software status. + Description *string `type:"string"` + + // The most recent version of the service software. + NewVersion *string `type:"string"` + + // Whether a service software update is available for the domain. + UpdateAvailable *bool `type:"boolean"` + + // The status of the service software update. Valid values are as follows: + // + // * COMPLETED + // + // * ELIGIBLE + // + // * IN_PROGRESS + // + // * NOT_ELIGIBLE + // + // * PENDING_UPDATE + UpdateStatus *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainServiceSoftwareOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainServiceSoftwareOptions) GoString() string { + return s.String() +} + +// SetAutomatedUpdateDate sets the AutomatedUpdateDate field's value. +func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetAutomatedUpdateDate(v string) *AwsElasticsearchDomainServiceSoftwareOptions { + s.AutomatedUpdateDate = &v + return s +} + +// SetCancellable sets the Cancellable field's value. +func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetCancellable(v bool) *AwsElasticsearchDomainServiceSoftwareOptions { + s.Cancellable = &v + return s +} + +// SetCurrentVersion sets the CurrentVersion field's value. +func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetCurrentVersion(v string) *AwsElasticsearchDomainServiceSoftwareOptions { + s.CurrentVersion = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetDescription(v string) *AwsElasticsearchDomainServiceSoftwareOptions { + s.Description = &v + return s +} + +// SetNewVersion sets the NewVersion field's value. +func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetNewVersion(v string) *AwsElasticsearchDomainServiceSoftwareOptions { + s.NewVersion = &v + return s +} + +// SetUpdateAvailable sets the UpdateAvailable field's value. +func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetUpdateAvailable(v bool) *AwsElasticsearchDomainServiceSoftwareOptions { + s.UpdateAvailable = &v + return s +} + +// SetUpdateStatus sets the UpdateStatus field's value. +func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetUpdateStatus(v string) *AwsElasticsearchDomainServiceSoftwareOptions { + s.UpdateStatus = &v + return s +} + +// Information that OpenSearch derives based on VPCOptions for the domain. +type AwsElasticsearchDomainVPCOptions struct { + _ struct{} `type:"structure"` + + // The list of Availability Zones associated with the VPC subnets. + AvailabilityZones []*string `type:"list"` + + // The list of security group IDs associated with the VPC endpoints for the + // domain. + SecurityGroupIds []*string `type:"list"` + + // A list of subnet IDs associated with the VPC endpoints for the domain. + SubnetIds []*string `type:"list"` + + // ID for the VPC. + VPCId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainVPCOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElasticsearchDomainVPCOptions) GoString() string { + return s.String() +} + +// SetAvailabilityZones sets the AvailabilityZones field's value. +func (s *AwsElasticsearchDomainVPCOptions) SetAvailabilityZones(v []*string) *AwsElasticsearchDomainVPCOptions { + s.AvailabilityZones = v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *AwsElasticsearchDomainVPCOptions) SetSecurityGroupIds(v []*string) *AwsElasticsearchDomainVPCOptions { + s.SecurityGroupIds = v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *AwsElasticsearchDomainVPCOptions) SetSubnetIds(v []*string) *AwsElasticsearchDomainVPCOptions { + s.SubnetIds = v + return s +} + +// SetVPCId sets the VPCId field's value. +func (s *AwsElasticsearchDomainVPCOptions) SetVPCId(v string) *AwsElasticsearchDomainVPCOptions { + s.VPCId = &v + return s +} + +// Contains information about a stickiness policy that was created using CreateAppCookieStickinessPolicy. +type AwsElbAppCookieStickinessPolicy struct { + _ struct{} `type:"structure"` + + // The name of the application cookie used for stickiness. + CookieName *string `type:"string"` + + // The mnemonic name for the policy being created. The name must be unique within + // the set of policies for the load balancer. + PolicyName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElbAppCookieStickinessPolicy) String() string { return awsutil.Prettify(s) } @@ -23533,59 +27295,85 @@ func (s AwsElasticsearchDomainElasticsearchClusterConfigDetails) String() string // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainElasticsearchClusterConfigDetails) GoString() string { +func (s AwsElbAppCookieStickinessPolicy) GoString() string { return s.String() } -// SetDedicatedMasterCount sets the DedicatedMasterCount field's value. -func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetDedicatedMasterCount(v int64) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { - s.DedicatedMasterCount = &v +// SetCookieName sets the CookieName field's value. +func (s *AwsElbAppCookieStickinessPolicy) SetCookieName(v string) *AwsElbAppCookieStickinessPolicy { + s.CookieName = &v return s } -// SetDedicatedMasterEnabled sets the DedicatedMasterEnabled field's value. -func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetDedicatedMasterEnabled(v bool) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { - s.DedicatedMasterEnabled = &v +// SetPolicyName sets the PolicyName field's value. +func (s *AwsElbAppCookieStickinessPolicy) SetPolicyName(v string) *AwsElbAppCookieStickinessPolicy { + s.PolicyName = &v return s } -// SetDedicatedMasterType sets the DedicatedMasterType field's value. -func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetDedicatedMasterType(v string) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { - s.DedicatedMasterType = &v - return s +// Contains information about a stickiness policy that was created using CreateLBCookieStickinessPolicy. +type AwsElbLbCookieStickinessPolicy struct { + _ struct{} `type:"structure"` + + // The amount of time, in seconds, after which the cookie is considered stale. + // If an expiration period is not specified, the stickiness session lasts for + // the duration of the browser session. + CookieExpirationPeriod *int64 `type:"long"` + + // The name of the policy. The name must be unique within the set of policies + // for the load balancer. + PolicyName *string `type:"string"` } -// SetInstanceCount sets the InstanceCount field's value. -func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetInstanceCount(v int64) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { - s.InstanceCount = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElbLbCookieStickinessPolicy) String() string { + return awsutil.Prettify(s) } -// SetInstanceType sets the InstanceType field's value. -func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetInstanceType(v string) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { - s.InstanceType = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElbLbCookieStickinessPolicy) GoString() string { + return s.String() } -// SetZoneAwarenessConfig sets the ZoneAwarenessConfig field's value. -func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetZoneAwarenessConfig(v *AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { - s.ZoneAwarenessConfig = v +// SetCookieExpirationPeriod sets the CookieExpirationPeriod field's value. +func (s *AwsElbLbCookieStickinessPolicy) SetCookieExpirationPeriod(v int64) *AwsElbLbCookieStickinessPolicy { + s.CookieExpirationPeriod = &v return s } -// SetZoneAwarenessEnabled sets the ZoneAwarenessEnabled field's value. -func (s *AwsElasticsearchDomainElasticsearchClusterConfigDetails) SetZoneAwarenessEnabled(v bool) *AwsElasticsearchDomainElasticsearchClusterConfigDetails { - s.ZoneAwarenessEnabled = &v +// SetPolicyName sets the PolicyName field's value. +func (s *AwsElbLbCookieStickinessPolicy) SetPolicyName(v string) *AwsElbLbCookieStickinessPolicy { + s.PolicyName = &v return s } -// Configuration options for zone awareness. -type AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails struct { +// Contains information about the access log configuration for the load balancer. +type AwsElbLoadBalancerAccessLog struct { _ struct{} `type:"structure"` - // he number of Availability Zones that the domain uses. Valid values are 2 - // and 3. The default is 2. - AvailabilityZoneCount *int64 `type:"integer"` + // The interval in minutes for publishing the access logs. + // + // You can publish access logs either every 5 minutes or every 60 minutes. + EmitInterval *int64 `type:"integer"` + + // Indicates whether access logs are enabled for the load balancer. + Enabled *bool `type:"boolean"` + + // The name of the S3 bucket where the access logs are stored. + S3BucketName *string `type:"string"` + + // The logical hierarchy that was created for the S3 bucket. + // + // If a prefix is not provided, the log is placed at the root level of the bucket. + S3BucketPrefix *string `type:"string"` } // String returns the string representation. @@ -23593,7 +27381,7 @@ type AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails) String() string { +func (s AwsElbLoadBalancerAccessLog) String() string { return awsutil.Prettify(s) } @@ -23602,25 +27390,43 @@ func (s AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetai // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails) GoString() string { +func (s AwsElbLoadBalancerAccessLog) GoString() string { return s.String() } -// SetAvailabilityZoneCount sets the AvailabilityZoneCount field's value. -func (s *AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails) SetAvailabilityZoneCount(v int64) *AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails { - s.AvailabilityZoneCount = &v +// SetEmitInterval sets the EmitInterval field's value. +func (s *AwsElbLoadBalancerAccessLog) SetEmitInterval(v int64) *AwsElbLoadBalancerAccessLog { + s.EmitInterval = &v return s } -// Details about the configuration for encryption at rest. -type AwsElasticsearchDomainEncryptionAtRestOptions struct { +// SetEnabled sets the Enabled field's value. +func (s *AwsElbLoadBalancerAccessLog) SetEnabled(v bool) *AwsElbLoadBalancerAccessLog { + s.Enabled = &v + return s +} + +// SetS3BucketName sets the S3BucketName field's value. +func (s *AwsElbLoadBalancerAccessLog) SetS3BucketName(v string) *AwsElbLoadBalancerAccessLog { + s.S3BucketName = &v + return s +} + +// SetS3BucketPrefix sets the S3BucketPrefix field's value. +func (s *AwsElbLoadBalancerAccessLog) SetS3BucketPrefix(v string) *AwsElbLoadBalancerAccessLog { + s.S3BucketPrefix = &v + return s +} + +// Provides information about additional attributes for the load balancer. +type AwsElbLoadBalancerAdditionalAttribute struct { _ struct{} `type:"structure"` - // Whether encryption at rest is enabled. - Enabled *bool `type:"boolean"` + // The name of the attribute. + Key *string `type:"string"` - // The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a. - KmsKeyId *string `type:"string"` + // The value of the attribute. + Value *string `type:"string"` } // String returns the string representation. @@ -23628,7 +27434,7 @@ type AwsElasticsearchDomainEncryptionAtRestOptions struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainEncryptionAtRestOptions) String() string { +func (s AwsElbLoadBalancerAdditionalAttribute) String() string { return awsutil.Prettify(s) } @@ -23637,34 +27443,54 @@ func (s AwsElasticsearchDomainEncryptionAtRestOptions) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainEncryptionAtRestOptions) GoString() string { +func (s AwsElbLoadBalancerAdditionalAttribute) GoString() string { return s.String() } -// SetEnabled sets the Enabled field's value. -func (s *AwsElasticsearchDomainEncryptionAtRestOptions) SetEnabled(v bool) *AwsElasticsearchDomainEncryptionAtRestOptions { - s.Enabled = &v +// SetKey sets the Key field's value. +func (s *AwsElbLoadBalancerAdditionalAttribute) SetKey(v string) *AwsElbLoadBalancerAdditionalAttribute { + s.Key = &v return s } -// SetKmsKeyId sets the KmsKeyId field's value. -func (s *AwsElasticsearchDomainEncryptionAtRestOptions) SetKmsKeyId(v string) *AwsElasticsearchDomainEncryptionAtRestOptions { - s.KmsKeyId = &v +// SetValue sets the Value field's value. +func (s *AwsElbLoadBalancerAdditionalAttribute) SetValue(v string) *AwsElbLoadBalancerAdditionalAttribute { + s.Value = &v return s } -// configures the CloudWatch Logs to publish for the Elasticsearch domain. -type AwsElasticsearchDomainLogPublishingOptions struct { +// Contains attributes for the load balancer. +type AwsElbLoadBalancerAttributes struct { _ struct{} `type:"structure"` - // The log configuration. - AuditLogs *AwsElasticsearchDomainLogPublishingOptionsLogConfig `type:"structure"` + // Information about the access log configuration for the load balancer. + // + // If the access log is enabled, the load balancer captures detailed information + // about all requests. It delivers the information to a specified S3 bucket. + AccessLog *AwsElbLoadBalancerAccessLog `type:"structure"` - // Configures the OpenSearch index logs publishing. - IndexSlowLogs *AwsElasticsearchDomainLogPublishingOptionsLogConfig `type:"structure"` + // Any additional attributes for a load balancer. + AdditionalAttributes []*AwsElbLoadBalancerAdditionalAttribute `type:"list"` - // Configures the OpenSearch search slow log publishing. - SearchSlowLogs *AwsElasticsearchDomainLogPublishingOptionsLogConfig `type:"structure"` + // Information about the connection draining configuration for the load balancer. + // + // If connection draining is enabled, the load balancer allows existing requests + // to complete before it shifts traffic away from a deregistered or unhealthy + // instance. + ConnectionDraining *AwsElbLoadBalancerConnectionDraining `type:"structure"` + + // Connection settings for the load balancer. + // + // If an idle timeout is configured, the load balancer allows connections to + // remain idle for the specified duration. When a connection is idle, no data + // is sent over the connection. + ConnectionSettings *AwsElbLoadBalancerConnectionSettings `type:"structure"` + + // Cross-zone load balancing settings for the load balancer. + // + // If cross-zone load balancing is enabled, the load balancer routes the request + // traffic evenly across all instances regardless of the Availability Zones. + CrossZoneLoadBalancing *AwsElbLoadBalancerCrossZoneLoadBalancing `type:"structure"` } // String returns the string representation. @@ -23672,7 +27498,7 @@ type AwsElasticsearchDomainLogPublishingOptions struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainLogPublishingOptions) String() string { +func (s AwsElbLoadBalancerAttributes) String() string { return awsutil.Prettify(s) } @@ -23681,37 +27507,50 @@ func (s AwsElasticsearchDomainLogPublishingOptions) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainLogPublishingOptions) GoString() string { +func (s AwsElbLoadBalancerAttributes) GoString() string { return s.String() } -// SetAuditLogs sets the AuditLogs field's value. -func (s *AwsElasticsearchDomainLogPublishingOptions) SetAuditLogs(v *AwsElasticsearchDomainLogPublishingOptionsLogConfig) *AwsElasticsearchDomainLogPublishingOptions { - s.AuditLogs = v +// SetAccessLog sets the AccessLog field's value. +func (s *AwsElbLoadBalancerAttributes) SetAccessLog(v *AwsElbLoadBalancerAccessLog) *AwsElbLoadBalancerAttributes { + s.AccessLog = v return s } -// SetIndexSlowLogs sets the IndexSlowLogs field's value. -func (s *AwsElasticsearchDomainLogPublishingOptions) SetIndexSlowLogs(v *AwsElasticsearchDomainLogPublishingOptionsLogConfig) *AwsElasticsearchDomainLogPublishingOptions { - s.IndexSlowLogs = v +// SetAdditionalAttributes sets the AdditionalAttributes field's value. +func (s *AwsElbLoadBalancerAttributes) SetAdditionalAttributes(v []*AwsElbLoadBalancerAdditionalAttribute) *AwsElbLoadBalancerAttributes { + s.AdditionalAttributes = v return s } -// SetSearchSlowLogs sets the SearchSlowLogs field's value. -func (s *AwsElasticsearchDomainLogPublishingOptions) SetSearchSlowLogs(v *AwsElasticsearchDomainLogPublishingOptionsLogConfig) *AwsElasticsearchDomainLogPublishingOptions { - s.SearchSlowLogs = v +// SetConnectionDraining sets the ConnectionDraining field's value. +func (s *AwsElbLoadBalancerAttributes) SetConnectionDraining(v *AwsElbLoadBalancerConnectionDraining) *AwsElbLoadBalancerAttributes { + s.ConnectionDraining = v return s } -// The log configuration. -type AwsElasticsearchDomainLogPublishingOptionsLogConfig struct { +// SetConnectionSettings sets the ConnectionSettings field's value. +func (s *AwsElbLoadBalancerAttributes) SetConnectionSettings(v *AwsElbLoadBalancerConnectionSettings) *AwsElbLoadBalancerAttributes { + s.ConnectionSettings = v + return s +} + +// SetCrossZoneLoadBalancing sets the CrossZoneLoadBalancing field's value. +func (s *AwsElbLoadBalancerAttributes) SetCrossZoneLoadBalancing(v *AwsElbLoadBalancerCrossZoneLoadBalancing) *AwsElbLoadBalancerAttributes { + s.CrossZoneLoadBalancing = v + return s +} + +// Provides information about the configuration of an EC2 instance for the load +// balancer. +type AwsElbLoadBalancerBackendServerDescription struct { _ struct{} `type:"structure"` - // The ARN of the CloudWatch Logs group to publish the logs to. - CloudWatchLogsLogGroupArn *string `type:"string"` + // The port on which the EC2 instance is listening. + InstancePort *int64 `type:"integer"` - // Whether the log publishing is enabled. - Enabled *bool `type:"boolean"` + // The names of the policies that are enabled for the EC2 instance. + PolicyNames []*string `type:"list"` } // String returns the string representation. @@ -23719,7 +27558,7 @@ type AwsElasticsearchDomainLogPublishingOptionsLogConfig struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainLogPublishingOptionsLogConfig) String() string { +func (s AwsElbLoadBalancerBackendServerDescription) String() string { return awsutil.Prettify(s) } @@ -23728,28 +27567,33 @@ func (s AwsElasticsearchDomainLogPublishingOptionsLogConfig) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainLogPublishingOptionsLogConfig) GoString() string { +func (s AwsElbLoadBalancerBackendServerDescription) GoString() string { return s.String() } -// SetCloudWatchLogsLogGroupArn sets the CloudWatchLogsLogGroupArn field's value. -func (s *AwsElasticsearchDomainLogPublishingOptionsLogConfig) SetCloudWatchLogsLogGroupArn(v string) *AwsElasticsearchDomainLogPublishingOptionsLogConfig { - s.CloudWatchLogsLogGroupArn = &v +// SetInstancePort sets the InstancePort field's value. +func (s *AwsElbLoadBalancerBackendServerDescription) SetInstancePort(v int64) *AwsElbLoadBalancerBackendServerDescription { + s.InstancePort = &v return s } -// SetEnabled sets the Enabled field's value. -func (s *AwsElasticsearchDomainLogPublishingOptionsLogConfig) SetEnabled(v bool) *AwsElasticsearchDomainLogPublishingOptionsLogConfig { - s.Enabled = &v +// SetPolicyNames sets the PolicyNames field's value. +func (s *AwsElbLoadBalancerBackendServerDescription) SetPolicyNames(v []*string) *AwsElbLoadBalancerBackendServerDescription { + s.PolicyNames = v return s } -// Details about the configuration for node-to-node encryption. -type AwsElasticsearchDomainNodeToNodeEncryptionOptions struct { +// Contains information about the connection draining configuration for the +// load balancer. +type AwsElbLoadBalancerConnectionDraining struct { _ struct{} `type:"structure"` - // Whether node-to-node encryption is enabled. + // Indicates whether connection draining is enabled for the load balancer. Enabled *bool `type:"boolean"` + + // The maximum time, in seconds, to keep the existing connections open before + // deregistering the instances. + Timeout *int64 `type:"integer"` } // String returns the string representation. @@ -23757,7 +27601,7 @@ type AwsElasticsearchDomainNodeToNodeEncryptionOptions struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainNodeToNodeEncryptionOptions) String() string { +func (s AwsElbLoadBalancerConnectionDraining) String() string { return awsutil.Prettify(s) } @@ -23766,52 +27610,29 @@ func (s AwsElasticsearchDomainNodeToNodeEncryptionOptions) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainNodeToNodeEncryptionOptions) GoString() string { +func (s AwsElbLoadBalancerConnectionDraining) GoString() string { return s.String() } // SetEnabled sets the Enabled field's value. -func (s *AwsElasticsearchDomainNodeToNodeEncryptionOptions) SetEnabled(v bool) *AwsElasticsearchDomainNodeToNodeEncryptionOptions { +func (s *AwsElbLoadBalancerConnectionDraining) SetEnabled(v bool) *AwsElbLoadBalancerConnectionDraining { s.Enabled = &v return s } -// Information about the state of the domain relative to the latest service -// software. -type AwsElasticsearchDomainServiceSoftwareOptions struct { - _ struct{} `type:"structure"` - - // The epoch time when the deployment window closes for required updates. After - // this time, Amazon OpenSearch Service schedules the software upgrade automatically. - AutomatedUpdateDate *string `type:"string"` - - // Whether a request to update the domain can be canceled. - Cancellable *bool `type:"boolean"` - - // The version of the service software that is currently installed on the domain. - CurrentVersion *string `type:"string"` - - // A more detailed description of the service software status. - Description *string `type:"string"` - - // The most recent version of the service software. - NewVersion *string `type:"string"` +// SetTimeout sets the Timeout field's value. +func (s *AwsElbLoadBalancerConnectionDraining) SetTimeout(v int64) *AwsElbLoadBalancerConnectionDraining { + s.Timeout = &v + return s +} - // Whether a service software update is available for the domain. - UpdateAvailable *bool `type:"boolean"` +// Contains connection settings for the load balancer. +type AwsElbLoadBalancerConnectionSettings struct { + _ struct{} `type:"structure"` - // The status of the service software update. Valid values are as follows: - // - // * COMPLETED - // - // * ELIGIBLE - // - // * IN_PROGRESS - // - // * NOT_ELIGIBLE - // - // * PENDING_UPDATE - UpdateStatus *string `type:"string"` + // The time, in seconds, that the connection can be idle (no data is sent over + // the connection) before it is closed by the load balancer. + IdleTimeout *int64 `type:"integer"` } // String returns the string representation. @@ -23819,7 +27640,7 @@ type AwsElasticsearchDomainServiceSoftwareOptions struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainServiceSoftwareOptions) String() string { +func (s AwsElbLoadBalancerConnectionSettings) String() string { return awsutil.Prettify(s) } @@ -23828,68 +27649,115 @@ func (s AwsElasticsearchDomainServiceSoftwareOptions) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainServiceSoftwareOptions) GoString() string { +func (s AwsElbLoadBalancerConnectionSettings) GoString() string { return s.String() } -// SetAutomatedUpdateDate sets the AutomatedUpdateDate field's value. -func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetAutomatedUpdateDate(v string) *AwsElasticsearchDomainServiceSoftwareOptions { - s.AutomatedUpdateDate = &v - return s -} - -// SetCancellable sets the Cancellable field's value. -func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetCancellable(v bool) *AwsElasticsearchDomainServiceSoftwareOptions { - s.Cancellable = &v +// SetIdleTimeout sets the IdleTimeout field's value. +func (s *AwsElbLoadBalancerConnectionSettings) SetIdleTimeout(v int64) *AwsElbLoadBalancerConnectionSettings { + s.IdleTimeout = &v return s } -// SetCurrentVersion sets the CurrentVersion field's value. -func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetCurrentVersion(v string) *AwsElasticsearchDomainServiceSoftwareOptions { - s.CurrentVersion = &v - return s -} +// Contains cross-zone load balancing settings for the load balancer. +type AwsElbLoadBalancerCrossZoneLoadBalancing struct { + _ struct{} `type:"structure"` -// SetDescription sets the Description field's value. -func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetDescription(v string) *AwsElasticsearchDomainServiceSoftwareOptions { - s.Description = &v - return s + // Indicates whether cross-zone load balancing is enabled for the load balancer. + Enabled *bool `type:"boolean"` } -// SetNewVersion sets the NewVersion field's value. -func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetNewVersion(v string) *AwsElasticsearchDomainServiceSoftwareOptions { - s.NewVersion = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElbLoadBalancerCrossZoneLoadBalancing) String() string { + return awsutil.Prettify(s) } -// SetUpdateAvailable sets the UpdateAvailable field's value. -func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetUpdateAvailable(v bool) *AwsElasticsearchDomainServiceSoftwareOptions { - s.UpdateAvailable = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsElbLoadBalancerCrossZoneLoadBalancing) GoString() string { + return s.String() } -// SetUpdateStatus sets the UpdateStatus field's value. -func (s *AwsElasticsearchDomainServiceSoftwareOptions) SetUpdateStatus(v string) *AwsElasticsearchDomainServiceSoftwareOptions { - s.UpdateStatus = &v +// SetEnabled sets the Enabled field's value. +func (s *AwsElbLoadBalancerCrossZoneLoadBalancing) SetEnabled(v bool) *AwsElbLoadBalancerCrossZoneLoadBalancing { + s.Enabled = &v return s } -// Information that OpenSearch derives based on VPCOptions for the domain. -type AwsElasticsearchDomainVPCOptions struct { +// Contains details about a Classic Load Balancer. +type AwsElbLoadBalancerDetails struct { _ struct{} `type:"structure"` - // The list of Availability Zones associated with the VPC subnets. + // The list of Availability Zones for the load balancer. AvailabilityZones []*string `type:"list"` - // The list of security group IDs associated with the VPC endpoints for the - // domain. - SecurityGroupIds []*string `type:"list"` + // Information about the configuration of the EC2 instances. + BackendServerDescriptions []*AwsElbLoadBalancerBackendServerDescription `type:"list"` - // A list of subnet IDs associated with the VPC endpoints for the domain. - SubnetIds []*string `type:"list"` + // The name of the Amazon Route 53 hosted zone for the load balancer. + CanonicalHostedZoneName *string `type:"string"` - // ID for the VPC. - VPCId *string `type:"string"` + // The ID of the Amazon Route 53 hosted zone for the load balancer. + CanonicalHostedZoneNameID *string `type:"string"` + + // Indicates when the load balancer was created. + // + // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time + // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. + CreatedTime *string `type:"string"` + + // The DNS name of the load balancer. + DnsName *string `type:"string"` + + // Information about the health checks that are conducted on the load balancer. + HealthCheck *AwsElbLoadBalancerHealthCheck `type:"structure"` + + // List of EC2 instances for the load balancer. + Instances []*AwsElbLoadBalancerInstance `type:"list"` + + // The policies that are enabled for the load balancer listeners. + ListenerDescriptions []*AwsElbLoadBalancerListenerDescription `type:"list"` + + // The attributes for a load balancer. + LoadBalancerAttributes *AwsElbLoadBalancerAttributes `type:"structure"` + + // The name of the load balancer. + LoadBalancerName *string `type:"string"` + + // The policies for a load balancer. + Policies *AwsElbLoadBalancerPolicies `type:"structure"` + + // The type of load balancer. Only provided if the load balancer is in a VPC. + // + // If Scheme is internet-facing, the load balancer has a public DNS name that + // resolves to a public IP address. + // + // If Scheme is internal, the load balancer has a public DNS name that resolves + // to a private IP address. + Scheme *string `type:"string"` + + // The security groups for the load balancer. Only provided if the load balancer + // is in a VPC. + SecurityGroups []*string `type:"list"` + + // Information about the security group for the load balancer. This is the security + // group that is used for inbound rules. + SourceSecurityGroup *AwsElbLoadBalancerSourceSecurityGroup `type:"structure"` + + // The list of subnet identifiers for the load balancer. + Subnets []*string `type:"list"` + + // The identifier of the VPC for the load balancer. + VpcId *string `type:"string"` } // String returns the string representation. @@ -23897,7 +27765,7 @@ type AwsElasticsearchDomainVPCOptions struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainVPCOptions) String() string { +func (s AwsElbLoadBalancerDetails) String() string { return awsutil.Prettify(s) } @@ -23906,139 +27774,146 @@ func (s AwsElasticsearchDomainVPCOptions) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElasticsearchDomainVPCOptions) GoString() string { +func (s AwsElbLoadBalancerDetails) GoString() string { return s.String() } // SetAvailabilityZones sets the AvailabilityZones field's value. -func (s *AwsElasticsearchDomainVPCOptions) SetAvailabilityZones(v []*string) *AwsElasticsearchDomainVPCOptions { +func (s *AwsElbLoadBalancerDetails) SetAvailabilityZones(v []*string) *AwsElbLoadBalancerDetails { s.AvailabilityZones = v return s } -// SetSecurityGroupIds sets the SecurityGroupIds field's value. -func (s *AwsElasticsearchDomainVPCOptions) SetSecurityGroupIds(v []*string) *AwsElasticsearchDomainVPCOptions { - s.SecurityGroupIds = v +// SetBackendServerDescriptions sets the BackendServerDescriptions field's value. +func (s *AwsElbLoadBalancerDetails) SetBackendServerDescriptions(v []*AwsElbLoadBalancerBackendServerDescription) *AwsElbLoadBalancerDetails { + s.BackendServerDescriptions = v return s } -// SetSubnetIds sets the SubnetIds field's value. -func (s *AwsElasticsearchDomainVPCOptions) SetSubnetIds(v []*string) *AwsElasticsearchDomainVPCOptions { - s.SubnetIds = v +// SetCanonicalHostedZoneName sets the CanonicalHostedZoneName field's value. +func (s *AwsElbLoadBalancerDetails) SetCanonicalHostedZoneName(v string) *AwsElbLoadBalancerDetails { + s.CanonicalHostedZoneName = &v return s } -// SetVPCId sets the VPCId field's value. -func (s *AwsElasticsearchDomainVPCOptions) SetVPCId(v string) *AwsElasticsearchDomainVPCOptions { - s.VPCId = &v +// SetCanonicalHostedZoneNameID sets the CanonicalHostedZoneNameID field's value. +func (s *AwsElbLoadBalancerDetails) SetCanonicalHostedZoneNameID(v string) *AwsElbLoadBalancerDetails { + s.CanonicalHostedZoneNameID = &v return s } -// Contains information about a stickiness policy that was created using CreateAppCookieStickinessPolicy. -type AwsElbAppCookieStickinessPolicy struct { - _ struct{} `type:"structure"` +// SetCreatedTime sets the CreatedTime field's value. +func (s *AwsElbLoadBalancerDetails) SetCreatedTime(v string) *AwsElbLoadBalancerDetails { + s.CreatedTime = &v + return s +} - // The name of the application cookie used for stickiness. - CookieName *string `type:"string"` +// SetDnsName sets the DnsName field's value. +func (s *AwsElbLoadBalancerDetails) SetDnsName(v string) *AwsElbLoadBalancerDetails { + s.DnsName = &v + return s +} - // The mnemonic name for the policy being created. The name must be unique within - // the set of policies for the load balancer. - PolicyName *string `type:"string"` +// SetHealthCheck sets the HealthCheck field's value. +func (s *AwsElbLoadBalancerDetails) SetHealthCheck(v *AwsElbLoadBalancerHealthCheck) *AwsElbLoadBalancerDetails { + s.HealthCheck = v + return s } -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AwsElbAppCookieStickinessPolicy) String() string { - return awsutil.Prettify(s) +// SetInstances sets the Instances field's value. +func (s *AwsElbLoadBalancerDetails) SetInstances(v []*AwsElbLoadBalancerInstance) *AwsElbLoadBalancerDetails { + s.Instances = v + return s } -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AwsElbAppCookieStickinessPolicy) GoString() string { - return s.String() +// SetListenerDescriptions sets the ListenerDescriptions field's value. +func (s *AwsElbLoadBalancerDetails) SetListenerDescriptions(v []*AwsElbLoadBalancerListenerDescription) *AwsElbLoadBalancerDetails { + s.ListenerDescriptions = v + return s } -// SetCookieName sets the CookieName field's value. -func (s *AwsElbAppCookieStickinessPolicy) SetCookieName(v string) *AwsElbAppCookieStickinessPolicy { - s.CookieName = &v +// SetLoadBalancerAttributes sets the LoadBalancerAttributes field's value. +func (s *AwsElbLoadBalancerDetails) SetLoadBalancerAttributes(v *AwsElbLoadBalancerAttributes) *AwsElbLoadBalancerDetails { + s.LoadBalancerAttributes = v + return s +} + +// SetLoadBalancerName sets the LoadBalancerName field's value. +func (s *AwsElbLoadBalancerDetails) SetLoadBalancerName(v string) *AwsElbLoadBalancerDetails { + s.LoadBalancerName = &v return s } -// SetPolicyName sets the PolicyName field's value. -func (s *AwsElbAppCookieStickinessPolicy) SetPolicyName(v string) *AwsElbAppCookieStickinessPolicy { - s.PolicyName = &v +// SetPolicies sets the Policies field's value. +func (s *AwsElbLoadBalancerDetails) SetPolicies(v *AwsElbLoadBalancerPolicies) *AwsElbLoadBalancerDetails { + s.Policies = v return s } -// Contains information about a stickiness policy that was created using CreateLBCookieStickinessPolicy. -type AwsElbLbCookieStickinessPolicy struct { - _ struct{} `type:"structure"` - - // The amount of time, in seconds, after which the cookie is considered stale. - // If an expiration period is not specified, the stickiness session lasts for - // the duration of the browser session. - CookieExpirationPeriod *int64 `type:"long"` - - // The name of the policy. The name must be unique within the set of policies - // for the load balancer. - PolicyName *string `type:"string"` +// SetScheme sets the Scheme field's value. +func (s *AwsElbLoadBalancerDetails) SetScheme(v string) *AwsElbLoadBalancerDetails { + s.Scheme = &v + return s } -// String returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AwsElbLbCookieStickinessPolicy) String() string { - return awsutil.Prettify(s) +// SetSecurityGroups sets the SecurityGroups field's value. +func (s *AwsElbLoadBalancerDetails) SetSecurityGroups(v []*string) *AwsElbLoadBalancerDetails { + s.SecurityGroups = v + return s } -// GoString returns the string representation. -// -// API parameter values that are decorated as "sensitive" in the API will not -// be included in the string output. The member name will be present, but the -// value will be replaced with "sensitive". -func (s AwsElbLbCookieStickinessPolicy) GoString() string { - return s.String() +// SetSourceSecurityGroup sets the SourceSecurityGroup field's value. +func (s *AwsElbLoadBalancerDetails) SetSourceSecurityGroup(v *AwsElbLoadBalancerSourceSecurityGroup) *AwsElbLoadBalancerDetails { + s.SourceSecurityGroup = v + return s } -// SetCookieExpirationPeriod sets the CookieExpirationPeriod field's value. -func (s *AwsElbLbCookieStickinessPolicy) SetCookieExpirationPeriod(v int64) *AwsElbLbCookieStickinessPolicy { - s.CookieExpirationPeriod = &v +// SetSubnets sets the Subnets field's value. +func (s *AwsElbLoadBalancerDetails) SetSubnets(v []*string) *AwsElbLoadBalancerDetails { + s.Subnets = v return s } -// SetPolicyName sets the PolicyName field's value. -func (s *AwsElbLbCookieStickinessPolicy) SetPolicyName(v string) *AwsElbLbCookieStickinessPolicy { - s.PolicyName = &v +// SetVpcId sets the VpcId field's value. +func (s *AwsElbLoadBalancerDetails) SetVpcId(v string) *AwsElbLoadBalancerDetails { + s.VpcId = &v return s } -// Contains information about the access log configuration for the load balancer. -type AwsElbLoadBalancerAccessLog struct { +// Contains information about the health checks that are conducted on the load +// balancer. +type AwsElbLoadBalancerHealthCheck struct { _ struct{} `type:"structure"` - // The interval in minutes for publishing the access logs. - // - // You can publish access logs either every 5 minutes or every 60 minutes. - EmitInterval *int64 `type:"integer"` - - // Indicates whether access logs are enabled for the load balancer. - Enabled *bool `type:"boolean"` + // The number of consecutive health check successes required before the instance + // is moved to the Healthy state. + HealthyThreshold *int64 `type:"integer"` - // The name of the S3 bucket where the access logs are stored. - S3BucketName *string `type:"string"` + // The approximate interval, in seconds, between health checks of an individual + // instance. + Interval *int64 `type:"integer"` - // The logical hierarchy that was created for the S3 bucket. + // The instance that is being checked. The target specifies the protocol and + // port. The available protocols are TCP, SSL, HTTP, and HTTPS. The range of + // valid ports is 1 through 65535. // - // If a prefix is not provided, the log is placed at the root level of the bucket. - S3BucketPrefix *string `type:"string"` + // For the HTTP and HTTPS protocols, the target also specifies the ping path. + // + // For the TCP protocol, the target is specified as TCP: . + // + // For the SSL protocol, the target is specified as SSL. . + // + // For the HTTP and HTTPS protocols, the target is specified as :/ . + Target *string `type:"string"` + + // The amount of time, in seconds, during which no response means a failed health + // check. + Timeout *int64 `type:"integer"` + + // The number of consecutive health check failures that must occur before the + // instance is moved to the Unhealthy state. + UnhealthyThreshold *int64 `type:"integer"` } // String returns the string representation. @@ -24046,7 +27921,7 @@ type AwsElbLoadBalancerAccessLog struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerAccessLog) String() string { +func (s AwsElbLoadBalancerHealthCheck) String() string { return awsutil.Prettify(s) } @@ -24055,43 +27930,46 @@ func (s AwsElbLoadBalancerAccessLog) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerAccessLog) GoString() string { +func (s AwsElbLoadBalancerHealthCheck) GoString() string { return s.String() } -// SetEmitInterval sets the EmitInterval field's value. -func (s *AwsElbLoadBalancerAccessLog) SetEmitInterval(v int64) *AwsElbLoadBalancerAccessLog { - s.EmitInterval = &v +// SetHealthyThreshold sets the HealthyThreshold field's value. +func (s *AwsElbLoadBalancerHealthCheck) SetHealthyThreshold(v int64) *AwsElbLoadBalancerHealthCheck { + s.HealthyThreshold = &v return s } -// SetEnabled sets the Enabled field's value. -func (s *AwsElbLoadBalancerAccessLog) SetEnabled(v bool) *AwsElbLoadBalancerAccessLog { - s.Enabled = &v +// SetInterval sets the Interval field's value. +func (s *AwsElbLoadBalancerHealthCheck) SetInterval(v int64) *AwsElbLoadBalancerHealthCheck { + s.Interval = &v return s } -// SetS3BucketName sets the S3BucketName field's value. -func (s *AwsElbLoadBalancerAccessLog) SetS3BucketName(v string) *AwsElbLoadBalancerAccessLog { - s.S3BucketName = &v +// SetTarget sets the Target field's value. +func (s *AwsElbLoadBalancerHealthCheck) SetTarget(v string) *AwsElbLoadBalancerHealthCheck { + s.Target = &v return s } -// SetS3BucketPrefix sets the S3BucketPrefix field's value. -func (s *AwsElbLoadBalancerAccessLog) SetS3BucketPrefix(v string) *AwsElbLoadBalancerAccessLog { - s.S3BucketPrefix = &v +// SetTimeout sets the Timeout field's value. +func (s *AwsElbLoadBalancerHealthCheck) SetTimeout(v int64) *AwsElbLoadBalancerHealthCheck { + s.Timeout = &v return s } -// Provides information about additional attributes for the load balancer. -type AwsElbLoadBalancerAdditionalAttribute struct { - _ struct{} `type:"structure"` +// SetUnhealthyThreshold sets the UnhealthyThreshold field's value. +func (s *AwsElbLoadBalancerHealthCheck) SetUnhealthyThreshold(v int64) *AwsElbLoadBalancerHealthCheck { + s.UnhealthyThreshold = &v + return s +} - // The name of the attribute. - Key *string `type:"string"` +// Provides information about an EC2 instance for a load balancer. +type AwsElbLoadBalancerInstance struct { + _ struct{} `type:"structure"` - // The value of the attribute. - Value *string `type:"string"` + // The instance identifier. + InstanceId *string `type:"string"` } // String returns the string representation. @@ -24099,7 +27977,7 @@ type AwsElbLoadBalancerAdditionalAttribute struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerAdditionalAttribute) String() string { +func (s AwsElbLoadBalancerInstance) String() string { return awsutil.Prettify(s) } @@ -24108,54 +27986,43 @@ func (s AwsElbLoadBalancerAdditionalAttribute) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerAdditionalAttribute) GoString() string { +func (s AwsElbLoadBalancerInstance) GoString() string { return s.String() } -// SetKey sets the Key field's value. -func (s *AwsElbLoadBalancerAdditionalAttribute) SetKey(v string) *AwsElbLoadBalancerAdditionalAttribute { - s.Key = &v - return s -} - -// SetValue sets the Value field's value. -func (s *AwsElbLoadBalancerAdditionalAttribute) SetValue(v string) *AwsElbLoadBalancerAdditionalAttribute { - s.Value = &v +// SetInstanceId sets the InstanceId field's value. +func (s *AwsElbLoadBalancerInstance) SetInstanceId(v string) *AwsElbLoadBalancerInstance { + s.InstanceId = &v return s } -// Contains attributes for the load balancer. -type AwsElbLoadBalancerAttributes struct { +// Information about a load balancer listener. +type AwsElbLoadBalancerListener struct { _ struct{} `type:"structure"` - // Information about the access log configuration for the load balancer. - // - // If the access log is enabled, the load balancer captures detailed information - // about all requests. It delivers the information to a specified S3 bucket. - AccessLog *AwsElbLoadBalancerAccessLog `type:"structure"` - - // Any additional attributes for a load balancer. - AdditionalAttributes []*AwsElbLoadBalancerAdditionalAttribute `type:"list"` + // The port on which the instance is listening. + InstancePort *int64 `type:"integer"` - // Information about the connection draining configuration for the load balancer. + // The protocol to use to route traffic to instances. // - // If connection draining is enabled, the load balancer allows existing requests - // to complete before it shifts traffic away from a deregistered or unhealthy - // instance. - ConnectionDraining *AwsElbLoadBalancerConnectionDraining `type:"structure"` + // Valid values: HTTP | HTTPS | TCP | SSL + InstanceProtocol *string `type:"string"` - // Connection settings for the load balancer. + // The port on which the load balancer is listening. // - // If an idle timeout is configured, the load balancer allows connections to - // remain idle for the specified duration. When a connection is idle, no data - // is sent over the connection. - ConnectionSettings *AwsElbLoadBalancerConnectionSettings `type:"structure"` + // On EC2-VPC, you can specify any port from the range 1-65535. + // + // On EC2-Classic, you can specify any port from the following list: 25, 80, + // 443, 465, 587, 1024-65535. + LoadBalancerPort *int64 `type:"integer"` - // Cross-zone load balancing settings for the load balancer. + // The load balancer transport protocol to use for routing. // - // If cross-zone load balancing is enabled, the load balancer routes the request - // traffic evenly across all instances regardless of the Availability Zones. - CrossZoneLoadBalancing *AwsElbLoadBalancerCrossZoneLoadBalancing `type:"structure"` + // Valid values: HTTP | HTTPS | TCP | SSL + Protocol *string `type:"string"` + + // The ARN of the server certificate. + SslCertificateId *string `type:"string"` } // String returns the string representation. @@ -24163,7 +28030,7 @@ type AwsElbLoadBalancerAttributes struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerAttributes) String() string { +func (s AwsElbLoadBalancerListener) String() string { return awsutil.Prettify(s) } @@ -24172,49 +28039,48 @@ func (s AwsElbLoadBalancerAttributes) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerAttributes) GoString() string { +func (s AwsElbLoadBalancerListener) GoString() string { return s.String() } -// SetAccessLog sets the AccessLog field's value. -func (s *AwsElbLoadBalancerAttributes) SetAccessLog(v *AwsElbLoadBalancerAccessLog) *AwsElbLoadBalancerAttributes { - s.AccessLog = v +// SetInstancePort sets the InstancePort field's value. +func (s *AwsElbLoadBalancerListener) SetInstancePort(v int64) *AwsElbLoadBalancerListener { + s.InstancePort = &v return s } -// SetAdditionalAttributes sets the AdditionalAttributes field's value. -func (s *AwsElbLoadBalancerAttributes) SetAdditionalAttributes(v []*AwsElbLoadBalancerAdditionalAttribute) *AwsElbLoadBalancerAttributes { - s.AdditionalAttributes = v +// SetInstanceProtocol sets the InstanceProtocol field's value. +func (s *AwsElbLoadBalancerListener) SetInstanceProtocol(v string) *AwsElbLoadBalancerListener { + s.InstanceProtocol = &v return s } -// SetConnectionDraining sets the ConnectionDraining field's value. -func (s *AwsElbLoadBalancerAttributes) SetConnectionDraining(v *AwsElbLoadBalancerConnectionDraining) *AwsElbLoadBalancerAttributes { - s.ConnectionDraining = v +// SetLoadBalancerPort sets the LoadBalancerPort field's value. +func (s *AwsElbLoadBalancerListener) SetLoadBalancerPort(v int64) *AwsElbLoadBalancerListener { + s.LoadBalancerPort = &v return s } -// SetConnectionSettings sets the ConnectionSettings field's value. -func (s *AwsElbLoadBalancerAttributes) SetConnectionSettings(v *AwsElbLoadBalancerConnectionSettings) *AwsElbLoadBalancerAttributes { - s.ConnectionSettings = v +// SetProtocol sets the Protocol field's value. +func (s *AwsElbLoadBalancerListener) SetProtocol(v string) *AwsElbLoadBalancerListener { + s.Protocol = &v return s } -// SetCrossZoneLoadBalancing sets the CrossZoneLoadBalancing field's value. -func (s *AwsElbLoadBalancerAttributes) SetCrossZoneLoadBalancing(v *AwsElbLoadBalancerCrossZoneLoadBalancing) *AwsElbLoadBalancerAttributes { - s.CrossZoneLoadBalancing = v +// SetSslCertificateId sets the SslCertificateId field's value. +func (s *AwsElbLoadBalancerListener) SetSslCertificateId(v string) *AwsElbLoadBalancerListener { + s.SslCertificateId = &v return s } -// Provides information about the configuration of an EC2 instance for the load -// balancer. -type AwsElbLoadBalancerBackendServerDescription struct { +// Lists the policies that are enabled for a load balancer listener. +type AwsElbLoadBalancerListenerDescription struct { _ struct{} `type:"structure"` - // The port on which the EC2 instance is listening. - InstancePort *int64 `type:"integer"` + // Information about the listener. + Listener *AwsElbLoadBalancerListener `type:"structure"` - // The names of the policies that are enabled for the EC2 instance. + // The policies enabled for the listener. PolicyNames []*string `type:"list"` } @@ -24223,7 +28089,7 @@ type AwsElbLoadBalancerBackendServerDescription struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerBackendServerDescription) String() string { +func (s AwsElbLoadBalancerListenerDescription) String() string { return awsutil.Prettify(s) } @@ -24232,33 +28098,34 @@ func (s AwsElbLoadBalancerBackendServerDescription) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerBackendServerDescription) GoString() string { +func (s AwsElbLoadBalancerListenerDescription) GoString() string { return s.String() } -// SetInstancePort sets the InstancePort field's value. -func (s *AwsElbLoadBalancerBackendServerDescription) SetInstancePort(v int64) *AwsElbLoadBalancerBackendServerDescription { - s.InstancePort = &v +// SetListener sets the Listener field's value. +func (s *AwsElbLoadBalancerListenerDescription) SetListener(v *AwsElbLoadBalancerListener) *AwsElbLoadBalancerListenerDescription { + s.Listener = v return s } // SetPolicyNames sets the PolicyNames field's value. -func (s *AwsElbLoadBalancerBackendServerDescription) SetPolicyNames(v []*string) *AwsElbLoadBalancerBackendServerDescription { +func (s *AwsElbLoadBalancerListenerDescription) SetPolicyNames(v []*string) *AwsElbLoadBalancerListenerDescription { s.PolicyNames = v return s } -// Contains information about the connection draining configuration for the -// load balancer. -type AwsElbLoadBalancerConnectionDraining struct { +// Contains information about the policies for a load balancer. +type AwsElbLoadBalancerPolicies struct { _ struct{} `type:"structure"` - // Indicates whether connection draining is enabled for the load balancer. - Enabled *bool `type:"boolean"` + // The stickiness policies that are created using CreateAppCookieStickinessPolicy. + AppCookieStickinessPolicies []*AwsElbAppCookieStickinessPolicy `type:"list"` - // The maximum time, in seconds, to keep the existing connections open before - // deregistering the instances. - Timeout *int64 `type:"integer"` + // The stickiness policies that are created using CreateLBCookieStickinessPolicy. + LbCookieStickinessPolicies []*AwsElbLbCookieStickinessPolicy `type:"list"` + + // The policies other than the stickiness policies. + OtherPolicies []*string `type:"list"` } // String returns the string representation. @@ -24266,7 +28133,7 @@ type AwsElbLoadBalancerConnectionDraining struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerConnectionDraining) String() string { +func (s AwsElbLoadBalancerPolicies) String() string { return awsutil.Prettify(s) } @@ -24275,29 +28142,37 @@ func (s AwsElbLoadBalancerConnectionDraining) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerConnectionDraining) GoString() string { +func (s AwsElbLoadBalancerPolicies) GoString() string { return s.String() } -// SetEnabled sets the Enabled field's value. -func (s *AwsElbLoadBalancerConnectionDraining) SetEnabled(v bool) *AwsElbLoadBalancerConnectionDraining { - s.Enabled = &v +// SetAppCookieStickinessPolicies sets the AppCookieStickinessPolicies field's value. +func (s *AwsElbLoadBalancerPolicies) SetAppCookieStickinessPolicies(v []*AwsElbAppCookieStickinessPolicy) *AwsElbLoadBalancerPolicies { + s.AppCookieStickinessPolicies = v return s } -// SetTimeout sets the Timeout field's value. -func (s *AwsElbLoadBalancerConnectionDraining) SetTimeout(v int64) *AwsElbLoadBalancerConnectionDraining { - s.Timeout = &v +// SetLbCookieStickinessPolicies sets the LbCookieStickinessPolicies field's value. +func (s *AwsElbLoadBalancerPolicies) SetLbCookieStickinessPolicies(v []*AwsElbLbCookieStickinessPolicy) *AwsElbLoadBalancerPolicies { + s.LbCookieStickinessPolicies = v return s } -// Contains connection settings for the load balancer. -type AwsElbLoadBalancerConnectionSettings struct { +// SetOtherPolicies sets the OtherPolicies field's value. +func (s *AwsElbLoadBalancerPolicies) SetOtherPolicies(v []*string) *AwsElbLoadBalancerPolicies { + s.OtherPolicies = v + return s +} + +// Contains information about the security group for the load balancer. +type AwsElbLoadBalancerSourceSecurityGroup struct { _ struct{} `type:"structure"` - // The time, in seconds, that the connection can be idle (no data is sent over - // the connection) before it is closed by the load balancer. - IdleTimeout *int64 `type:"integer"` + // The name of the security group. + GroupName *string `type:"string"` + + // The owner of the security group. + OwnerAlias *string `type:"string"` } // String returns the string representation. @@ -24305,7 +28180,7 @@ type AwsElbLoadBalancerConnectionSettings struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerConnectionSettings) String() string { +func (s AwsElbLoadBalancerSourceSecurityGroup) String() string { return awsutil.Prettify(s) } @@ -24314,22 +28189,31 @@ func (s AwsElbLoadBalancerConnectionSettings) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerConnectionSettings) GoString() string { +func (s AwsElbLoadBalancerSourceSecurityGroup) GoString() string { return s.String() } -// SetIdleTimeout sets the IdleTimeout field's value. -func (s *AwsElbLoadBalancerConnectionSettings) SetIdleTimeout(v int64) *AwsElbLoadBalancerConnectionSettings { - s.IdleTimeout = &v +// SetGroupName sets the GroupName field's value. +func (s *AwsElbLoadBalancerSourceSecurityGroup) SetGroupName(v string) *AwsElbLoadBalancerSourceSecurityGroup { + s.GroupName = &v return s } -// Contains cross-zone load balancing settings for the load balancer. -type AwsElbLoadBalancerCrossZoneLoadBalancing struct { +// SetOwnerAlias sets the OwnerAlias field's value. +func (s *AwsElbLoadBalancerSourceSecurityGroup) SetOwnerAlias(v string) *AwsElbLoadBalancerSourceSecurityGroup { + s.OwnerAlias = &v + return s +} + +// A load balancer attribute. +type AwsElbv2LoadBalancerAttribute struct { _ struct{} `type:"structure"` - // Indicates whether cross-zone load balancing is enabled for the load balancer. - Enabled *bool `type:"boolean"` + // The name of the load balancer attribute. + Key *string `type:"string"` + + // The value of the load balancer attribute. + Value *string `type:"string"` } // String returns the string representation. @@ -24337,7 +28221,7 @@ type AwsElbLoadBalancerCrossZoneLoadBalancing struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerCrossZoneLoadBalancing) String() string { +func (s AwsElbv2LoadBalancerAttribute) String() string { return awsutil.Prettify(s) } @@ -24346,81 +28230,64 @@ func (s AwsElbLoadBalancerCrossZoneLoadBalancing) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerCrossZoneLoadBalancing) GoString() string { +func (s AwsElbv2LoadBalancerAttribute) GoString() string { return s.String() } -// SetEnabled sets the Enabled field's value. -func (s *AwsElbLoadBalancerCrossZoneLoadBalancing) SetEnabled(v bool) *AwsElbLoadBalancerCrossZoneLoadBalancing { - s.Enabled = &v +// SetKey sets the Key field's value. +func (s *AwsElbv2LoadBalancerAttribute) SetKey(v string) *AwsElbv2LoadBalancerAttribute { + s.Key = &v return s } -// Contains details about a Classic Load Balancer. -type AwsElbLoadBalancerDetails struct { - _ struct{} `type:"structure"` - - // The list of Availability Zones for the load balancer. - AvailabilityZones []*string `type:"list"` +// SetValue sets the Value field's value. +func (s *AwsElbv2LoadBalancerAttribute) SetValue(v string) *AwsElbv2LoadBalancerAttribute { + s.Value = &v + return s +} - // Information about the configuration of the EC2 instances. - BackendServerDescriptions []*AwsElbLoadBalancerBackendServerDescription `type:"list"` +// Information about a load balancer. +type AwsElbv2LoadBalancerDetails struct { + _ struct{} `type:"structure"` - // The name of the Amazon Route 53 hosted zone for the load balancer. - CanonicalHostedZoneName *string `type:"string"` + // The Availability Zones for the load balancer. + AvailabilityZones []*AvailabilityZone `type:"list"` - // The ID of the Amazon Route 53 hosted zone for the load balancer. - CanonicalHostedZoneNameID *string `type:"string"` + // The ID of the Amazon Route 53 hosted zone associated with the load balancer. + CanonicalHostedZoneId *string `type:"string"` // Indicates when the load balancer was created. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedTime *string `type:"string"` - // The DNS name of the load balancer. - DnsName *string `type:"string"` - - // Information about the health checks that are conducted on the load balancer. - HealthCheck *AwsElbLoadBalancerHealthCheck `type:"structure"` - - // List of EC2 instances for the load balancer. - Instances []*AwsElbLoadBalancerInstance `type:"list"` - - // The policies that are enabled for the load balancer listeners. - ListenerDescriptions []*AwsElbLoadBalancerListenerDescription `type:"list"` - - // The attributes for a load balancer. - LoadBalancerAttributes *AwsElbLoadBalancerAttributes `type:"structure"` + // The public DNS name of the load balancer. + DNSName *string `type:"string"` - // The name of the load balancer. - LoadBalancerName *string `type:"string"` + // The type of IP addresses used by the subnets for your load balancer. The + // possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and + // IPv6 addresses). + IpAddressType *string `type:"string"` - // The policies for a load balancer. - Policies *AwsElbLoadBalancerPolicies `type:"structure"` + // Attributes of the load balancer. + LoadBalancerAttributes []*AwsElbv2LoadBalancerAttribute `type:"list"` - // The type of load balancer. Only provided if the load balancer is in a VPC. - // - // If Scheme is internet-facing, the load balancer has a public DNS name that - // resolves to a public IP address. - // - // If Scheme is internal, the load balancer has a public DNS name that resolves - // to a private IP address. + // The nodes of an Internet-facing load balancer have public IP addresses. Scheme *string `type:"string"` - // The security groups for the load balancer. Only provided if the load balancer - // is in a VPC. + // The IDs of the security groups for the load balancer. SecurityGroups []*string `type:"list"` - // Information about the security group for the load balancer. This is the security - // group that is used for inbound rules. - SourceSecurityGroup *AwsElbLoadBalancerSourceSecurityGroup `type:"structure"` + // The state of the load balancer. + State *LoadBalancerState `type:"structure"` - // The list of subnet identifiers for the load balancer. - Subnets []*string `type:"list"` + // The type of load balancer. + Type *string `type:"string"` - // The identifier of the VPC for the load balancer. + // The ID of the VPC for the load balancer. VpcId *string `type:"string"` } @@ -24429,7 +28296,7 @@ type AwsElbLoadBalancerDetails struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerDetails) String() string { +func (s AwsElbv2LoadBalancerDetails) String() string { return awsutil.Prettify(s) } @@ -24438,146 +28305,188 @@ func (s AwsElbLoadBalancerDetails) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerDetails) GoString() string { +func (s AwsElbv2LoadBalancerDetails) GoString() string { return s.String() } // SetAvailabilityZones sets the AvailabilityZones field's value. -func (s *AwsElbLoadBalancerDetails) SetAvailabilityZones(v []*string) *AwsElbLoadBalancerDetails { +func (s *AwsElbv2LoadBalancerDetails) SetAvailabilityZones(v []*AvailabilityZone) *AwsElbv2LoadBalancerDetails { s.AvailabilityZones = v return s } -// SetBackendServerDescriptions sets the BackendServerDescriptions field's value. -func (s *AwsElbLoadBalancerDetails) SetBackendServerDescriptions(v []*AwsElbLoadBalancerBackendServerDescription) *AwsElbLoadBalancerDetails { - s.BackendServerDescriptions = v +// SetCanonicalHostedZoneId sets the CanonicalHostedZoneId field's value. +func (s *AwsElbv2LoadBalancerDetails) SetCanonicalHostedZoneId(v string) *AwsElbv2LoadBalancerDetails { + s.CanonicalHostedZoneId = &v return s } -// SetCanonicalHostedZoneName sets the CanonicalHostedZoneName field's value. -func (s *AwsElbLoadBalancerDetails) SetCanonicalHostedZoneName(v string) *AwsElbLoadBalancerDetails { - s.CanonicalHostedZoneName = &v +// SetCreatedTime sets the CreatedTime field's value. +func (s *AwsElbv2LoadBalancerDetails) SetCreatedTime(v string) *AwsElbv2LoadBalancerDetails { + s.CreatedTime = &v return s } -// SetCanonicalHostedZoneNameID sets the CanonicalHostedZoneNameID field's value. -func (s *AwsElbLoadBalancerDetails) SetCanonicalHostedZoneNameID(v string) *AwsElbLoadBalancerDetails { - s.CanonicalHostedZoneNameID = &v +// SetDNSName sets the DNSName field's value. +func (s *AwsElbv2LoadBalancerDetails) SetDNSName(v string) *AwsElbv2LoadBalancerDetails { + s.DNSName = &v return s } -// SetCreatedTime sets the CreatedTime field's value. -func (s *AwsElbLoadBalancerDetails) SetCreatedTime(v string) *AwsElbLoadBalancerDetails { - s.CreatedTime = &v +// SetIpAddressType sets the IpAddressType field's value. +func (s *AwsElbv2LoadBalancerDetails) SetIpAddressType(v string) *AwsElbv2LoadBalancerDetails { + s.IpAddressType = &v return s } -// SetDnsName sets the DnsName field's value. -func (s *AwsElbLoadBalancerDetails) SetDnsName(v string) *AwsElbLoadBalancerDetails { - s.DnsName = &v +// SetLoadBalancerAttributes sets the LoadBalancerAttributes field's value. +func (s *AwsElbv2LoadBalancerDetails) SetLoadBalancerAttributes(v []*AwsElbv2LoadBalancerAttribute) *AwsElbv2LoadBalancerDetails { + s.LoadBalancerAttributes = v return s } -// SetHealthCheck sets the HealthCheck field's value. -func (s *AwsElbLoadBalancerDetails) SetHealthCheck(v *AwsElbLoadBalancerHealthCheck) *AwsElbLoadBalancerDetails { - s.HealthCheck = v +// SetScheme sets the Scheme field's value. +func (s *AwsElbv2LoadBalancerDetails) SetScheme(v string) *AwsElbv2LoadBalancerDetails { + s.Scheme = &v return s } -// SetInstances sets the Instances field's value. -func (s *AwsElbLoadBalancerDetails) SetInstances(v []*AwsElbLoadBalancerInstance) *AwsElbLoadBalancerDetails { - s.Instances = v +// SetSecurityGroups sets the SecurityGroups field's value. +func (s *AwsElbv2LoadBalancerDetails) SetSecurityGroups(v []*string) *AwsElbv2LoadBalancerDetails { + s.SecurityGroups = v return s } -// SetListenerDescriptions sets the ListenerDescriptions field's value. -func (s *AwsElbLoadBalancerDetails) SetListenerDescriptions(v []*AwsElbLoadBalancerListenerDescription) *AwsElbLoadBalancerDetails { - s.ListenerDescriptions = v +// SetState sets the State field's value. +func (s *AwsElbv2LoadBalancerDetails) SetState(v *LoadBalancerState) *AwsElbv2LoadBalancerDetails { + s.State = v + return s +} + +// SetType sets the Type field's value. +func (s *AwsElbv2LoadBalancerDetails) SetType(v string) *AwsElbv2LoadBalancerDetails { + s.Type = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *AwsElbv2LoadBalancerDetails) SetVpcId(v string) *AwsElbv2LoadBalancerDetails { + s.VpcId = &v return s } -// SetLoadBalancerAttributes sets the LoadBalancerAttributes field's value. -func (s *AwsElbLoadBalancerDetails) SetLoadBalancerAttributes(v *AwsElbLoadBalancerAttributes) *AwsElbLoadBalancerDetails { - s.LoadBalancerAttributes = v +// A schema defines the structure of events that are sent to Amazon EventBridge. +// Schema registries are containers for schemas. They collect and organize schemas +// so that your schemas are in logical groups. +type AwsEventSchemasRegistryDetails struct { + _ struct{} `type:"structure"` + + // A description of the registry to be created. + Description *string `type:"string"` + + // The Amazon Resource Name (ARN) of the registry. + RegistryArn *string `type:"string"` + + // The name of the schema registry. + RegistryName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEventSchemasRegistryDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEventSchemasRegistryDetails) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *AwsEventSchemasRegistryDetails) SetDescription(v string) *AwsEventSchemasRegistryDetails { + s.Description = &v return s } -// SetLoadBalancerName sets the LoadBalancerName field's value. -func (s *AwsElbLoadBalancerDetails) SetLoadBalancerName(v string) *AwsElbLoadBalancerDetails { - s.LoadBalancerName = &v +// SetRegistryArn sets the RegistryArn field's value. +func (s *AwsEventSchemasRegistryDetails) SetRegistryArn(v string) *AwsEventSchemasRegistryDetails { + s.RegistryArn = &v return s } -// SetPolicies sets the Policies field's value. -func (s *AwsElbLoadBalancerDetails) SetPolicies(v *AwsElbLoadBalancerPolicies) *AwsElbLoadBalancerDetails { - s.Policies = v +// SetRegistryName sets the RegistryName field's value. +func (s *AwsEventSchemasRegistryDetails) SetRegistryName(v string) *AwsEventSchemasRegistryDetails { + s.RegistryName = &v return s } -// SetScheme sets the Scheme field's value. -func (s *AwsElbLoadBalancerDetails) SetScheme(v string) *AwsElbLoadBalancerDetails { - s.Scheme = &v - return s -} +// An object that contains information on the status of CloudTrail as a data +// source for the detector. +type AwsGuardDutyDetectorDataSourcesCloudTrailDetails struct { + _ struct{} `type:"structure"` -// SetSecurityGroups sets the SecurityGroups field's value. -func (s *AwsElbLoadBalancerDetails) SetSecurityGroups(v []*string) *AwsElbLoadBalancerDetails { - s.SecurityGroups = v - return s + // Specifies whether CloudTrail is activated as a data source for the detector. + Status *string `type:"string"` } -// SetSourceSecurityGroup sets the SourceSecurityGroup field's value. -func (s *AwsElbLoadBalancerDetails) SetSourceSecurityGroup(v *AwsElbLoadBalancerSourceSecurityGroup) *AwsElbLoadBalancerDetails { - s.SourceSecurityGroup = v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsGuardDutyDetectorDataSourcesCloudTrailDetails) String() string { + return awsutil.Prettify(s) } -// SetSubnets sets the Subnets field's value. -func (s *AwsElbLoadBalancerDetails) SetSubnets(v []*string) *AwsElbLoadBalancerDetails { - s.Subnets = v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsGuardDutyDetectorDataSourcesCloudTrailDetails) GoString() string { + return s.String() } -// SetVpcId sets the VpcId field's value. -func (s *AwsElbLoadBalancerDetails) SetVpcId(v string) *AwsElbLoadBalancerDetails { - s.VpcId = &v +// SetStatus sets the Status field's value. +func (s *AwsGuardDutyDetectorDataSourcesCloudTrailDetails) SetStatus(v string) *AwsGuardDutyDetectorDataSourcesCloudTrailDetails { + s.Status = &v return s } -// Contains information about the health checks that are conducted on the load -// balancer. -type AwsElbLoadBalancerHealthCheck struct { +// Describes which data sources are activated for the detector. +type AwsGuardDutyDetectorDataSourcesDetails struct { _ struct{} `type:"structure"` - // The number of consecutive health check successes required before the instance - // is moved to the Healthy state. - HealthyThreshold *int64 `type:"integer"` + // An object that contains information on the status of CloudTrail as a data + // source for the detector. + CloudTrail *AwsGuardDutyDetectorDataSourcesCloudTrailDetails `type:"structure"` - // The approximate interval, in seconds, between health checks of an individual - // instance. - Interval *int64 `type:"integer"` + // An object that contains information on the status of DNS logs as a data source + // for the detector. + DnsLogs *AwsGuardDutyDetectorDataSourcesDnsLogsDetails `type:"structure"` - // The instance that is being checked. The target specifies the protocol and - // port. The available protocols are TCP, SSL, HTTP, and HTTPS. The range of - // valid ports is 1 through 65535. - // - // For the HTTP and HTTPS protocols, the target also specifies the ping path. - // - // For the TCP protocol, the target is specified as TCP: . - // - // For the SSL protocol, the target is specified as SSL. . - // - // For the HTTP and HTTPS protocols, the target is specified as :/ . - Target *string `type:"string"` + // An object that contains information on the status of VPC Flow Logs as a data + // source for the detector. + FlowLogs *AwsGuardDutyDetectorDataSourcesFlowLogsDetails `type:"structure"` - // The amount of time, in seconds, during which no response means a failed health - // check. - Timeout *int64 `type:"integer"` + // An object that contains information on the status of Kubernetes data sources + // for the detector. + Kubernetes *AwsGuardDutyDetectorDataSourcesKubernetesDetails `type:"structure"` - // The number of consecutive health check failures that must occur before the - // instance is moved to the Unhealthy state. - UnhealthyThreshold *int64 `type:"integer"` + // An object that contains information on the status of Malware Protection as + // a data source for the detector. + MalwareProtection *AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails `type:"structure"` + + // An object that contains information on the status of S3 Data event logs as + // a data source for the detector. + S3Logs *AwsGuardDutyDetectorDataSourcesS3LogsDetails `type:"structure"` } // String returns the string representation. @@ -24585,7 +28494,7 @@ type AwsElbLoadBalancerHealthCheck struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerHealthCheck) String() string { +func (s AwsGuardDutyDetectorDataSourcesDetails) String() string { return awsutil.Prettify(s) } @@ -24594,46 +28503,53 @@ func (s AwsElbLoadBalancerHealthCheck) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerHealthCheck) GoString() string { +func (s AwsGuardDutyDetectorDataSourcesDetails) GoString() string { return s.String() } -// SetHealthyThreshold sets the HealthyThreshold field's value. -func (s *AwsElbLoadBalancerHealthCheck) SetHealthyThreshold(v int64) *AwsElbLoadBalancerHealthCheck { - s.HealthyThreshold = &v +// SetCloudTrail sets the CloudTrail field's value. +func (s *AwsGuardDutyDetectorDataSourcesDetails) SetCloudTrail(v *AwsGuardDutyDetectorDataSourcesCloudTrailDetails) *AwsGuardDutyDetectorDataSourcesDetails { + s.CloudTrail = v return s } -// SetInterval sets the Interval field's value. -func (s *AwsElbLoadBalancerHealthCheck) SetInterval(v int64) *AwsElbLoadBalancerHealthCheck { - s.Interval = &v +// SetDnsLogs sets the DnsLogs field's value. +func (s *AwsGuardDutyDetectorDataSourcesDetails) SetDnsLogs(v *AwsGuardDutyDetectorDataSourcesDnsLogsDetails) *AwsGuardDutyDetectorDataSourcesDetails { + s.DnsLogs = v return s } -// SetTarget sets the Target field's value. -func (s *AwsElbLoadBalancerHealthCheck) SetTarget(v string) *AwsElbLoadBalancerHealthCheck { - s.Target = &v +// SetFlowLogs sets the FlowLogs field's value. +func (s *AwsGuardDutyDetectorDataSourcesDetails) SetFlowLogs(v *AwsGuardDutyDetectorDataSourcesFlowLogsDetails) *AwsGuardDutyDetectorDataSourcesDetails { + s.FlowLogs = v return s } -// SetTimeout sets the Timeout field's value. -func (s *AwsElbLoadBalancerHealthCheck) SetTimeout(v int64) *AwsElbLoadBalancerHealthCheck { - s.Timeout = &v +// SetKubernetes sets the Kubernetes field's value. +func (s *AwsGuardDutyDetectorDataSourcesDetails) SetKubernetes(v *AwsGuardDutyDetectorDataSourcesKubernetesDetails) *AwsGuardDutyDetectorDataSourcesDetails { + s.Kubernetes = v return s } -// SetUnhealthyThreshold sets the UnhealthyThreshold field's value. -func (s *AwsElbLoadBalancerHealthCheck) SetUnhealthyThreshold(v int64) *AwsElbLoadBalancerHealthCheck { - s.UnhealthyThreshold = &v +// SetMalwareProtection sets the MalwareProtection field's value. +func (s *AwsGuardDutyDetectorDataSourcesDetails) SetMalwareProtection(v *AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails) *AwsGuardDutyDetectorDataSourcesDetails { + s.MalwareProtection = v return s } -// Provides information about an EC2 instance for a load balancer. -type AwsElbLoadBalancerInstance struct { +// SetS3Logs sets the S3Logs field's value. +func (s *AwsGuardDutyDetectorDataSourcesDetails) SetS3Logs(v *AwsGuardDutyDetectorDataSourcesS3LogsDetails) *AwsGuardDutyDetectorDataSourcesDetails { + s.S3Logs = v + return s +} + +// An object that contains information on the status of DNS logs as a data source +// for the detector. +type AwsGuardDutyDetectorDataSourcesDnsLogsDetails struct { _ struct{} `type:"structure"` - // The instance identifier. - InstanceId *string `type:"string"` + // Describes whether DNS logs is enabled as a data source for the detector. + Status *string `type:"string"` } // String returns the string representation. @@ -24641,7 +28557,7 @@ type AwsElbLoadBalancerInstance struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerInstance) String() string { +func (s AwsGuardDutyDetectorDataSourcesDnsLogsDetails) String() string { return awsutil.Prettify(s) } @@ -24650,43 +28566,23 @@ func (s AwsElbLoadBalancerInstance) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerInstance) GoString() string { +func (s AwsGuardDutyDetectorDataSourcesDnsLogsDetails) GoString() string { return s.String() } -// SetInstanceId sets the InstanceId field's value. -func (s *AwsElbLoadBalancerInstance) SetInstanceId(v string) *AwsElbLoadBalancerInstance { - s.InstanceId = &v +// SetStatus sets the Status field's value. +func (s *AwsGuardDutyDetectorDataSourcesDnsLogsDetails) SetStatus(v string) *AwsGuardDutyDetectorDataSourcesDnsLogsDetails { + s.Status = &v return s } -// Information about a load balancer listener. -type AwsElbLoadBalancerListener struct { +// An object that contains information on the status of VPC Flow Logs as a data +// source for the detector. +type AwsGuardDutyDetectorDataSourcesFlowLogsDetails struct { _ struct{} `type:"structure"` - // The port on which the instance is listening. - InstancePort *int64 `type:"integer"` - - // The protocol to use to route traffic to instances. - // - // Valid values: HTTP | HTTPS | TCP | SSL - InstanceProtocol *string `type:"string"` - - // The port on which the load balancer is listening. - // - // On EC2-VPC, you can specify any port from the range 1-65535. - // - // On EC2-Classic, you can specify any port from the following list: 25, 80, - // 443, 465, 587, 1024-65535. - LoadBalancerPort *int64 `type:"integer"` - - // The load balancer transport protocol to use for routing. - // - // Valid values: HTTP | HTTPS | TCP | SSL - Protocol *string `type:"string"` - - // The ARN of the server certificate. - SslCertificateId *string `type:"string"` + // Describes whether VPC Flow Logs are activated as a data source for the detector. + Status *string `type:"string"` } // String returns the string representation. @@ -24694,7 +28590,7 @@ type AwsElbLoadBalancerListener struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerListener) String() string { +func (s AwsGuardDutyDetectorDataSourcesFlowLogsDetails) String() string { return awsutil.Prettify(s) } @@ -24703,49 +28599,58 @@ func (s AwsElbLoadBalancerListener) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerListener) GoString() string { +func (s AwsGuardDutyDetectorDataSourcesFlowLogsDetails) GoString() string { return s.String() } -// SetInstancePort sets the InstancePort field's value. -func (s *AwsElbLoadBalancerListener) SetInstancePort(v int64) *AwsElbLoadBalancerListener { - s.InstancePort = &v +// SetStatus sets the Status field's value. +func (s *AwsGuardDutyDetectorDataSourcesFlowLogsDetails) SetStatus(v string) *AwsGuardDutyDetectorDataSourcesFlowLogsDetails { + s.Status = &v return s } -// SetInstanceProtocol sets the InstanceProtocol field's value. -func (s *AwsElbLoadBalancerListener) SetInstanceProtocol(v string) *AwsElbLoadBalancerListener { - s.InstanceProtocol = &v - return s +// An object that contains information on the status of Kubernetes audit logs +// as a data source for the detector. +type AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails struct { + _ struct{} `type:"structure"` + + // Describes whether Kubernetes audit logs are activated as a data source for + // the detector. + Status *string `type:"string"` } -// SetLoadBalancerPort sets the LoadBalancerPort field's value. -func (s *AwsElbLoadBalancerListener) SetLoadBalancerPort(v int64) *AwsElbLoadBalancerListener { - s.LoadBalancerPort = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails) String() string { + return awsutil.Prettify(s) } -// SetProtocol sets the Protocol field's value. -func (s *AwsElbLoadBalancerListener) SetProtocol(v string) *AwsElbLoadBalancerListener { - s.Protocol = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails) GoString() string { + return s.String() } -// SetSslCertificateId sets the SslCertificateId field's value. -func (s *AwsElbLoadBalancerListener) SetSslCertificateId(v string) *AwsElbLoadBalancerListener { - s.SslCertificateId = &v +// SetStatus sets the Status field's value. +func (s *AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails) SetStatus(v string) *AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails { + s.Status = &v return s } -// Lists the policies that are enabled for a load balancer listener. -type AwsElbLoadBalancerListenerDescription struct { +// An object that contains information on the status of Kubernetes data sources +// for the detector. +type AwsGuardDutyDetectorDataSourcesKubernetesDetails struct { _ struct{} `type:"structure"` - // Information about the listener. - Listener *AwsElbLoadBalancerListener `type:"structure"` - - // The policies enabled for the listener. - PolicyNames []*string `type:"list"` + // Describes whether Kubernetes audit logs are activated as a data source for + // the detector. + AuditLogs *AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails `type:"structure"` } // String returns the string representation. @@ -24753,7 +28658,7 @@ type AwsElbLoadBalancerListenerDescription struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerListenerDescription) String() string { +func (s AwsGuardDutyDetectorDataSourcesKubernetesDetails) String() string { return awsutil.Prettify(s) } @@ -24762,34 +28667,27 @@ func (s AwsElbLoadBalancerListenerDescription) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerListenerDescription) GoString() string { +func (s AwsGuardDutyDetectorDataSourcesKubernetesDetails) GoString() string { return s.String() } -// SetListener sets the Listener field's value. -func (s *AwsElbLoadBalancerListenerDescription) SetListener(v *AwsElbLoadBalancerListener) *AwsElbLoadBalancerListenerDescription { - s.Listener = v - return s -} - -// SetPolicyNames sets the PolicyNames field's value. -func (s *AwsElbLoadBalancerListenerDescription) SetPolicyNames(v []*string) *AwsElbLoadBalancerListenerDescription { - s.PolicyNames = v +// SetAuditLogs sets the AuditLogs field's value. +func (s *AwsGuardDutyDetectorDataSourcesKubernetesDetails) SetAuditLogs(v *AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails) *AwsGuardDutyDetectorDataSourcesKubernetesDetails { + s.AuditLogs = v return s } -// Contains information about the policies for a load balancer. -type AwsElbLoadBalancerPolicies struct { +// An object that contains information on the status of Malware Protection as +// a data source for the detector. +type AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails struct { _ struct{} `type:"structure"` - // The stickiness policies that are created using CreateAppCookieStickinessPolicy. - AppCookieStickinessPolicies []*AwsElbAppCookieStickinessPolicy `type:"list"` - - // The stickiness policies that are created using CreateLBCookieStickinessPolicy. - LbCookieStickinessPolicies []*AwsElbLbCookieStickinessPolicy `type:"list"` + // Describes the configuration of Malware Protection for EC2 instances with + // findings. + ScanEc2InstanceWithFindings *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails `type:"structure"` - // The policies other than the stickiness policies. - OtherPolicies []*string `type:"list"` + // The GuardDuty Malware Protection service role. + ServiceRole *string `type:"string"` } // String returns the string representation. @@ -24797,7 +28695,7 @@ type AwsElbLoadBalancerPolicies struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerPolicies) String() string { +func (s AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails) String() string { return awsutil.Prettify(s) } @@ -24806,37 +28704,30 @@ func (s AwsElbLoadBalancerPolicies) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerPolicies) GoString() string { +func (s AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails) GoString() string { return s.String() } -// SetAppCookieStickinessPolicies sets the AppCookieStickinessPolicies field's value. -func (s *AwsElbLoadBalancerPolicies) SetAppCookieStickinessPolicies(v []*AwsElbAppCookieStickinessPolicy) *AwsElbLoadBalancerPolicies { - s.AppCookieStickinessPolicies = v - return s -} - -// SetLbCookieStickinessPolicies sets the LbCookieStickinessPolicies field's value. -func (s *AwsElbLoadBalancerPolicies) SetLbCookieStickinessPolicies(v []*AwsElbLbCookieStickinessPolicy) *AwsElbLoadBalancerPolicies { - s.LbCookieStickinessPolicies = v +// SetScanEc2InstanceWithFindings sets the ScanEc2InstanceWithFindings field's value. +func (s *AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails) SetScanEc2InstanceWithFindings(v *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails) *AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails { + s.ScanEc2InstanceWithFindings = v return s } -// SetOtherPolicies sets the OtherPolicies field's value. -func (s *AwsElbLoadBalancerPolicies) SetOtherPolicies(v []*string) *AwsElbLoadBalancerPolicies { - s.OtherPolicies = v +// SetServiceRole sets the ServiceRole field's value. +func (s *AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails) SetServiceRole(v string) *AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails { + s.ServiceRole = &v return s } -// Contains information about the security group for the load balancer. -type AwsElbLoadBalancerSourceSecurityGroup struct { +// Describes the configuration of Malware Protection for EC2 instances with +// findings. +type AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails struct { _ struct{} `type:"structure"` - // The name of the security group. - GroupName *string `type:"string"` - - // The owner of the security group. - OwnerAlias *string `type:"string"` + // Describes the configuration of scanning EBS volumes (Malware Protection) + // as a data source. + EbsVolumes *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails `type:"structure"` } // String returns the string representation. @@ -24844,7 +28735,7 @@ type AwsElbLoadBalancerSourceSecurityGroup struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerSourceSecurityGroup) String() string { +func (s AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails) String() string { return awsutil.Prettify(s) } @@ -24853,31 +28744,28 @@ func (s AwsElbLoadBalancerSourceSecurityGroup) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbLoadBalancerSourceSecurityGroup) GoString() string { +func (s AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails) GoString() string { return s.String() } -// SetGroupName sets the GroupName field's value. -func (s *AwsElbLoadBalancerSourceSecurityGroup) SetGroupName(v string) *AwsElbLoadBalancerSourceSecurityGroup { - s.GroupName = &v - return s -} - -// SetOwnerAlias sets the OwnerAlias field's value. -func (s *AwsElbLoadBalancerSourceSecurityGroup) SetOwnerAlias(v string) *AwsElbLoadBalancerSourceSecurityGroup { - s.OwnerAlias = &v +// SetEbsVolumes sets the EbsVolumes field's value. +func (s *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails) SetEbsVolumes(v *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails) *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails { + s.EbsVolumes = v return s } -// A load balancer attribute. -type AwsElbv2LoadBalancerAttribute struct { +// Describes the configuration of scanning EBS volumes (Malware Protection) +// as a data source. +type AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails struct { _ struct{} `type:"structure"` - // The name of the load balancer attribute. - Key *string `type:"string"` + // Specifies the reason why scanning EBS volumes (Malware Protection) isn’t + // activated as a data source. + Reason *string `type:"string"` - // The value of the load balancer attribute. - Value *string `type:"string"` + // Describes whether scanning EBS volumes is activated as a data source for + // the detector. + Status *string `type:"string"` } // String returns the string representation. @@ -24885,7 +28773,7 @@ type AwsElbv2LoadBalancerAttribute struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbv2LoadBalancerAttribute) String() string { +func (s AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails) String() string { return awsutil.Prettify(s) } @@ -24894,64 +28782,76 @@ func (s AwsElbv2LoadBalancerAttribute) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbv2LoadBalancerAttribute) GoString() string { +func (s AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails) GoString() string { return s.String() } -// SetKey sets the Key field's value. -func (s *AwsElbv2LoadBalancerAttribute) SetKey(v string) *AwsElbv2LoadBalancerAttribute { - s.Key = &v +// SetReason sets the Reason field's value. +func (s *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails) SetReason(v string) *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails { + s.Reason = &v return s } -// SetValue sets the Value field's value. -func (s *AwsElbv2LoadBalancerAttribute) SetValue(v string) *AwsElbv2LoadBalancerAttribute { - s.Value = &v +// SetStatus sets the Status field's value. +func (s *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails) SetStatus(v string) *AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails { + s.Status = &v return s } -// Information about a load balancer. -type AwsElbv2LoadBalancerDetails struct { +// An object that contains information on the status of S3 data event logs as +// a data source for the detector. +type AwsGuardDutyDetectorDataSourcesS3LogsDetails struct { _ struct{} `type:"structure"` - // The Availability Zones for the load balancer. - AvailabilityZones []*AvailabilityZone `type:"list"` - - // The ID of the Amazon Route 53 hosted zone associated with the load balancer. - CanonicalHostedZoneId *string `type:"string"` + // A value that describes whether S3 data event logs are automatically enabled + // for new members of an organization. + Status *string `type:"string"` +} - // Indicates when the load balancer was created. - // - // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time - // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. - CreatedTime *string `type:"string"` +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsGuardDutyDetectorDataSourcesS3LogsDetails) String() string { + return awsutil.Prettify(s) +} - // The public DNS name of the load balancer. - DNSName *string `type:"string"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsGuardDutyDetectorDataSourcesS3LogsDetails) GoString() string { + return s.String() +} - // The type of IP addresses used by the subnets for your load balancer. The - // possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and - // IPv6 addresses). - IpAddressType *string `type:"string"` +// SetStatus sets the Status field's value. +func (s *AwsGuardDutyDetectorDataSourcesS3LogsDetails) SetStatus(v string) *AwsGuardDutyDetectorDataSourcesS3LogsDetails { + s.Status = &v + return s +} - // Attributes of the load balancer. - LoadBalancerAttributes []*AwsElbv2LoadBalancerAttribute `type:"list"` +// Provides details about an Amazon GuardDuty detector. A detector is an object +// that represents the GuardDuty service. A detector is required for GuardDuty +// to become operational. +type AwsGuardDutyDetectorDetails struct { + _ struct{} `type:"structure"` - // The nodes of an Internet-facing load balancer have public IP addresses. - Scheme *string `type:"string"` + // Describes which data sources are activated for the detector. + DataSources *AwsGuardDutyDetectorDataSourcesDetails `type:"structure"` - // The IDs of the security groups for the load balancer. - SecurityGroups []*string `type:"list"` + // Describes which features are activated for the detector. + Features []*AwsGuardDutyDetectorFeaturesDetails `type:"list"` - // The state of the load balancer. - State *LoadBalancerState `type:"structure"` + // The publishing frequency of the finding. + FindingPublishingFrequency *string `type:"string"` - // The type of load balancer. - Type *string `type:"string"` + // The GuardDuty service role. + ServiceRole *string `type:"string"` - // The ID of the VPC for the load balancer. - VpcId *string `type:"string"` + // The activation status of the detector. + Status *string `type:"string"` } // String returns the string representation. @@ -24959,7 +28859,7 @@ type AwsElbv2LoadBalancerDetails struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbv2LoadBalancerDetails) String() string { +func (s AwsGuardDutyDetectorDetails) String() string { return awsutil.Prettify(s) } @@ -24968,73 +28868,78 @@ func (s AwsElbv2LoadBalancerDetails) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AwsElbv2LoadBalancerDetails) GoString() string { +func (s AwsGuardDutyDetectorDetails) GoString() string { return s.String() } -// SetAvailabilityZones sets the AvailabilityZones field's value. -func (s *AwsElbv2LoadBalancerDetails) SetAvailabilityZones(v []*AvailabilityZone) *AwsElbv2LoadBalancerDetails { - s.AvailabilityZones = v +// SetDataSources sets the DataSources field's value. +func (s *AwsGuardDutyDetectorDetails) SetDataSources(v *AwsGuardDutyDetectorDataSourcesDetails) *AwsGuardDutyDetectorDetails { + s.DataSources = v return s } -// SetCanonicalHostedZoneId sets the CanonicalHostedZoneId field's value. -func (s *AwsElbv2LoadBalancerDetails) SetCanonicalHostedZoneId(v string) *AwsElbv2LoadBalancerDetails { - s.CanonicalHostedZoneId = &v +// SetFeatures sets the Features field's value. +func (s *AwsGuardDutyDetectorDetails) SetFeatures(v []*AwsGuardDutyDetectorFeaturesDetails) *AwsGuardDutyDetectorDetails { + s.Features = v return s } -// SetCreatedTime sets the CreatedTime field's value. -func (s *AwsElbv2LoadBalancerDetails) SetCreatedTime(v string) *AwsElbv2LoadBalancerDetails { - s.CreatedTime = &v +// SetFindingPublishingFrequency sets the FindingPublishingFrequency field's value. +func (s *AwsGuardDutyDetectorDetails) SetFindingPublishingFrequency(v string) *AwsGuardDutyDetectorDetails { + s.FindingPublishingFrequency = &v return s } -// SetDNSName sets the DNSName field's value. -func (s *AwsElbv2LoadBalancerDetails) SetDNSName(v string) *AwsElbv2LoadBalancerDetails { - s.DNSName = &v +// SetServiceRole sets the ServiceRole field's value. +func (s *AwsGuardDutyDetectorDetails) SetServiceRole(v string) *AwsGuardDutyDetectorDetails { + s.ServiceRole = &v return s } -// SetIpAddressType sets the IpAddressType field's value. -func (s *AwsElbv2LoadBalancerDetails) SetIpAddressType(v string) *AwsElbv2LoadBalancerDetails { - s.IpAddressType = &v +// SetStatus sets the Status field's value. +func (s *AwsGuardDutyDetectorDetails) SetStatus(v string) *AwsGuardDutyDetectorDetails { + s.Status = &v return s } -// SetLoadBalancerAttributes sets the LoadBalancerAttributes field's value. -func (s *AwsElbv2LoadBalancerDetails) SetLoadBalancerAttributes(v []*AwsElbv2LoadBalancerAttribute) *AwsElbv2LoadBalancerDetails { - s.LoadBalancerAttributes = v - return s -} +// Describes which features are activated for the detector. +type AwsGuardDutyDetectorFeaturesDetails struct { + _ struct{} `type:"structure"` -// SetScheme sets the Scheme field's value. -func (s *AwsElbv2LoadBalancerDetails) SetScheme(v string) *AwsElbv2LoadBalancerDetails { - s.Scheme = &v - return s + // Indicates the name of the feature that is activated for the detector. + Name *string `type:"string"` + + // Indicates the status of the feature that is activated for the detector. + Status *string `type:"string"` } -// SetSecurityGroups sets the SecurityGroups field's value. -func (s *AwsElbv2LoadBalancerDetails) SetSecurityGroups(v []*string) *AwsElbv2LoadBalancerDetails { - s.SecurityGroups = v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsGuardDutyDetectorFeaturesDetails) String() string { + return awsutil.Prettify(s) } -// SetState sets the State field's value. -func (s *AwsElbv2LoadBalancerDetails) SetState(v *LoadBalancerState) *AwsElbv2LoadBalancerDetails { - s.State = v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsGuardDutyDetectorFeaturesDetails) GoString() string { + return s.String() } -// SetType sets the Type field's value. -func (s *AwsElbv2LoadBalancerDetails) SetType(v string) *AwsElbv2LoadBalancerDetails { - s.Type = &v +// SetName sets the Name field's value. +func (s *AwsGuardDutyDetectorFeaturesDetails) SetName(v string) *AwsGuardDutyDetectorFeaturesDetails { + s.Name = &v return s } -// SetVpcId sets the VpcId field's value. -func (s *AwsElbv2LoadBalancerDetails) SetVpcId(v string) *AwsElbv2LoadBalancerDetails { - s.VpcId = &v +// SetStatus sets the Status field's value. +func (s *AwsGuardDutyDetectorFeaturesDetails) SetStatus(v string) *AwsGuardDutyDetectorFeaturesDetails { + s.Status = &v return s } @@ -25052,7 +28957,8 @@ type AwsIamAccessKeyDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedAt *string `type:"string"` // The ID of the principal associated with an access key. @@ -25200,7 +29106,8 @@ type AwsIamAccessKeySessionContextAttributes struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreationDate *string `type:"string"` // Indicates whether the session used multi-factor authentication (MFA). @@ -25358,7 +29265,8 @@ type AwsIamGroupDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreateDate *string `type:"string"` // The identifier of the IAM group. @@ -25471,7 +29379,8 @@ type AwsIamInstanceProfile struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreateDate *string `type:"string"` // The identifier of the instance profile. @@ -25575,7 +29484,8 @@ type AwsIamInstanceProfileRole struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreateDate *string `type:"string"` // The path to the role. @@ -25708,7 +29618,8 @@ type AwsIamPolicyDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreateDate *string `type:"string"` // The identifier of the default version of the policy. @@ -25740,7 +29651,8 @@ type AwsIamPolicyDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. UpdateDate *string `type:"string"` } @@ -25836,7 +29748,8 @@ type AwsIamPolicyVersion struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreateDate *string `type:"string"` // Whether the version is the default version. @@ -25896,7 +29809,8 @@ type AwsIamRoleDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreateDate *string `type:"string"` // The list of instance profiles that contain this role. @@ -26067,7 +29981,8 @@ type AwsIamUserDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreateDate *string `type:"string"` // A list of IAM groups that the user belongs to. @@ -26313,7 +30228,8 @@ type AwsKmsKeyDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreationDate *float64 `type:"double"` // A description of the KMS key. @@ -26549,7 +30465,8 @@ type AwsLambdaFunctionDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastModified *string `type:"string"` // The function's layers. @@ -26945,7 +30862,8 @@ type AwsLambdaLayerVersionDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedDate *string `type:"string"` // The version number. @@ -28226,7 +32144,8 @@ type AwsRdsDbClusterDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. ClusterCreateTime *string `type:"string"` // Whether tags are copied from the DB cluster to snapshots of the DB cluster. @@ -28714,7 +32633,8 @@ type AwsRdsDbClusterSnapshotDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. ClusterCreateTime *string `type:"string"` // The DB cluster identifier. @@ -28752,7 +32672,8 @@ type AwsRdsDbClusterSnapshotDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. SnapshotCreateTime *string `type:"string"` // The type of DB cluster snapshot. @@ -29130,7 +33051,8 @@ type AwsRdsDbInstanceDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. InstanceCreateTime *string `type:"string"` // Specifies the provisioned IOPS (I/O operations per second) for this DB instance. @@ -29145,7 +33067,8 @@ type AwsRdsDbInstanceDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LatestRestorableTime *string `type:"string"` // License model information for this DB instance. @@ -30741,7 +34664,8 @@ type AwsRdsEventSubscriptionDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. SubscriptionCreationTime *string `type:"string"` } @@ -31061,7 +34985,9 @@ func (s *AwsRedshiftClusterClusterSecurityGroup) SetStatus(v string) *AwsRedshif return s } -// Information about a cross-Region snapshot copy. +// You can configure Amazon Redshift to copy snapshots for a cluster to another +// Amazon Web Services Region. This parameter provides information about a cross-Region +// snapshot copy. type AwsRedshiftClusterClusterSnapshotCopyStatus struct { _ struct{} `type:"structure"` @@ -31070,7 +34996,7 @@ type AwsRedshiftClusterClusterSnapshotCopyStatus struct { DestinationRegion *string `type:"string"` // The number of days that manual snapshots are retained in the destination - // region after they are copied from a source region. + // Region after they are copied from a source Region. // // If the value is -1, then the manual snapshot is retained indefinitely. // @@ -31136,7 +35062,8 @@ type AwsRedshiftClusterDeferredMaintenanceWindow struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. DeferMaintenanceEndTime *string `type:"string"` // The identifier of the maintenance window. @@ -31146,7 +35073,8 @@ type AwsRedshiftClusterDeferredMaintenanceWindow struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. DeferMaintenanceStartTime *string `type:"string"` } @@ -31220,7 +35148,8 @@ type AwsRedshiftClusterDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. ClusterCreateTime *string `type:"string"` // The unique identifier of the cluster. @@ -31293,7 +35222,8 @@ type AwsRedshiftClusterDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. ExpectedNextSnapshotScheduleTime *string `type:"string"` // The status of the next expected snapshot. @@ -31337,7 +35267,8 @@ type AwsRedshiftClusterDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. NextMaintenanceWindowStartTime *string `type:"string"` // The node type for the nodes in the cluster. @@ -31870,14 +35801,16 @@ type AwsRedshiftClusterLoggingStatus struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastFailureTime *string `type:"string"` // The last time that logs were delivered successfully. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastSuccessfulDeliveryTime *string `type:"string"` // Indicates whether logging is enabled. @@ -32385,7 +36318,8 @@ type AwsS3BucketBucketLifecycleConfigurationRulesDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. ExpirationDate *string `type:"string"` // The length in days of the lifetime for objects that are subject to the rule. @@ -32786,7 +36720,8 @@ type AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. Date *string `type:"string"` // The number of days after which to transition the object to the specified @@ -32912,9 +36847,14 @@ type AwsS3BucketDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. CreatedAt *string `type:"string"` + // Specifies which rule Amazon S3 applies by default to every new object placed + // in the specified bucket. + ObjectLockConfiguration *AwsS3BucketObjectLockConfiguration `type:"structure"` + // The Amazon Web Services account identifier of the account that owns the S3 // bucket. OwnerAccountId *string `type:"string"` @@ -32993,6 +36933,12 @@ func (s *AwsS3BucketDetails) SetCreatedAt(v string) *AwsS3BucketDetails { return s } +// SetObjectLockConfiguration sets the ObjectLockConfiguration field's value. +func (s *AwsS3BucketDetails) SetObjectLockConfiguration(v *AwsS3BucketObjectLockConfiguration) *AwsS3BucketDetails { + s.ObjectLockConfiguration = v + return s +} + // SetOwnerAccountId sets the OwnerAccountId field's value. func (s *AwsS3BucketDetails) SetOwnerAccountId(v string) *AwsS3BucketDetails { s.OwnerAccountId = &v @@ -33271,6 +37217,136 @@ func (s *AwsS3BucketNotificationConfigurationS3KeyFilterRule) SetValue(v string) return s } +// The container element for S3 Object Lock configuration parameters. In Amazon +// S3, Object Lock can help prevent objects from being deleted or overwritten +// for a fixed amount of time or indefinitely. +type AwsS3BucketObjectLockConfiguration struct { + _ struct{} `type:"structure"` + + // Indicates whether the bucket has an Object Lock configuration enabled. + ObjectLockEnabled *string `type:"string"` + + // Specifies the Object Lock rule for the specified object. + Rule *AwsS3BucketObjectLockConfigurationRuleDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3BucketObjectLockConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3BucketObjectLockConfiguration) GoString() string { + return s.String() +} + +// SetObjectLockEnabled sets the ObjectLockEnabled field's value. +func (s *AwsS3BucketObjectLockConfiguration) SetObjectLockEnabled(v string) *AwsS3BucketObjectLockConfiguration { + s.ObjectLockEnabled = &v + return s +} + +// SetRule sets the Rule field's value. +func (s *AwsS3BucketObjectLockConfiguration) SetRule(v *AwsS3BucketObjectLockConfigurationRuleDetails) *AwsS3BucketObjectLockConfiguration { + s.Rule = v + return s +} + +// The default S3 Object Lock retention mode and period that you want to apply +// to new objects placed in the specified Amazon S3 bucket. +type AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails struct { + _ struct{} `type:"structure"` + + // The number of days that you want to specify for the default retention period. + Days *int64 `type:"integer"` + + // The default Object Lock retention mode you want to apply to new objects placed + // in the specified bucket. + Mode *string `type:"string"` + + // The number of years that you want to specify for the default retention period. + Years *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails) GoString() string { + return s.String() +} + +// SetDays sets the Days field's value. +func (s *AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails) SetDays(v int64) *AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails { + s.Days = &v + return s +} + +// SetMode sets the Mode field's value. +func (s *AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails) SetMode(v string) *AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails { + s.Mode = &v + return s +} + +// SetYears sets the Years field's value. +func (s *AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails) SetYears(v int64) *AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails { + s.Years = &v + return s +} + +// Specifies the S3 Object Lock rule for the specified object. In Amazon S3, +// Object Lock can help prevent objects from being deleted or overwritten for +// a fixed amount of time or indefinitely. +type AwsS3BucketObjectLockConfigurationRuleDetails struct { + _ struct{} `type:"structure"` + + // The default Object Lock retention mode and period that you want to apply + // to new objects placed in the specified bucket. + DefaultRetention *AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3BucketObjectLockConfigurationRuleDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3BucketObjectLockConfigurationRuleDetails) GoString() string { + return s.String() +} + +// SetDefaultRetention sets the DefaultRetention field's value. +func (s *AwsS3BucketObjectLockConfigurationRuleDetails) SetDefaultRetention(v *AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails) *AwsS3BucketObjectLockConfigurationRuleDetails { + s.DefaultRetention = v + return s +} + // Specifies the default server-side encryption to apply to new objects in the // bucket. type AwsS3BucketServerSideEncryptionByDefault struct { @@ -33652,7 +37728,8 @@ type AwsS3ObjectDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastModified *string `type:"string"` // The identifier of the KMS symmetric customer managed key that was used for @@ -34150,12 +38227,13 @@ type AwsSecurityFinding struct { // zero percent confidence and 100 means 100 percent confidence. Confidence *int64 `type:"integer"` - // Indicates when the security-findings provider created the potential security + // Indicates when the security findings provider created the potential security // issue that a finding captured. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. // // CreatedAt is a required field CreatedAt *string `type:"string" required:"true"` @@ -34178,16 +38256,17 @@ type AwsSecurityFinding struct { // findings, severity, and types. FindingProviderFields *FindingProviderFields `type:"structure"` - // Indicates when the security-findings provider first observed the potential + // Indicates when the security findings provider first observed the potential // security issue that a finding captured. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. FirstObservedAt *string `type:"string"` // The identifier for the solution-specific component (a discrete unit of logic) - // that generated a finding. In various security-findings providers' solutions, + // that generated a finding. In various security findings providers' solutions, // this generator can be called a rule, a check, a detector, a plugin, etc. // // GeneratorId is a required field @@ -34198,12 +38277,13 @@ type AwsSecurityFinding struct { // Id is a required field Id *string `type:"string" required:"true"` - // Indicates when the security-findings provider most recently observed the + // Indicates when the security findings provider most recently observed the // potential security issue that a finding captured. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastObservedAt *string `type:"string"` // A list of malware related to a finding. @@ -34233,7 +38313,7 @@ type AwsSecurityFinding struct { // ProductArn is a required field ProductArn *string `type:"string" required:"true"` - // A data type where security-findings providers can include additional solution-specific + // A data type where security findings providers can include additional solution-specific // details that aren't part of the defined AwsSecurityFinding format. // // Can contain up to 50 key-value pairs. For each key-value pair, the key can @@ -34282,7 +38362,7 @@ type AwsSecurityFinding struct { // A finding's severity. Severity *Severity `type:"structure"` - // A URL that links to a page about the current finding in the security-findings + // A URL that links to a page about the current finding in the security findings // provider's solution. SourceUrl *string `type:"string"` @@ -34307,11 +38387,12 @@ type AwsSecurityFinding struct { // | Unusual Behaviors | Sensitive Data Identifications Types []*string `type:"list"` - // Indicates when the security-findings provider last updated the finding record. + // Indicates when the security findings provider last updated the finding record. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. // // UpdatedAt is a required field UpdatedAt *string `type:"string" required:"true"` @@ -34735,8 +38816,12 @@ type AwsSecurityFindingFilters struct { // zero percent confidence and 100 means 100 percent confidence. Confidence []*NumberFilter `type:"list"` - // An ISO8601-formatted timestamp that indicates when the security-findings + // An ISO8601-formatted timestamp that indicates when the security findings // provider captured the potential security issue that a finding captured. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). CreatedAt []*DateFilter `type:"list"` // The level of importance assigned to the resources associated with the finding. @@ -34784,12 +38869,16 @@ type AwsSecurityFindingFilters struct { // | Unusual Behaviors | Sensitive Data Identifications FindingProviderFieldsTypes []*StringFilter `type:"list"` - // An ISO8601-formatted timestamp that indicates when the security-findings + // An ISO8601-formatted timestamp that indicates when the security findings // provider first observed the potential security issue that a finding captured. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). FirstObservedAt []*DateFilter `type:"list"` // The identifier for the solution-specific component (a discrete unit of logic) - // that generated a finding. In various security-findings providers' solutions, + // that generated a finding. In various security findings providers' solutions, // this generator can be called a rule, a check, a detector, a plugin, etc. GeneratorId []*StringFilter `type:"list"` @@ -34801,9 +38890,13 @@ type AwsSecurityFindingFilters struct { // Deprecated: The Keyword property is deprecated. Keyword []*KeywordFilter `deprecated:"true" type:"list"` - // An ISO8601-formatted timestamp that indicates when the security-findings + // An ISO8601-formatted timestamp that indicates when the security findings // provider most recently observed the potential security issue that a finding // captured. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). LastObservedAt []*DateFilter `type:"list"` // The name of the malware that was observed. @@ -34861,13 +38954,18 @@ type AwsSecurityFindingFilters struct { // The principal that created a note. NoteUpdatedBy []*StringFilter `type:"list"` - // The date/time that the process was launched. + // A timestamp that identifies when the process was launched. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). ProcessLaunchedAt []*DateFilter `type:"list"` // The name of the process. ProcessName []*StringFilter `type:"list"` - // The parent process ID. + // The parent process ID. This field accepts positive integers between O and + // 2147483647. ProcessParentPid []*NumberFilter `type:"list"` // The path to the process executable. @@ -34876,7 +38974,11 @@ type AwsSecurityFindingFilters struct { // The process ID. ProcessPid []*NumberFilter `type:"list"` - // The date/time that the process was terminated. + // A timestamp that identifies when the process was terminated. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). ProcessTerminatedAt []*DateFilter `type:"list"` // The ARN generated by Security Hub that uniquely identifies a third-party @@ -34884,7 +38986,7 @@ type AwsSecurityFindingFilters struct { // that generates findings) is registered with Security Hub. ProductArn []*StringFilter `type:"list"` - // A data type where security-findings providers can include additional solution-specific + // A data type where security findings providers can include additional solution-specific // details that aren't part of the defined AwsSecurityFinding format. ProductFields []*MapFilter `type:"list"` @@ -34962,7 +39064,11 @@ type AwsSecurityFindingFilters struct { // The name of the image related to a finding. ResourceContainerImageName []*StringFilter `type:"list"` - // The date/time that the container was started. + // A timestamp that identifies when the container was started. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). ResourceContainerLaunchedAt []*DateFilter `type:"list"` // The name of the container related to a finding. @@ -35001,20 +39107,21 @@ type AwsSecurityFindingFilters struct { // Deprecated: This filter is deprecated. Instead, use SeverityLabel or FindingProviderFieldsSeverityLabel. SeverityNormalized []*NumberFilter `deprecated:"true" type:"list"` - // The native severity as defined by the security-findings provider's solution + // The native severity as defined by the security findings provider's solution // that generated the finding. // // Deprecated: This filter is deprecated. Instead, use FindingProviderSeverityOriginal. SeverityProduct []*NumberFilter `deprecated:"true" type:"list"` - // A URL that links to a page about the current finding in the security-findings + // A URL that links to a page about the current finding in the security findings // provider's solution. SourceUrl []*StringFilter `type:"list"` // The category of a threat intelligence indicator. ThreatIntelIndicatorCategory []*StringFilter `type:"list"` - // The date/time of the last observation of a threat intelligence indicator. + // A timestamp that identifies the last observation of a threat intelligence + // indicator. ThreatIntelIndicatorLastObservedAt []*DateFilter `type:"list"` // The source of the threat intelligence. @@ -35036,8 +39143,12 @@ type AwsSecurityFindingFilters struct { // a finding. Type []*StringFilter `type:"list"` - // An ISO8601-formatted timestamp that indicates when the security-findings + // An ISO8601-formatted timestamp that indicates when the security findings // provider last updated the finding record. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). UpdatedAt []*DateFilter `type:"list"` // A list of name/value string pairs associated with the finding. These are @@ -35681,7 +39792,7 @@ func (s *AwsSecurityFindingFilters) SetWorkflowStatus(v []*StringFilter) *AwsSec return s } -// Identifies a finding to update using BatchUpdateFindings. +// Identifies which finding to get the finding history for. type AwsSecurityFindingIdentifier struct { _ struct{} `type:"structure"` @@ -36257,6 +40368,259 @@ func (s *AwsSsmPatchComplianceDetails) SetPatch(v *AwsSsmPatch) *AwsSsmPatchComp return s } +// Provides details about an Step Functions state machine, which is a workflow +// consisting of a series of event- driven steps. +type AwsStepFunctionStateMachineDetails struct { + _ struct{} `type:"structure"` + + // A user-defined or an auto-generated string that identifies a Map state. This + // parameter is present only if the stateMachineArn specified in input is a + // qualified state machine ARN. + Label *string `type:"string"` + + // Used to set CloudWatch Logs options. + LoggingConfiguration *AwsStepFunctionStateMachineLoggingConfigurationDetails `type:"structure"` + + // The name of the state machine. + Name *string `type:"string"` + + // The Amazon Resource Name (ARN) of the IAM role used when creating this state + // machine. + RoleArn *string `type:"string"` + + // The ARN that identifies the state machine. + StateMachineArn *string `type:"string"` + + // The current status of the state machine. + Status *string `type:"string"` + + // Specifies whether X-Ray tracing is enabled. + TracingConfiguration *AwsStepFunctionStateMachineTracingConfigurationDetails `type:"structure"` + + // The type of the state machine (STANDARD or EXPRESS). + Type *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineDetails) GoString() string { + return s.String() +} + +// SetLabel sets the Label field's value. +func (s *AwsStepFunctionStateMachineDetails) SetLabel(v string) *AwsStepFunctionStateMachineDetails { + s.Label = &v + return s +} + +// SetLoggingConfiguration sets the LoggingConfiguration field's value. +func (s *AwsStepFunctionStateMachineDetails) SetLoggingConfiguration(v *AwsStepFunctionStateMachineLoggingConfigurationDetails) *AwsStepFunctionStateMachineDetails { + s.LoggingConfiguration = v + return s +} + +// SetName sets the Name field's value. +func (s *AwsStepFunctionStateMachineDetails) SetName(v string) *AwsStepFunctionStateMachineDetails { + s.Name = &v + return s +} + +// SetRoleArn sets the RoleArn field's value. +func (s *AwsStepFunctionStateMachineDetails) SetRoleArn(v string) *AwsStepFunctionStateMachineDetails { + s.RoleArn = &v + return s +} + +// SetStateMachineArn sets the StateMachineArn field's value. +func (s *AwsStepFunctionStateMachineDetails) SetStateMachineArn(v string) *AwsStepFunctionStateMachineDetails { + s.StateMachineArn = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *AwsStepFunctionStateMachineDetails) SetStatus(v string) *AwsStepFunctionStateMachineDetails { + s.Status = &v + return s +} + +// SetTracingConfiguration sets the TracingConfiguration field's value. +func (s *AwsStepFunctionStateMachineDetails) SetTracingConfiguration(v *AwsStepFunctionStateMachineTracingConfigurationDetails) *AwsStepFunctionStateMachineDetails { + s.TracingConfiguration = v + return s +} + +// SetType sets the Type field's value. +func (s *AwsStepFunctionStateMachineDetails) SetType(v string) *AwsStepFunctionStateMachineDetails { + s.Type = &v + return s +} + +// An object describing a CloudWatch log group. For more information, see Amazon +// Web Services::Logs::LogGroup (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html) +// in the CloudFormation User Guide. +type AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails struct { + _ struct{} `type:"structure"` + + // The ARN (ends with :*) of the CloudWatch Logs log group to which you want + // your logs emitted. + LogGroupArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails) GoString() string { + return s.String() +} + +// SetLogGroupArn sets the LogGroupArn field's value. +func (s *AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails) SetLogGroupArn(v string) *AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails { + s.LogGroupArn = &v + return s +} + +// An array of objects that describes where your execution history events will +// be logged. +type AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails struct { + _ struct{} `type:"structure"` + + // An object describing a CloudWatch Logs log group. For more information, see + // Amazon Web Services::Logs::LogGroup (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html) + // in the CloudFormation User Guide. + CloudWatchLogsLogGroup *AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails) GoString() string { + return s.String() +} + +// SetCloudWatchLogsLogGroup sets the CloudWatchLogsLogGroup field's value. +func (s *AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails) SetCloudWatchLogsLogGroup(v *AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails) *AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails { + s.CloudWatchLogsLogGroup = v + return s +} + +// The LoggingConfiguration data type is used to set CloudWatch Logs options. +type AwsStepFunctionStateMachineLoggingConfigurationDetails struct { + _ struct{} `type:"structure"` + + // An array of objects that describes where your execution history events will + // be logged. + Destinations []*AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails `type:"list"` + + // Determines whether execution data is included in your log. When set to false, + // data is excluded. + IncludeExecutionData *bool `type:"boolean"` + + // Defines which category of execution history events are logged. + Level *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineLoggingConfigurationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineLoggingConfigurationDetails) GoString() string { + return s.String() +} + +// SetDestinations sets the Destinations field's value. +func (s *AwsStepFunctionStateMachineLoggingConfigurationDetails) SetDestinations(v []*AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails) *AwsStepFunctionStateMachineLoggingConfigurationDetails { + s.Destinations = v + return s +} + +// SetIncludeExecutionData sets the IncludeExecutionData field's value. +func (s *AwsStepFunctionStateMachineLoggingConfigurationDetails) SetIncludeExecutionData(v bool) *AwsStepFunctionStateMachineLoggingConfigurationDetails { + s.IncludeExecutionData = &v + return s +} + +// SetLevel sets the Level field's value. +func (s *AwsStepFunctionStateMachineLoggingConfigurationDetails) SetLevel(v string) *AwsStepFunctionStateMachineLoggingConfigurationDetails { + s.Level = &v + return s +} + +// Specifies whether X-Ray tracing is enabled. +type AwsStepFunctionStateMachineTracingConfigurationDetails struct { + _ struct{} `type:"structure"` + + // When set to true, X-Ray tracing is enabled. + Enabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineTracingConfigurationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsStepFunctionStateMachineTracingConfigurationDetails) GoString() string { + return s.String() +} + +// SetEnabled sets the Enabled field's value. +func (s *AwsStepFunctionStateMachineTracingConfigurationDetails) SetEnabled(v bool) *AwsStepFunctionStateMachineTracingConfigurationDetails { + s.Enabled = &v + return s +} + // Details about a rate-based rule for global resources. A rate-based rule provides // settings to indicate when to allow, block, or count a request. Rate-based // rules include the number of requests that arrive over a specified period @@ -38328,6 +42692,96 @@ func (s *AwsXrayEncryptionConfigDetails) SetType(v string) *AwsXrayEncryptionCon return s } +type BatchDeleteAutomationRulesInput struct { + _ struct{} `type:"structure"` + + // A list of Amazon Resource Names (ARNs) for the rules that are to be deleted. + // + // AutomationRulesArns is a required field + AutomationRulesArns []*string `min:"1" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchDeleteAutomationRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchDeleteAutomationRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchDeleteAutomationRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchDeleteAutomationRulesInput"} + if s.AutomationRulesArns == nil { + invalidParams.Add(request.NewErrParamRequired("AutomationRulesArns")) + } + if s.AutomationRulesArns != nil && len(s.AutomationRulesArns) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AutomationRulesArns", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAutomationRulesArns sets the AutomationRulesArns field's value. +func (s *BatchDeleteAutomationRulesInput) SetAutomationRulesArns(v []*string) *BatchDeleteAutomationRulesInput { + s.AutomationRulesArns = v + return s +} + +type BatchDeleteAutomationRulesOutput struct { + _ struct{} `type:"structure"` + + // A list of properly processed rule ARNs. + ProcessedAutomationRules []*string `min:"1" type:"list"` + + // A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter + // tells you which automation rules the request didn't delete and why. + UnprocessedAutomationRules []*UnprocessedAutomationRule `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchDeleteAutomationRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchDeleteAutomationRulesOutput) GoString() string { + return s.String() +} + +// SetProcessedAutomationRules sets the ProcessedAutomationRules field's value. +func (s *BatchDeleteAutomationRulesOutput) SetProcessedAutomationRules(v []*string) *BatchDeleteAutomationRulesOutput { + s.ProcessedAutomationRules = v + return s +} + +// SetUnprocessedAutomationRules sets the UnprocessedAutomationRules field's value. +func (s *BatchDeleteAutomationRulesOutput) SetUnprocessedAutomationRules(v []*UnprocessedAutomationRule) *BatchDeleteAutomationRulesOutput { + s.UnprocessedAutomationRules = v + return s +} + type BatchDisableStandardsInput struct { _ struct{} `type:"structure"` @@ -38498,6 +42952,294 @@ func (s *BatchEnableStandardsOutput) SetStandardsSubscriptions(v []*StandardsSub return s } +type BatchGetAutomationRulesInput struct { + _ struct{} `type:"structure"` + + // A list of rule ARNs to get details for. + // + // AutomationRulesArns is a required field + AutomationRulesArns []*string `min:"1" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetAutomationRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetAutomationRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchGetAutomationRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchGetAutomationRulesInput"} + if s.AutomationRulesArns == nil { + invalidParams.Add(request.NewErrParamRequired("AutomationRulesArns")) + } + if s.AutomationRulesArns != nil && len(s.AutomationRulesArns) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AutomationRulesArns", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAutomationRulesArns sets the AutomationRulesArns field's value. +func (s *BatchGetAutomationRulesInput) SetAutomationRulesArns(v []*string) *BatchGetAutomationRulesInput { + s.AutomationRulesArns = v + return s +} + +type BatchGetAutomationRulesOutput struct { + _ struct{} `type:"structure"` + + // A list of rule details for the provided rule ARNs. + Rules []*AutomationRulesConfig `type:"list"` + + // A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter + // tells you which automation rules the request didn't retrieve and why. + UnprocessedAutomationRules []*UnprocessedAutomationRule `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetAutomationRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetAutomationRulesOutput) GoString() string { + return s.String() +} + +// SetRules sets the Rules field's value. +func (s *BatchGetAutomationRulesOutput) SetRules(v []*AutomationRulesConfig) *BatchGetAutomationRulesOutput { + s.Rules = v + return s +} + +// SetUnprocessedAutomationRules sets the UnprocessedAutomationRules field's value. +func (s *BatchGetAutomationRulesOutput) SetUnprocessedAutomationRules(v []*UnprocessedAutomationRule) *BatchGetAutomationRulesOutput { + s.UnprocessedAutomationRules = v + return s +} + +type BatchGetSecurityControlsInput struct { + _ struct{} `type:"structure"` + + // A list of security controls (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters). The security control ID or Amazon Resource + // Name (ARN) is the same across standards. + // + // SecurityControlIds is a required field + SecurityControlIds []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetSecurityControlsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetSecurityControlsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchGetSecurityControlsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchGetSecurityControlsInput"} + if s.SecurityControlIds == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityControlIds")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecurityControlIds sets the SecurityControlIds field's value. +func (s *BatchGetSecurityControlsInput) SetSecurityControlIds(v []*string) *BatchGetSecurityControlsInput { + s.SecurityControlIds = v + return s +} + +type BatchGetSecurityControlsOutput struct { + _ struct{} `type:"structure"` + + // An array that returns the identifier, Amazon Resource Name (ARN), and other + // details about a security control. The same information is returned whether + // the request includes SecurityControlId or SecurityControlArn. + // + // SecurityControls is a required field + SecurityControls []*SecurityControl `type:"list" required:"true"` + + // A security control (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) for which details cannot be returned. + UnprocessedIds []*UnprocessedSecurityControl `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetSecurityControlsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetSecurityControlsOutput) GoString() string { + return s.String() +} + +// SetSecurityControls sets the SecurityControls field's value. +func (s *BatchGetSecurityControlsOutput) SetSecurityControls(v []*SecurityControl) *BatchGetSecurityControlsOutput { + s.SecurityControls = v + return s +} + +// SetUnprocessedIds sets the UnprocessedIds field's value. +func (s *BatchGetSecurityControlsOutput) SetUnprocessedIds(v []*UnprocessedSecurityControl) *BatchGetSecurityControlsOutput { + s.UnprocessedIds = v + return s +} + +type BatchGetStandardsControlAssociationsInput struct { + _ struct{} `type:"structure"` + + // An array with one or more objects that includes a security control (identified + // with SecurityControlId, SecurityControlArn, or a mix of both parameters) + // and the Amazon Resource Name (ARN) of a standard. This field is used to query + // the enablement status of a control in a specified standard. The security + // control ID or ARN is the same across standards. + // + // StandardsControlAssociationIds is a required field + StandardsControlAssociationIds []*StandardsControlAssociationId `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetStandardsControlAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetStandardsControlAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchGetStandardsControlAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchGetStandardsControlAssociationsInput"} + if s.StandardsControlAssociationIds == nil { + invalidParams.Add(request.NewErrParamRequired("StandardsControlAssociationIds")) + } + if s.StandardsControlAssociationIds != nil { + for i, v := range s.StandardsControlAssociationIds { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StandardsControlAssociationIds", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetStandardsControlAssociationIds sets the StandardsControlAssociationIds field's value. +func (s *BatchGetStandardsControlAssociationsInput) SetStandardsControlAssociationIds(v []*StandardsControlAssociationId) *BatchGetStandardsControlAssociationsInput { + s.StandardsControlAssociationIds = v + return s +} + +type BatchGetStandardsControlAssociationsOutput struct { + _ struct{} `type:"structure"` + + // Provides the enablement status of a security control in a specified standard + // and other details for the control in relation to the specified standard. + // + // StandardsControlAssociationDetails is a required field + StandardsControlAssociationDetails []*StandardsControlAssociationDetail `type:"list" required:"true"` + + // A security control (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) whose enablement status in a specified standard + // cannot be returned. + UnprocessedAssociations []*UnprocessedStandardsControlAssociation `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetStandardsControlAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetStandardsControlAssociationsOutput) GoString() string { + return s.String() +} + +// SetStandardsControlAssociationDetails sets the StandardsControlAssociationDetails field's value. +func (s *BatchGetStandardsControlAssociationsOutput) SetStandardsControlAssociationDetails(v []*StandardsControlAssociationDetail) *BatchGetStandardsControlAssociationsOutput { + s.StandardsControlAssociationDetails = v + return s +} + +// SetUnprocessedAssociations sets the UnprocessedAssociations field's value. +func (s *BatchGetStandardsControlAssociationsOutput) SetUnprocessedAssociations(v []*UnprocessedStandardsControlAssociation) *BatchGetStandardsControlAssociationsOutput { + s.UnprocessedAssociations = v + return s +} + type BatchImportFindingsInput struct { _ struct{} `type:"structure"` @@ -38612,6 +43354,107 @@ func (s *BatchImportFindingsOutput) SetSuccessCount(v int64) *BatchImportFinding return s } +type BatchUpdateAutomationRulesInput struct { + _ struct{} `type:"structure"` + + // An array of ARNs for the rules that are to be updated. Optionally, you can + // also include RuleStatus and RuleOrder. + // + // UpdateAutomationRulesRequestItems is a required field + UpdateAutomationRulesRequestItems []*UpdateAutomationRulesRequestItem `min:"1" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateAutomationRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateAutomationRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchUpdateAutomationRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchUpdateAutomationRulesInput"} + if s.UpdateAutomationRulesRequestItems == nil { + invalidParams.Add(request.NewErrParamRequired("UpdateAutomationRulesRequestItems")) + } + if s.UpdateAutomationRulesRequestItems != nil && len(s.UpdateAutomationRulesRequestItems) < 1 { + invalidParams.Add(request.NewErrParamMinLen("UpdateAutomationRulesRequestItems", 1)) + } + if s.UpdateAutomationRulesRequestItems != nil { + for i, v := range s.UpdateAutomationRulesRequestItems { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "UpdateAutomationRulesRequestItems", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetUpdateAutomationRulesRequestItems sets the UpdateAutomationRulesRequestItems field's value. +func (s *BatchUpdateAutomationRulesInput) SetUpdateAutomationRulesRequestItems(v []*UpdateAutomationRulesRequestItem) *BatchUpdateAutomationRulesInput { + s.UpdateAutomationRulesRequestItems = v + return s +} + +type BatchUpdateAutomationRulesOutput struct { + _ struct{} `type:"structure"` + + // A list of properly processed rule ARNs. + ProcessedAutomationRules []*string `min:"1" type:"list"` + + // A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter + // tells you which automation rules the request didn't update and why. + UnprocessedAutomationRules []*UnprocessedAutomationRule `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateAutomationRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateAutomationRulesOutput) GoString() string { + return s.String() +} + +// SetProcessedAutomationRules sets the ProcessedAutomationRules field's value. +func (s *BatchUpdateAutomationRulesOutput) SetProcessedAutomationRules(v []*string) *BatchUpdateAutomationRulesOutput { + s.ProcessedAutomationRules = v + return s +} + +// SetUnprocessedAutomationRules sets the UnprocessedAutomationRules field's value. +func (s *BatchUpdateAutomationRulesOutput) SetUnprocessedAutomationRules(v []*UnprocessedAutomationRule) *BatchUpdateAutomationRulesOutput { + s.UnprocessedAutomationRules = v + return s +} + type BatchUpdateFindingsInput struct { _ struct{} `type:"structure"` @@ -38941,6 +43784,95 @@ func (s *BatchUpdateFindingsUnprocessedFinding) SetFindingIdentifier(v *AwsSecur return s } +type BatchUpdateStandardsControlAssociationsInput struct { + _ struct{} `type:"structure"` + + // Updates the enablement status of a security control in a specified standard. + // + // StandardsControlAssociationUpdates is a required field + StandardsControlAssociationUpdates []*StandardsControlAssociationUpdate `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateStandardsControlAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateStandardsControlAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchUpdateStandardsControlAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchUpdateStandardsControlAssociationsInput"} + if s.StandardsControlAssociationUpdates == nil { + invalidParams.Add(request.NewErrParamRequired("StandardsControlAssociationUpdates")) + } + if s.StandardsControlAssociationUpdates != nil { + for i, v := range s.StandardsControlAssociationUpdates { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StandardsControlAssociationUpdates", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetStandardsControlAssociationUpdates sets the StandardsControlAssociationUpdates field's value. +func (s *BatchUpdateStandardsControlAssociationsInput) SetStandardsControlAssociationUpdates(v []*StandardsControlAssociationUpdate) *BatchUpdateStandardsControlAssociationsInput { + s.StandardsControlAssociationUpdates = v + return s +} + +type BatchUpdateStandardsControlAssociationsOutput struct { + _ struct{} `type:"structure"` + + // A security control (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) whose enablement status in a specified standard + // couldn't be updated. + UnprocessedAssociationUpdates []*UnprocessedStandardsControlAssociationUpdate `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateStandardsControlAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateStandardsControlAssociationsOutput) GoString() string { + return s.String() +} + +// SetUnprocessedAssociationUpdates sets the UnprocessedAssociationUpdates field's value. +func (s *BatchUpdateStandardsControlAssociationsOutput) SetUnprocessedAssociationUpdates(v []*UnprocessedStandardsControlAssociationUpdate) *BatchUpdateStandardsControlAssociationsOutput { + s.UnprocessedAssociationUpdates = v + return s +} + // Boolean filter for querying findings. type BooleanFilter struct { _ struct{} `type:"structure"` @@ -39363,7 +44295,8 @@ type ContainerDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LaunchedAt *string `type:"string"` // The name of the container related to a finding. @@ -39555,7 +44488,7 @@ func (s *CreateActionTargetInput) SetName(v string) *CreateActionTargetInput { type CreateActionTargetOutput struct { _ struct{} `type:"structure"` - // The ARN for the custom action target. + // The Amazon Resource Name (ARN) for the custom action target. // // ActionTargetArn is a required field ActionTargetArn *string `type:"string" required:"true"` @@ -39585,6 +44518,199 @@ func (s *CreateActionTargetOutput) SetActionTargetArn(v string) *CreateActionTar return s } +type CreateAutomationRuleInput struct { + _ struct{} `type:"structure"` + + // One or more actions to update finding fields if a finding matches the conditions + // specified in Criteria. + // + // Actions is a required field + Actions []*AutomationRulesAction `min:"1" type:"list" required:"true"` + + // A set of ASFF finding field attributes and corresponding expected values + // that Security Hub uses to filter findings. If a finding matches the conditions + // specified in this parameter, Security Hub applies the rule action to the + // finding. + // + // Criteria is a required field + Criteria *AutomationRulesFindingFilters `type:"structure" required:"true"` + + // A description of the rule. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // Specifies whether a rule is the last to be applied with respect to a finding + // that matches the rule criteria. This is useful when a finding matches the + // criteria for multiple rules, and each rule has different actions. If the + // value of this field is set to true for a rule, Security Hub applies the rule + // action to a finding that matches the rule criteria and won't evaluate other + // rules for the finding. The default value of this field is false. + IsTerminal *bool `type:"boolean"` + + // The name of the rule. + // + // RuleName is a required field + RuleName *string `type:"string" required:"true"` + + // An integer ranging from 1 to 1000 that represents the order in which the + // rule action is applied to findings. Security Hub applies rules with lower + // values for this parameter first. + // + // RuleOrder is a required field + RuleOrder *int64 `min:"1" type:"integer" required:"true"` + + // Whether the rule is active after it is created. If this parameter is equal + // to Enabled, Security Hub will apply the rule to findings and finding updates + // after the rule is created. To change the value of this parameter after creating + // a rule, use BatchUpdateAutomationRules. + RuleStatus *string `type:"string" enum:"RuleStatus"` + + // User-defined tags that help you label the purpose of a rule. + Tags map[string]*string `min:"1" type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAutomationRuleInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAutomationRuleInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateAutomationRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateAutomationRuleInput"} + if s.Actions == nil { + invalidParams.Add(request.NewErrParamRequired("Actions")) + } + if s.Actions != nil && len(s.Actions) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Actions", 1)) + } + if s.Criteria == nil { + invalidParams.Add(request.NewErrParamRequired("Criteria")) + } + if s.Description == nil { + invalidParams.Add(request.NewErrParamRequired("Description")) + } + if s.RuleName == nil { + invalidParams.Add(request.NewErrParamRequired("RuleName")) + } + if s.RuleOrder == nil { + invalidParams.Add(request.NewErrParamRequired("RuleOrder")) + } + if s.RuleOrder != nil && *s.RuleOrder < 1 { + invalidParams.Add(request.NewErrParamMinValue("RuleOrder", 1)) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.Actions != nil { + for i, v := range s.Actions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Actions", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetActions sets the Actions field's value. +func (s *CreateAutomationRuleInput) SetActions(v []*AutomationRulesAction) *CreateAutomationRuleInput { + s.Actions = v + return s +} + +// SetCriteria sets the Criteria field's value. +func (s *CreateAutomationRuleInput) SetCriteria(v *AutomationRulesFindingFilters) *CreateAutomationRuleInput { + s.Criteria = v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateAutomationRuleInput) SetDescription(v string) *CreateAutomationRuleInput { + s.Description = &v + return s +} + +// SetIsTerminal sets the IsTerminal field's value. +func (s *CreateAutomationRuleInput) SetIsTerminal(v bool) *CreateAutomationRuleInput { + s.IsTerminal = &v + return s +} + +// SetRuleName sets the RuleName field's value. +func (s *CreateAutomationRuleInput) SetRuleName(v string) *CreateAutomationRuleInput { + s.RuleName = &v + return s +} + +// SetRuleOrder sets the RuleOrder field's value. +func (s *CreateAutomationRuleInput) SetRuleOrder(v int64) *CreateAutomationRuleInput { + s.RuleOrder = &v + return s +} + +// SetRuleStatus sets the RuleStatus field's value. +func (s *CreateAutomationRuleInput) SetRuleStatus(v string) *CreateAutomationRuleInput { + s.RuleStatus = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateAutomationRuleInput) SetTags(v map[string]*string) *CreateAutomationRuleInput { + s.Tags = v + return s +} + +type CreateAutomationRuleOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the automation rule that you created. + RuleArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAutomationRuleOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAutomationRuleOutput) GoString() string { + return s.String() +} + +// SetRuleArn sets the RuleArn field's value. +func (s *CreateAutomationRuleOutput) SetRuleArn(v string) *CreateAutomationRuleOutput { + s.RuleArn = &v + return s +} + type CreateFindingAggregatorInput struct { _ struct{} `type:"structure"` @@ -40146,10 +45272,18 @@ type DateFilter struct { // A date range for the date filter. DateRange *DateRange `type:"structure"` - // An end date for the date filter. + // A timestamp that provides the end date for the date filter. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). End *string `type:"string"` - // A start date for the date filter. + // A timestamp that provides the start date for the date filter. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). Start *string `type:"string"` } @@ -40233,8 +45367,7 @@ func (s *DateRange) SetValue(v int64) *DateRange { type DeclineInvitationsInput struct { _ struct{} `type:"structure"` - // The list of account IDs for the accounts from which to decline the invitations - // to Security Hub. + // The list of prospective member account IDs for which to decline an invitation. // // AccountIds is a required field AccountIds []*string `type:"list" required:"true"` @@ -40312,7 +45445,7 @@ func (s *DeclineInvitationsOutput) SetUnprocessedAccounts(v []*Result) *DeclineI type DeleteActionTargetInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The ARN of the custom action target to delete. + // The Amazon Resource Name (ARN) of the custom action target to delete. // // ActionTargetArn is a required field ActionTargetArn *string `location:"uri" locationName:"ActionTargetArn" type:"string" required:"true"` @@ -40547,7 +45680,8 @@ func (s *DeleteInsightOutput) SetInsightArn(v string) *DeleteInsightOutput { type DeleteInvitationsInput struct { _ struct{} `type:"structure"` - // The list of the account IDs that sent the invitations to delete. + // The list of member account IDs that received the invitations you want to + // delete. // // AccountIds is a required field AccountIds []*string `type:"list" required:"true"` @@ -40851,6 +45985,21 @@ type DescribeHubOutput struct { // If set to false, then new controls are not enabled. AutoEnableControls *bool `type:"boolean"` + // Specifies whether the calling account has consolidated control findings turned + // on. If the value for this field is set to SECURITY_CONTROL, Security Hub + // generates a single finding for a control check even when the check applies + // to multiple enabled standards. + // + // If the value for this field is set to STANDARD_CONTROL, Security Hub generates + // separate findings for a control check when the check applies to multiple + // enabled standards. + // + // The value for this field in a member account matches the value in the administrator + // account. For accounts that aren't part of an organization, the default value + // of this field is SECURITY_CONTROL if you enabled Security Hub on or after + // February 23, 2023. + ControlFindingGenerator *string `type:"string" enum:"ControlFindingGenerator"` + // The ARN of the Hub resource that was retrieved. HubArn *string `type:"string"` @@ -40882,6 +46031,12 @@ func (s *DescribeHubOutput) SetAutoEnableControls(v bool) *DescribeHubOutput { return s } +// SetControlFindingGenerator sets the ControlFindingGenerator field's value. +func (s *DescribeHubOutput) SetControlFindingGenerator(v string) *DescribeHubOutput { + s.ControlFindingGenerator = &v + return s +} + // SetHubArn sets the HubArn field's value. func (s *DescribeHubOutput) SetHubArn(v string) *DescribeHubOutput { s.HubArn = &v @@ -41838,6 +46993,21 @@ func (s EnableOrganizationAdminAccountOutput) GoString() string { type EnableSecurityHubInput struct { _ struct{} `type:"structure"` + // This field, used when enabling Security Hub, specifies whether the calling + // account has consolidated control findings turned on. If the value for this + // field is set to SECURITY_CONTROL, Security Hub generates a single finding + // for a control check even when the check applies to multiple enabled standards. + // + // If the value for this field is set to STANDARD_CONTROL, Security Hub generates + // separate findings for a control check when the check applies to multiple + // enabled standards. + // + // The value for this field in a member account matches the value in the administrator + // account. For accounts that aren't part of an organization, the default value + // of this field is SECURITY_CONTROL if you enabled Security Hub on or after + // February 23, 2023. + ControlFindingGenerator *string `type:"string" enum:"ControlFindingGenerator"` + // Whether to enable the security standards that Security Hub has designated // as automatically enabled. If you do not provide a value for EnableDefaultStandards, // it is set to true. To not enable the automatically enabled standards, set @@ -41879,6 +47049,12 @@ func (s *EnableSecurityHubInput) Validate() error { return nil } +// SetControlFindingGenerator sets the ControlFindingGenerator field's value. +func (s *EnableSecurityHubInput) SetControlFindingGenerator(v string) *EnableSecurityHubInput { + s.ControlFindingGenerator = &v + return s +} + // SetEnableDefaultStandards sets the EnableDefaultStandards field's value. func (s *EnableSecurityHubInput) SetEnableDefaultStandards(v bool) *EnableSecurityHubInput { s.EnableDefaultStandards = &v @@ -42006,6 +47182,202 @@ func (s *FindingAggregator) SetFindingAggregatorArn(v string) *FindingAggregator return s } +// A list of events that changed the specified finding during the specified +// time period. Each record represents a single finding change event. +type FindingHistoryRecord struct { + _ struct{} `type:"structure"` + + // Identifies whether the event marks the creation of a new finding. A value + // of True means that the finding is newly created. A value of False means that + // the finding isn’t newly created. + FindingCreated *bool `type:"boolean"` + + // Identifies which finding to get the finding history for. + FindingIdentifier *AwsSecurityFindingIdentifier `type:"structure"` + + // A token for pagination purposes. Provide this token in the subsequent request + // to GetFindingsHistory (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingsHistory.html) + // to get up to an additional 100 results of history for the same finding that + // you specified in your initial request. + NextToken *string `type:"string"` + + // Identifies the source of the event that changed the finding. For example, + // an integrated Amazon Web Service or third-party partner integration may call + // BatchImportFindings (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html), + // or an Security Hub customer may call BatchUpdateFindings (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html). + UpdateSource *FindingHistoryUpdateSource `type:"structure"` + + // An ISO 8601-formatted timestamp that indicates when Security Hub processed + // the updated finding record. + // + // A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot + // contain spaces, and date and time should be separated by T. For more information, + // see RFC 3339 section 5.6, Internet Date/Time Format (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). + UpdateTime *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // An array of objects that provides details about the finding change event, + // including the Amazon Web Services Security Finding Format (ASFF) field that + // changed, the value of the field before the change, and the value of the field + // after the change. + Updates []*FindingHistoryUpdate `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FindingHistoryRecord) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FindingHistoryRecord) GoString() string { + return s.String() +} + +// SetFindingCreated sets the FindingCreated field's value. +func (s *FindingHistoryRecord) SetFindingCreated(v bool) *FindingHistoryRecord { + s.FindingCreated = &v + return s +} + +// SetFindingIdentifier sets the FindingIdentifier field's value. +func (s *FindingHistoryRecord) SetFindingIdentifier(v *AwsSecurityFindingIdentifier) *FindingHistoryRecord { + s.FindingIdentifier = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *FindingHistoryRecord) SetNextToken(v string) *FindingHistoryRecord { + s.NextToken = &v + return s +} + +// SetUpdateSource sets the UpdateSource field's value. +func (s *FindingHistoryRecord) SetUpdateSource(v *FindingHistoryUpdateSource) *FindingHistoryRecord { + s.UpdateSource = v + return s +} + +// SetUpdateTime sets the UpdateTime field's value. +func (s *FindingHistoryRecord) SetUpdateTime(v time.Time) *FindingHistoryRecord { + s.UpdateTime = &v + return s +} + +// SetUpdates sets the Updates field's value. +func (s *FindingHistoryRecord) SetUpdates(v []*FindingHistoryUpdate) *FindingHistoryRecord { + s.Updates = v + return s +} + +// An array of objects that provides details about a change to a finding, including +// the Amazon Web Services Security Finding Format (ASFF) field that changed, +// the value of the field before the change, and the value of the field after +// the change. +type FindingHistoryUpdate struct { + _ struct{} `type:"structure"` + + // The value of the ASFF field after the finding change event. To preserve storage + // and readability, Security Hub omits this value if FindingHistoryRecord (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_FindingHistoryRecord.html) + // exceeds database limits. + NewValue *string `type:"string"` + + // The value of the ASFF field before the finding change event. + OldValue *string `type:"string"` + + // The ASFF field that changed during the finding change event. + UpdatedField *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FindingHistoryUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FindingHistoryUpdate) GoString() string { + return s.String() +} + +// SetNewValue sets the NewValue field's value. +func (s *FindingHistoryUpdate) SetNewValue(v string) *FindingHistoryUpdate { + s.NewValue = &v + return s +} + +// SetOldValue sets the OldValue field's value. +func (s *FindingHistoryUpdate) SetOldValue(v string) *FindingHistoryUpdate { + s.OldValue = &v + return s +} + +// SetUpdatedField sets the UpdatedField field's value. +func (s *FindingHistoryUpdate) SetUpdatedField(v string) *FindingHistoryUpdate { + s.UpdatedField = &v + return s +} + +// Identifies the source of the finding change event. +type FindingHistoryUpdateSource struct { + _ struct{} `type:"structure"` + + // The identity of the source that initiated the finding change event. For example, + // the Amazon Resource Name (ARN) of a partner that calls BatchImportFindings + // or of a customer that calls BatchUpdateFindings. + Identity *string `type:"string"` + + // Describes the type of finding change event, such as a call to BatchImportFindings + // (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) + // (by an integrated Amazon Web Service or third party partner integration) + // or BatchUpdateFindings (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) + // (by a Security Hub customer). + Type *string `type:"string" enum:"FindingHistoryUpdateSourceType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FindingHistoryUpdateSource) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FindingHistoryUpdateSource) GoString() string { + return s.String() +} + +// SetIdentity sets the Identity field's value. +func (s *FindingHistoryUpdateSource) SetIdentity(v string) *FindingHistoryUpdateSource { + s.Identity = &v + return s +} + +// SetType sets the Type field's value. +func (s *FindingHistoryUpdateSource) SetType(v string) *FindingHistoryUpdateSource { + s.Type = &v + return s +} + // In a BatchImportFindings request, finding providers use FindingProviderFields // to provide and update values for confidence, criticality, related findings, // severity, and types. @@ -42652,6 +48024,175 @@ func (s *GetFindingAggregatorOutput) SetRegions(v []*string) *GetFindingAggregat return s } +type GetFindingHistoryInput struct { + _ struct{} `type:"structure"` + + // An ISO 8601-formatted timestamp that indicates the end time of the requested + // finding history. A correctly formatted example is 2020-05-21T20:16:34.724Z. + // The value cannot contain spaces, and date and time should be separated by + // T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format + // (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). + // + // If you provide values for both StartTime and EndTime, Security Hub returns + // finding history for the specified time period. If you provide a value for + // StartTime but not for EndTime, Security Hub returns finding history from + // the StartTime to the time at which the API is called. If you provide a value + // for EndTime but not for StartTime, Security Hub returns finding history from + // the CreatedAt (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html#securityhub-Type-AwsSecurityFindingFilters-CreatedAt) + // timestamp of the finding to the EndTime. If you provide neither StartTime + // nor EndTime, Security Hub returns finding history from the CreatedAt timestamp + // of the finding to the time at which the API is called. In all of these scenarios, + // the response is limited to 100 results, and the maximum time period is limited + // to 90 days. + EndTime *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // Identifies which finding to get the finding history for. + // + // FindingIdentifier is a required field + FindingIdentifier *AwsSecurityFindingIdentifier `type:"structure" required:"true"` + + // The maximum number of results to be returned. If you don’t provide it, + // Security Hub returns up to 100 results of finding history. + MaxResults *int64 `min:"1" type:"integer"` + + // A token for pagination purposes. Provide NULL as the initial value. In subsequent + // requests, provide the token included in the response to get up to an additional + // 100 results of finding history. If you don’t provide NextToken, Security + // Hub returns up to 100 results of finding history for each request. + NextToken *string `type:"string"` + + // An ISO 8601-formatted timestamp that indicates the start time of the requested + // finding history. A correctly formatted example is 2020-05-21T20:16:34.724Z. + // The value cannot contain spaces, and date and time should be separated by + // T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format + // (https://www.rfc-editor.org/rfc/rfc3339#section-5.6). + // + // If you provide values for both StartTime and EndTime, Security Hub returns + // finding history for the specified time period. If you provide a value for + // StartTime but not for EndTime, Security Hub returns finding history from + // the StartTime to the time at which the API is called. If you provide a value + // for EndTime but not for StartTime, Security Hub returns finding history from + // the CreatedAt (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingFilters.html#securityhub-Type-AwsSecurityFindingFilters-CreatedAt) + // timestamp of the finding to the EndTime. If you provide neither StartTime + // nor EndTime, Security Hub returns finding history from the CreatedAt timestamp + // of the finding to the time at which the API is called. In all of these scenarios, + // the response is limited to 100 results, and the maximum time period is limited + // to 90 days. + StartTime *time.Time `type:"timestamp" timestampFormat:"iso8601"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetFindingHistoryInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetFindingHistoryInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetFindingHistoryInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetFindingHistoryInput"} + if s.FindingIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("FindingIdentifier")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.FindingIdentifier != nil { + if err := s.FindingIdentifier.Validate(); err != nil { + invalidParams.AddNested("FindingIdentifier", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEndTime sets the EndTime field's value. +func (s *GetFindingHistoryInput) SetEndTime(v time.Time) *GetFindingHistoryInput { + s.EndTime = &v + return s +} + +// SetFindingIdentifier sets the FindingIdentifier field's value. +func (s *GetFindingHistoryInput) SetFindingIdentifier(v *AwsSecurityFindingIdentifier) *GetFindingHistoryInput { + s.FindingIdentifier = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetFindingHistoryInput) SetMaxResults(v int64) *GetFindingHistoryInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetFindingHistoryInput) SetNextToken(v string) *GetFindingHistoryInput { + s.NextToken = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *GetFindingHistoryInput) SetStartTime(v time.Time) *GetFindingHistoryInput { + s.StartTime = &v + return s +} + +type GetFindingHistoryOutput struct { + _ struct{} `type:"structure"` + + // A token for pagination purposes. Provide this token in the subsequent request + // to GetFindingsHistory to get up to an additional 100 results of history for + // the same finding that you specified in your initial request. + NextToken *string `type:"string"` + + // A list of events that altered the specified finding during the specified + // time period. + Records []*FindingHistoryRecord `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetFindingHistoryOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetFindingHistoryOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *GetFindingHistoryOutput) SetNextToken(v string) *GetFindingHistoryOutput { + s.NextToken = &v + return s +} + +// SetRecords sets the Records field's value. +func (s *GetFindingHistoryOutput) SetRecords(v []*FindingHistoryRecord) *GetFindingHistoryOutput { + s.Records = v + return s +} + type GetFindingsInput struct { _ struct{} `type:"structure"` @@ -44032,6 +49573,103 @@ func (s *LimitExceededException) RequestID() string { return s.RespMetadata.RequestID } +type ListAutomationRulesInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The maximum number of rules to return in the response. This currently ranges + // from 1 to 100. + MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` + + // A token to specify where to start paginating the response. This is the NextToken + // from a previously truncated response. On your first call to the ListAutomationRules + // API, set the value of this parameter to NULL. + NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAutomationRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAutomationRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAutomationRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAutomationRulesInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAutomationRulesInput) SetMaxResults(v int64) *ListAutomationRulesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAutomationRulesInput) SetNextToken(v string) *ListAutomationRulesInput { + s.NextToken = &v + return s +} + +type ListAutomationRulesOutput struct { + _ struct{} `type:"structure"` + + // Metadata for rules in the calling account. The response includes rules with + // a RuleStatus of ENABLED and DISABLED. + AutomationRulesMetadata []*AutomationRulesMetadata `type:"list"` + + // A pagination token for the response. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAutomationRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAutomationRulesOutput) GoString() string { + return s.String() +} + +// SetAutomationRulesMetadata sets the AutomationRulesMetadata field's value. +func (s *ListAutomationRulesOutput) SetAutomationRulesMetadata(v []*AutomationRulesMetadata) *ListAutomationRulesOutput { + s.AutomationRulesMetadata = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAutomationRulesOutput) SetNextToken(v string) *ListAutomationRulesOutput { + s.NextToken = &v + return s +} + type ListEnabledProductsForImportInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -44535,6 +50173,237 @@ func (s *ListOrganizationAdminAccountsOutput) SetNextToken(v string) *ListOrgani return s } +type ListSecurityControlDefinitionsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // An optional parameter that limits the total results of the API response to + // the specified number. If this parameter isn't provided in the request, the + // results include the first 25 security controls that apply to the specified + // standard. The results also include a NextToken parameter that you can use + // in a subsequent API call to get the next 25 controls. This repeats until + // all controls for the standard are returned. + MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` + + // Optional pagination parameter. + NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` + + // The Amazon Resource Name (ARN) of the standard that you want to view controls + // for. + StandardsArn *string `location:"querystring" locationName:"StandardsArn" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecurityControlDefinitionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecurityControlDefinitionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListSecurityControlDefinitionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListSecurityControlDefinitionsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListSecurityControlDefinitionsInput) SetMaxResults(v int64) *ListSecurityControlDefinitionsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecurityControlDefinitionsInput) SetNextToken(v string) *ListSecurityControlDefinitionsInput { + s.NextToken = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *ListSecurityControlDefinitionsInput) SetStandardsArn(v string) *ListSecurityControlDefinitionsInput { + s.StandardsArn = &v + return s +} + +type ListSecurityControlDefinitionsOutput struct { + _ struct{} `type:"structure"` + + // A pagination parameter that's included in the response only if it was included + // in the request. + NextToken *string `type:"string"` + + // An array of controls that apply to the specified standard. + // + // SecurityControlDefinitions is a required field + SecurityControlDefinitions []*SecurityControlDefinition `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecurityControlDefinitionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecurityControlDefinitionsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecurityControlDefinitionsOutput) SetNextToken(v string) *ListSecurityControlDefinitionsOutput { + s.NextToken = &v + return s +} + +// SetSecurityControlDefinitions sets the SecurityControlDefinitions field's value. +func (s *ListSecurityControlDefinitionsOutput) SetSecurityControlDefinitions(v []*SecurityControlDefinition) *ListSecurityControlDefinitionsOutput { + s.SecurityControlDefinitions = v + return s +} + +type ListStandardsControlAssociationsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // An optional parameter that limits the total results of the API response to + // the specified number. If this parameter isn't provided in the request, the + // results include the first 25 standard and control associations. The results + // also include a NextToken parameter that you can use in a subsequent API call + // to get the next 25 associations. This repeats until all associations for + // the specified control are returned. The number of results is limited by the + // number of supported Security Hub standards that you've enabled in the calling + // account. + MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` + + // Optional pagination parameter. + NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` + + // The identifier of the control (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) that you want to determine the enablement status + // of in each enabled standard. + // + // SecurityControlId is a required field + SecurityControlId *string `location:"querystring" locationName:"SecurityControlId" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListStandardsControlAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListStandardsControlAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListStandardsControlAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListStandardsControlAssociationsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.SecurityControlId == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityControlId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListStandardsControlAssociationsInput) SetMaxResults(v int64) *ListStandardsControlAssociationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListStandardsControlAssociationsInput) SetNextToken(v string) *ListStandardsControlAssociationsInput { + s.NextToken = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *ListStandardsControlAssociationsInput) SetSecurityControlId(v string) *ListStandardsControlAssociationsInput { + s.SecurityControlId = &v + return s +} + +type ListStandardsControlAssociationsOutput struct { + _ struct{} `type:"structure"` + + // A pagination parameter that's included in the response only if it was included + // in the request. + NextToken *string `type:"string"` + + // An array that provides the enablement status and other details for each security + // control that applies to each enabled standard. + // + // StandardsControlAssociationSummaries is a required field + StandardsControlAssociationSummaries []*StandardsControlAssociationSummary `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListStandardsControlAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListStandardsControlAssociationsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListStandardsControlAssociationsOutput) SetNextToken(v string) *ListStandardsControlAssociationsOutput { + s.NextToken = &v + return s +} + +// SetStandardsControlAssociationSummaries sets the StandardsControlAssociationSummaries field's value. +func (s *ListStandardsControlAssociationsOutput) SetStandardsControlAssociationSummaries(v []*StandardsControlAssociationSummary) *ListStandardsControlAssociationsOutput { + s.StandardsControlAssociationSummaries = v + return s +} + type ListTagsForResourceInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -45303,7 +51172,8 @@ type Note struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. // // UpdatedAt is a required field UpdatedAt *string `type:"string" required:"true"` @@ -45649,14 +51519,16 @@ type PatchSummary struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. OperationEndTime *string `type:"string"` // Indicates when the operation started. // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. OperationStartTime *string `type:"string"` // The reboot option specified for the instance. @@ -45944,13 +51816,15 @@ type ProcessDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LaunchedAt *string `type:"string"` // The name of the process. Name *string `type:"string"` - // The parent process ID. + // The parent process ID. This field accepts positive integers between O and + // 2147483647. ParentPid *int64 `type:"integer"` // The path to the process executable. @@ -45963,7 +51837,8 @@ type ProcessDetails struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. TerminatedAt *string `type:"string"` } @@ -46143,6 +52018,38 @@ func (s *Product) SetProductSubscriptionResourcePolicy(v string) *Product { return s } +// Describes a virtual private gateway propagating route. +type PropagatingVgwSetDetails struct { + _ struct{} `type:"structure"` + + // The ID of the virtual private gateway. + GatewayId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PropagatingVgwSetDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PropagatingVgwSetDetails) GoString() string { + return s.String() +} + +// SetGatewayId sets the GatewayId field's value. +func (s *PropagatingVgwSetDetails) SetGatewayId(v string) *PropagatingVgwSetDetails { + s.GatewayId = &v + return s +} + // Identifies where the sensitive data begins and ends. type Range struct { _ struct{} `type:"structure"` @@ -46586,6 +52493,11 @@ func (s *ResourceConflictException) RequestID() string { type ResourceDetails struct { _ struct{} `type:"structure"` + // Provides details about AppSync message broker. A message broker allows software + // applications and components to communicate using various programming languages, + // operating systems, and formal messaging protocols. + AwsAmazonMqBroker *AwsAmazonMqBrokerDetails `type:"structure"` + // Provides information about a REST API in version 1 of Amazon API Gateway. AwsApiGatewayRestApi *AwsApiGatewayRestApiDetails `type:"structure"` @@ -46598,6 +52510,10 @@ type ResourceDetails struct { // Provides information about a version 2 stage for Amazon API Gateway. AwsApiGatewayV2Stage *AwsApiGatewayV2StageDetails `type:"structure"` + // Provides details about an AppSync Graph QL API, which lets you query multiple + // databases, microservices, and APIs from a single GraphQL endpoint. + AwsAppSyncGraphQlApi *AwsAppSyncGraphQlApiDetails `type:"structure"` + // Details for an autoscaling group. AwsAutoScalingAutoScalingGroup *AwsAutoScalingAutoScalingGroupDetails `type:"structure"` @@ -46653,6 +52569,11 @@ type ResourceDetails struct { // Details for an EC2 network interface. AwsEc2NetworkInterface *AwsEc2NetworkInterfaceDetails `type:"structure"` + // Provides details about a route table. A route table contains a set of rules, + // called routes, that determine where to direct network traffic from your subnet + // or gateway. + AwsEc2RouteTable *AwsEc2RouteTableDetails `type:"structure"` + // Details for an EC2 security group. AwsEc2SecurityGroup *AwsEc2SecurityGroupDetails `type:"structure"` @@ -46723,6 +52644,16 @@ type ResourceDetails struct { // Details about a load balancer. AwsElbv2LoadBalancer *AwsElbv2LoadBalancerDetails `type:"structure"` + // A schema defines the structure of events that are sent to Amazon EventBridge. + // Schema registries are containers for schemas. They collect and organize schemas + // so that your schemas are in logical groups. + AwsEventSchemasRegistry *AwsEventSchemasRegistryDetails `type:"structure"` + + // Provides details about an Amazon GuardDuty detector. A detector is an object + // that represents the GuardDuty service. A detector is required for GuardDuty + // to become operational. + AwsGuardDutyDetector *AwsGuardDutyDetectorDetails `type:"structure"` + // Details about an IAM access key related to a finding. AwsIamAccessKey *AwsIamAccessKeyDetails `type:"structure"` @@ -46808,6 +52739,10 @@ type ResourceDetails struct { // patch baseline that was used to patch the instance. AwsSsmPatchCompliance *AwsSsmPatchComplianceDetails `type:"structure"` + // Provides details about an Step Functions state machine, which is a workflow + // consisting of a series of event-driven steps. + AwsStepFunctionStateMachine *AwsStepFunctionStateMachineDetails `type:"structure"` + // Details about a rate-based rule for global resources. AwsWafRateBasedRule *AwsWafRateBasedRuleDetails `type:"structure"` @@ -46890,6 +52825,12 @@ func (s *ResourceDetails) Validate() error { return nil } +// SetAwsAmazonMqBroker sets the AwsAmazonMqBroker field's value. +func (s *ResourceDetails) SetAwsAmazonMqBroker(v *AwsAmazonMqBrokerDetails) *ResourceDetails { + s.AwsAmazonMqBroker = v + return s +} + // SetAwsApiGatewayRestApi sets the AwsApiGatewayRestApi field's value. func (s *ResourceDetails) SetAwsApiGatewayRestApi(v *AwsApiGatewayRestApiDetails) *ResourceDetails { s.AwsApiGatewayRestApi = v @@ -46914,6 +52855,12 @@ func (s *ResourceDetails) SetAwsApiGatewayV2Stage(v *AwsApiGatewayV2StageDetails return s } +// SetAwsAppSyncGraphQlApi sets the AwsAppSyncGraphQlApi field's value. +func (s *ResourceDetails) SetAwsAppSyncGraphQlApi(v *AwsAppSyncGraphQlApiDetails) *ResourceDetails { + s.AwsAppSyncGraphQlApi = v + return s +} + // SetAwsAutoScalingAutoScalingGroup sets the AwsAutoScalingAutoScalingGroup field's value. func (s *ResourceDetails) SetAwsAutoScalingAutoScalingGroup(v *AwsAutoScalingAutoScalingGroupDetails) *ResourceDetails { s.AwsAutoScalingAutoScalingGroup = v @@ -47016,6 +52963,12 @@ func (s *ResourceDetails) SetAwsEc2NetworkInterface(v *AwsEc2NetworkInterfaceDet return s } +// SetAwsEc2RouteTable sets the AwsEc2RouteTable field's value. +func (s *ResourceDetails) SetAwsEc2RouteTable(v *AwsEc2RouteTableDetails) *ResourceDetails { + s.AwsEc2RouteTable = v + return s +} + // SetAwsEc2SecurityGroup sets the AwsEc2SecurityGroup field's value. func (s *ResourceDetails) SetAwsEc2SecurityGroup(v *AwsEc2SecurityGroupDetails) *ResourceDetails { s.AwsEc2SecurityGroup = v @@ -47142,6 +53095,18 @@ func (s *ResourceDetails) SetAwsElbv2LoadBalancer(v *AwsElbv2LoadBalancerDetails return s } +// SetAwsEventSchemasRegistry sets the AwsEventSchemasRegistry field's value. +func (s *ResourceDetails) SetAwsEventSchemasRegistry(v *AwsEventSchemasRegistryDetails) *ResourceDetails { + s.AwsEventSchemasRegistry = v + return s +} + +// SetAwsGuardDutyDetector sets the AwsGuardDutyDetector field's value. +func (s *ResourceDetails) SetAwsGuardDutyDetector(v *AwsGuardDutyDetectorDetails) *ResourceDetails { + s.AwsGuardDutyDetector = v + return s +} + // SetAwsIamAccessKey sets the AwsIamAccessKey field's value. func (s *ResourceDetails) SetAwsIamAccessKey(v *AwsIamAccessKeyDetails) *ResourceDetails { s.AwsIamAccessKey = v @@ -47310,6 +53275,12 @@ func (s *ResourceDetails) SetAwsSsmPatchCompliance(v *AwsSsmPatchComplianceDetai return s } +// SetAwsStepFunctionStateMachine sets the AwsStepFunctionStateMachine field's value. +func (s *ResourceDetails) SetAwsStepFunctionStateMachine(v *AwsStepFunctionStateMachineDetails) *ResourceDetails { + s.AwsStepFunctionStateMachine = v + return s +} + // SetAwsWafRateBasedRule sets the AwsWafRateBasedRule field's value. func (s *ResourceDetails) SetAwsWafRateBasedRule(v *AwsWafRateBasedRuleDetails) *ResourceDetails { s.AwsWafRateBasedRule = v @@ -47495,6 +53466,173 @@ func (s *Result) SetProcessingResult(v string) *Result { return s } +// Provides details about the routes in the route table. +type RouteSetDetails struct { + _ struct{} `type:"structure"` + + // The ID of the carrier gateway. + CarrierGatewayId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the core network. + CoreNetworkArn *string `type:"string"` + + // The IPv4 CIDR block used for the destination match. + DestinationCidrBlock *string `type:"string"` + + // The IPv6 CIDR block used for the destination match. + DestinationIpv6CidrBlock *string `type:"string"` + + // The prefix of the destination Amazon Web Service. + DestinationPrefixListId *string `type:"string"` + + // The ID of the egress-only internet gateway. + EgressOnlyInternetGatewayId *string `type:"string"` + + // The ID of a gateway attached to your VPC. + GatewayId *string `type:"string"` + + // The ID of a NAT instance in your VPC. + InstanceId *string `type:"string"` + + // The ID of the Amazon Web Services account that owns the instance. + InstanceOwnerId *string `type:"string"` + + // The ID of the local gateway. + LocalGatewayId *string `type:"string"` + + // The ID of a NAT gateway. + NatGatewayId *string `type:"string"` + + // The ID of the network interface. + NetworkInterfaceId *string `type:"string"` + + // Describes how the route was created. + Origin *string `type:"string"` + + // The state of the route. + State *string `type:"string"` + + // The ID of a transit gateway. + TransitGatewayId *string `type:"string"` + + // The ID of a VPC peering connection. + VpcPeeringConnectionId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RouteSetDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RouteSetDetails) GoString() string { + return s.String() +} + +// SetCarrierGatewayId sets the CarrierGatewayId field's value. +func (s *RouteSetDetails) SetCarrierGatewayId(v string) *RouteSetDetails { + s.CarrierGatewayId = &v + return s +} + +// SetCoreNetworkArn sets the CoreNetworkArn field's value. +func (s *RouteSetDetails) SetCoreNetworkArn(v string) *RouteSetDetails { + s.CoreNetworkArn = &v + return s +} + +// SetDestinationCidrBlock sets the DestinationCidrBlock field's value. +func (s *RouteSetDetails) SetDestinationCidrBlock(v string) *RouteSetDetails { + s.DestinationCidrBlock = &v + return s +} + +// SetDestinationIpv6CidrBlock sets the DestinationIpv6CidrBlock field's value. +func (s *RouteSetDetails) SetDestinationIpv6CidrBlock(v string) *RouteSetDetails { + s.DestinationIpv6CidrBlock = &v + return s +} + +// SetDestinationPrefixListId sets the DestinationPrefixListId field's value. +func (s *RouteSetDetails) SetDestinationPrefixListId(v string) *RouteSetDetails { + s.DestinationPrefixListId = &v + return s +} + +// SetEgressOnlyInternetGatewayId sets the EgressOnlyInternetGatewayId field's value. +func (s *RouteSetDetails) SetEgressOnlyInternetGatewayId(v string) *RouteSetDetails { + s.EgressOnlyInternetGatewayId = &v + return s +} + +// SetGatewayId sets the GatewayId field's value. +func (s *RouteSetDetails) SetGatewayId(v string) *RouteSetDetails { + s.GatewayId = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *RouteSetDetails) SetInstanceId(v string) *RouteSetDetails { + s.InstanceId = &v + return s +} + +// SetInstanceOwnerId sets the InstanceOwnerId field's value. +func (s *RouteSetDetails) SetInstanceOwnerId(v string) *RouteSetDetails { + s.InstanceOwnerId = &v + return s +} + +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *RouteSetDetails) SetLocalGatewayId(v string) *RouteSetDetails { + s.LocalGatewayId = &v + return s +} + +// SetNatGatewayId sets the NatGatewayId field's value. +func (s *RouteSetDetails) SetNatGatewayId(v string) *RouteSetDetails { + s.NatGatewayId = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *RouteSetDetails) SetNetworkInterfaceId(v string) *RouteSetDetails { + s.NetworkInterfaceId = &v + return s +} + +// SetOrigin sets the Origin field's value. +func (s *RouteSetDetails) SetOrigin(v string) *RouteSetDetails { + s.Origin = &v + return s +} + +// SetState sets the State field's value. +func (s *RouteSetDetails) SetState(v string) *RouteSetDetails { + s.State = &v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *RouteSetDetails) SetTransitGatewayId(v string) *RouteSetDetails { + s.TransitGatewayId = &v + return s +} + +// SetVpcPeeringConnectionId sets the VpcPeeringConnectionId field's value. +func (s *RouteSetDetails) SetVpcPeeringConnectionId(v string) *RouteSetDetails { + s.VpcPeeringConnectionId = &v + return s +} + // Details about the rule group. type RuleGroupDetails struct { _ struct{} `type:"structure"` @@ -48373,6 +54511,222 @@ func (s *RuleGroupVariablesPortSetsDetails) SetDefinition(v []*string) *RuleGrou return s } +// A security control in Security Hub describes a security best practice related +// to a specific resource. +type SecurityControl struct { + _ struct{} `type:"structure"` + + // The description of a security control across standards. This typically summarizes + // how Security Hub evaluates the control and the conditions under which it + // produces a failed finding. This parameter doesn't reference a specific standard. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // A link to Security Hub documentation that explains how to remediate a failed + // finding for a security control. + // + // RemediationUrl is a required field + RemediationUrl *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) for a security control across standards, such + // as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This + // parameter doesn't mention a specific standard. + // + // SecurityControlArn is a required field + SecurityControlArn *string `type:"string" required:"true"` + + // The unique identifier of a security control across standards. Values for + // this field typically consist of an Amazon Web Service name and a number, + // such as APIGateway.3. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The status of a security control based on the compliance status of its findings. + // For more information about how control status is determined, see Determining + // the overall status of a control from its findings (https://docs.aws.amazon.com/securityhub/latest/userguide/controls-overall-status.html) + // in the Security Hub User Guide. + // + // SecurityControlStatus is a required field + SecurityControlStatus *string `type:"string" required:"true" enum:"ControlStatus"` + + // The severity of a security control. For more information about how Security + // Hub determines control severity, see Assigning severity to control findings + // (https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity) + // in the Security Hub User Guide. + // + // SeverityRating is a required field + SeverityRating *string `type:"string" required:"true" enum:"SeverityRating"` + + // The title of a security control. + // + // Title is a required field + Title *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityControl) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityControl) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SecurityControl) SetDescription(v string) *SecurityControl { + s.Description = &v + return s +} + +// SetRemediationUrl sets the RemediationUrl field's value. +func (s *SecurityControl) SetRemediationUrl(v string) *SecurityControl { + s.RemediationUrl = &v + return s +} + +// SetSecurityControlArn sets the SecurityControlArn field's value. +func (s *SecurityControl) SetSecurityControlArn(v string) *SecurityControl { + s.SecurityControlArn = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *SecurityControl) SetSecurityControlId(v string) *SecurityControl { + s.SecurityControlId = &v + return s +} + +// SetSecurityControlStatus sets the SecurityControlStatus field's value. +func (s *SecurityControl) SetSecurityControlStatus(v string) *SecurityControl { + s.SecurityControlStatus = &v + return s +} + +// SetSeverityRating sets the SeverityRating field's value. +func (s *SecurityControl) SetSeverityRating(v string) *SecurityControl { + s.SeverityRating = &v + return s +} + +// SetTitle sets the Title field's value. +func (s *SecurityControl) SetTitle(v string) *SecurityControl { + s.Title = &v + return s +} + +// Provides metadata for a security control, including its unique standard-agnostic +// identifier, title, description, severity, availability in Amazon Web Services +// Regions, and a link to remediation steps. +type SecurityControlDefinition struct { + _ struct{} `type:"structure"` + + // Specifies whether a security control is available in the current Amazon Web + // Services Region. + // + // CurrentRegionAvailability is a required field + CurrentRegionAvailability *string `type:"string" required:"true" enum:"RegionAvailabilityStatus"` + + // The description of a security control across standards. This typically summarizes + // how Security Hub evaluates the control and the conditions under which it + // produces a failed finding. This parameter doesn't reference a specific standard. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // A link to Security Hub documentation that explains how to remediate a failed + // finding for a security control. + // + // RemediationUrl is a required field + RemediationUrl *string `type:"string" required:"true"` + + // The unique identifier of a security control across standards. Values for + // this field typically consist of an Amazon Web Service name and a number (for + // example, APIGateway.3). This parameter differs from SecurityControlArn, which + // is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references + // the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3). + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The severity of a security control. For more information about how Security + // Hub determines control severity, see Assigning severity to control findings + // (https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity) + // in the Security Hub User Guide. + // + // SeverityRating is a required field + SeverityRating *string `type:"string" required:"true" enum:"SeverityRating"` + + // The title of a security control. + // + // Title is a required field + Title *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityControlDefinition) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityControlDefinition) GoString() string { + return s.String() +} + +// SetCurrentRegionAvailability sets the CurrentRegionAvailability field's value. +func (s *SecurityControlDefinition) SetCurrentRegionAvailability(v string) *SecurityControlDefinition { + s.CurrentRegionAvailability = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecurityControlDefinition) SetDescription(v string) *SecurityControlDefinition { + s.Description = &v + return s +} + +// SetRemediationUrl sets the RemediationUrl field's value. +func (s *SecurityControlDefinition) SetRemediationUrl(v string) *SecurityControlDefinition { + s.RemediationUrl = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *SecurityControlDefinition) SetSecurityControlId(v string) *SecurityControlDefinition { + s.SecurityControlId = &v + return s +} + +// SetSeverityRating sets the SeverityRating field's value. +func (s *SecurityControlDefinition) SetSeverityRating(v string) *SecurityControlDefinition { + s.SeverityRating = &v + return s +} + +// SetTitle sets the Title field's value. +func (s *SecurityControlDefinition) SetTitle(v string) *SecurityControlDefinition { + s.Title = &v + return s +} + // The list of detected instances of sensitive data. type SensitiveDataDetections struct { _ struct{} `type:"structure"` @@ -48480,7 +54834,7 @@ func (s *SensitiveDataResult) SetTotalCount(v int64) *SensitiveDataResult { // The severity of the finding. // // The finding provider can provide the initial severity. The finding provider -// can only update the severity if it has not been updated using BatchUpdateFindings. +// can only update the severity if it hasn't been updated using BatchUpdateFindings. // // The finding must have either Label or Normalized populated. If only one of // these attributes is populated, then Security Hub automatically populates @@ -49018,6 +55372,411 @@ func (s *StandardsControl) SetTitle(v string) *StandardsControl { return s } +// Provides details about a control's enablement status in a specified standard. +type StandardsControlAssociationDetail struct { + _ struct{} `type:"structure"` + + // Specifies whether a control is enabled or disabled in a specified standard. + // + // AssociationStatus is a required field + AssociationStatus *string `type:"string" required:"true" enum:"AssociationStatus"` + + // The requirement that underlies a control in the compliance framework related + // to the standard. + RelatedRequirements []*string `type:"list"` + + // The ARN of a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. + // This parameter doesn't mention a specific standard. + // + // SecurityControlArn is a required field + SecurityControlArn *string `type:"string" required:"true"` + + // The unique identifier of a security control across standards. Values for + // this field typically consist of an Amazon Web Service name and a number, + // such as APIGateway.3. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) of a security standard. + // + // StandardsArn is a required field + StandardsArn *string `type:"string" required:"true"` + + // Provides the input parameter that Security Hub uses to call the UpdateStandardsControl + // (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html) + // API. This API can be used to enable or disable a control in a specified standard. + StandardsControlArns []*string `type:"list"` + + // The description of a control. This typically summarizes how Security Hub + // evaluates the control and the conditions under which it produces a failed + // finding. This parameter may reference a specific standard. + StandardsControlDescription *string `type:"string"` + + // The title of a control. This field may reference a specific standard. + StandardsControlTitle *string `type:"string"` + + // The time at which the enablement status of the control in the specified standard + // was last updated. + UpdatedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // The reason for updating the enablement status of a control in a specified + // standard. + UpdatedReason *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationDetail) GoString() string { + return s.String() +} + +// SetAssociationStatus sets the AssociationStatus field's value. +func (s *StandardsControlAssociationDetail) SetAssociationStatus(v string) *StandardsControlAssociationDetail { + s.AssociationStatus = &v + return s +} + +// SetRelatedRequirements sets the RelatedRequirements field's value. +func (s *StandardsControlAssociationDetail) SetRelatedRequirements(v []*string) *StandardsControlAssociationDetail { + s.RelatedRequirements = v + return s +} + +// SetSecurityControlArn sets the SecurityControlArn field's value. +func (s *StandardsControlAssociationDetail) SetSecurityControlArn(v string) *StandardsControlAssociationDetail { + s.SecurityControlArn = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *StandardsControlAssociationDetail) SetSecurityControlId(v string) *StandardsControlAssociationDetail { + s.SecurityControlId = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *StandardsControlAssociationDetail) SetStandardsArn(v string) *StandardsControlAssociationDetail { + s.StandardsArn = &v + return s +} + +// SetStandardsControlArns sets the StandardsControlArns field's value. +func (s *StandardsControlAssociationDetail) SetStandardsControlArns(v []*string) *StandardsControlAssociationDetail { + s.StandardsControlArns = v + return s +} + +// SetStandardsControlDescription sets the StandardsControlDescription field's value. +func (s *StandardsControlAssociationDetail) SetStandardsControlDescription(v string) *StandardsControlAssociationDetail { + s.StandardsControlDescription = &v + return s +} + +// SetStandardsControlTitle sets the StandardsControlTitle field's value. +func (s *StandardsControlAssociationDetail) SetStandardsControlTitle(v string) *StandardsControlAssociationDetail { + s.StandardsControlTitle = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *StandardsControlAssociationDetail) SetUpdatedAt(v time.Time) *StandardsControlAssociationDetail { + s.UpdatedAt = &v + return s +} + +// SetUpdatedReason sets the UpdatedReason field's value. +func (s *StandardsControlAssociationDetail) SetUpdatedReason(v string) *StandardsControlAssociationDetail { + s.UpdatedReason = &v + return s +} + +// An array with one or more objects that includes a security control (identified +// with SecurityControlId, SecurityControlArn, or a mix of both parameters) +// and the Amazon Resource Name (ARN) of a standard. The security control ID +// or ARN is the same across standards. +type StandardsControlAssociationId struct { + _ struct{} `type:"structure"` + + // The unique identifier (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) of a security control across standards. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The ARN of a standard. + // + // StandardsArn is a required field + StandardsArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationId) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationId) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StandardsControlAssociationId) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StandardsControlAssociationId"} + if s.SecurityControlId == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityControlId")) + } + if s.StandardsArn == nil { + invalidParams.Add(request.NewErrParamRequired("StandardsArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *StandardsControlAssociationId) SetSecurityControlId(v string) *StandardsControlAssociationId { + s.SecurityControlId = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *StandardsControlAssociationId) SetStandardsArn(v string) *StandardsControlAssociationId { + s.StandardsArn = &v + return s +} + +// An array that provides the enablement status and other details for each control +// that applies to each enabled standard. +type StandardsControlAssociationSummary struct { + _ struct{} `type:"structure"` + + // The enablement status of a control in a specific standard. + // + // AssociationStatus is a required field + AssociationStatus *string `type:"string" required:"true" enum:"AssociationStatus"` + + // The requirement that underlies this control in the compliance framework related + // to the standard. + RelatedRequirements []*string `type:"list"` + + // The ARN of a control, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. + // This parameter doesn't mention a specific standard. + // + // SecurityControlArn is a required field + SecurityControlArn *string `type:"string" required:"true"` + + // A unique standard-agnostic identifier for a control. Values for this field + // typically consist of an Amazon Web Service and a number, such as APIGateway.5. + // This field doesn't reference a specific standard. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) of a standard. + // + // StandardsArn is a required field + StandardsArn *string `type:"string" required:"true"` + + // The description of a control. This typically summarizes how Security Hub + // evaluates the control and the conditions under which it produces a failed + // finding. The parameter may reference a specific standard. + StandardsControlDescription *string `type:"string"` + + // The title of a control. + StandardsControlTitle *string `type:"string"` + + // The last time that a control's enablement status in a specified standard + // was updated. + UpdatedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // The reason for updating the control's enablement status in a specified standard. + UpdatedReason *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationSummary) GoString() string { + return s.String() +} + +// SetAssociationStatus sets the AssociationStatus field's value. +func (s *StandardsControlAssociationSummary) SetAssociationStatus(v string) *StandardsControlAssociationSummary { + s.AssociationStatus = &v + return s +} + +// SetRelatedRequirements sets the RelatedRequirements field's value. +func (s *StandardsControlAssociationSummary) SetRelatedRequirements(v []*string) *StandardsControlAssociationSummary { + s.RelatedRequirements = v + return s +} + +// SetSecurityControlArn sets the SecurityControlArn field's value. +func (s *StandardsControlAssociationSummary) SetSecurityControlArn(v string) *StandardsControlAssociationSummary { + s.SecurityControlArn = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *StandardsControlAssociationSummary) SetSecurityControlId(v string) *StandardsControlAssociationSummary { + s.SecurityControlId = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *StandardsControlAssociationSummary) SetStandardsArn(v string) *StandardsControlAssociationSummary { + s.StandardsArn = &v + return s +} + +// SetStandardsControlDescription sets the StandardsControlDescription field's value. +func (s *StandardsControlAssociationSummary) SetStandardsControlDescription(v string) *StandardsControlAssociationSummary { + s.StandardsControlDescription = &v + return s +} + +// SetStandardsControlTitle sets the StandardsControlTitle field's value. +func (s *StandardsControlAssociationSummary) SetStandardsControlTitle(v string) *StandardsControlAssociationSummary { + s.StandardsControlTitle = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *StandardsControlAssociationSummary) SetUpdatedAt(v time.Time) *StandardsControlAssociationSummary { + s.UpdatedAt = &v + return s +} + +// SetUpdatedReason sets the UpdatedReason field's value. +func (s *StandardsControlAssociationSummary) SetUpdatedReason(v string) *StandardsControlAssociationSummary { + s.UpdatedReason = &v + return s +} + +// An array of requested updates to the enablement status of controls in specified +// standards. The objects in the array include a security control ID, the Amazon +// Resource Name (ARN) of the standard, the requested enablement status, and +// the reason for updating the enablement status. +type StandardsControlAssociationUpdate struct { + _ struct{} `type:"structure"` + + // The desired enablement status of the control in the standard. + // + // AssociationStatus is a required field + AssociationStatus *string `type:"string" required:"true" enum:"AssociationStatus"` + + // The unique identifier for the security control whose enablement status you + // want to update. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) of the standard in which you want to update + // the control's enablement status. + // + // StandardsArn is a required field + StandardsArn *string `type:"string" required:"true"` + + // The reason for updating the control's enablement status in the standard. + UpdatedReason *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationUpdate) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StandardsControlAssociationUpdate) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StandardsControlAssociationUpdate"} + if s.AssociationStatus == nil { + invalidParams.Add(request.NewErrParamRequired("AssociationStatus")) + } + if s.SecurityControlId == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityControlId")) + } + if s.StandardsArn == nil { + invalidParams.Add(request.NewErrParamRequired("StandardsArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssociationStatus sets the AssociationStatus field's value. +func (s *StandardsControlAssociationUpdate) SetAssociationStatus(v string) *StandardsControlAssociationUpdate { + s.AssociationStatus = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *StandardsControlAssociationUpdate) SetSecurityControlId(v string) *StandardsControlAssociationUpdate { + s.SecurityControlId = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *StandardsControlAssociationUpdate) SetStandardsArn(v string) *StandardsControlAssociationUpdate { + s.StandardsArn = &v + return s +} + +// SetUpdatedReason sets the UpdatedReason field's value. +func (s *StandardsControlAssociationUpdate) SetUpdatedReason(v string) *StandardsControlAssociationUpdate { + s.UpdatedReason = &v + return s +} + // Provides details about the management of a security standard. type StandardsManagedBy struct { _ struct{} `type:"structure"` @@ -49654,7 +56413,8 @@ type ThreatIntelIndicator struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. LastObservedAt *string `type:"string"` // The source of the threat intelligence indicator. @@ -49725,6 +56485,235 @@ func (s *ThreatIntelIndicator) SetValue(v string) *ThreatIntelIndicator { return s } +// A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter +// tells you which automation rules the request didn't process and why. +type UnprocessedAutomationRule struct { + _ struct{} `type:"structure"` + + // The error code associated with the unprocessed automation rule. + ErrorCode *int64 `type:"integer"` + + // An error message describing why a request didn't process a specific rule. + ErrorMessage *string `type:"string"` + + // The Amazon Resource Name (ARN) for the unprocessed automation rule. + RuleArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedAutomationRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedAutomationRule) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *UnprocessedAutomationRule) SetErrorCode(v int64) *UnprocessedAutomationRule { + s.ErrorCode = &v + return s +} + +// SetErrorMessage sets the ErrorMessage field's value. +func (s *UnprocessedAutomationRule) SetErrorMessage(v string) *UnprocessedAutomationRule { + s.ErrorMessage = &v + return s +} + +// SetRuleArn sets the RuleArn field's value. +func (s *UnprocessedAutomationRule) SetRuleArn(v string) *UnprocessedAutomationRule { + s.RuleArn = &v + return s +} + +// Provides details about a security control for which a response couldn't be +// returned. +type UnprocessedSecurityControl struct { + _ struct{} `type:"structure"` + + // The error code for the unprocessed security control. + // + // ErrorCode is a required field + ErrorCode *string `type:"string" required:"true" enum:"UnprocessedErrorCode"` + + // The reason why the security control was unprocessed. + ErrorReason *string `type:"string"` + + // The control (identified with SecurityControlId, SecurityControlArn, or a + // mix of both parameters) for which a response couldn't be returned. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedSecurityControl) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedSecurityControl) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *UnprocessedSecurityControl) SetErrorCode(v string) *UnprocessedSecurityControl { + s.ErrorCode = &v + return s +} + +// SetErrorReason sets the ErrorReason field's value. +func (s *UnprocessedSecurityControl) SetErrorReason(v string) *UnprocessedSecurityControl { + s.ErrorReason = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *UnprocessedSecurityControl) SetSecurityControlId(v string) *UnprocessedSecurityControl { + s.SecurityControlId = &v + return s +} + +// Provides details about which control's enablement status couldn't be retrieved +// in a specified standard when calling BatchUpdateStandardsControlAssociations +// (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html). +// This parameter also provides details about why the request was unprocessed. +type UnprocessedStandardsControlAssociation struct { + _ struct{} `type:"structure"` + + // The error code for the unprocessed standard and control association. + // + // ErrorCode is a required field + ErrorCode *string `type:"string" required:"true" enum:"UnprocessedErrorCode"` + + // The reason why the standard and control association was unprocessed. + ErrorReason *string `type:"string"` + + // An array with one or more objects that includes a security control (identified + // with SecurityControlId, SecurityControlArn, or a mix of both parameters) + // and the Amazon Resource Name (ARN) of a standard. This parameter shows the + // specific controls for which the enablement status couldn't be retrieved in + // specified standards when calling BatchUpdateStandardsControlAssociations + // (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html). + // + // StandardsControlAssociationId is a required field + StandardsControlAssociationId *StandardsControlAssociationId `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedStandardsControlAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedStandardsControlAssociation) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *UnprocessedStandardsControlAssociation) SetErrorCode(v string) *UnprocessedStandardsControlAssociation { + s.ErrorCode = &v + return s +} + +// SetErrorReason sets the ErrorReason field's value. +func (s *UnprocessedStandardsControlAssociation) SetErrorReason(v string) *UnprocessedStandardsControlAssociation { + s.ErrorReason = &v + return s +} + +// SetStandardsControlAssociationId sets the StandardsControlAssociationId field's value. +func (s *UnprocessedStandardsControlAssociation) SetStandardsControlAssociationId(v *StandardsControlAssociationId) *UnprocessedStandardsControlAssociation { + s.StandardsControlAssociationId = v + return s +} + +// Provides details about which control's enablement status could not be updated +// in a specified standard when calling the BatchUpdateStandardsControlAssociations +// (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html) +// API. This parameter also provides details about why the request was unprocessed. +type UnprocessedStandardsControlAssociationUpdate struct { + _ struct{} `type:"structure"` + + // The error code for the unprocessed update of the control's enablement status + // in the specified standard. + // + // ErrorCode is a required field + ErrorCode *string `type:"string" required:"true" enum:"UnprocessedErrorCode"` + + // The reason why a control's enablement status in the specified standard couldn't + // be updated. + ErrorReason *string `type:"string"` + + // An array of control and standard associations for which an update failed + // when calling BatchUpdateStandardsControlAssociations (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html). + // + // StandardsControlAssociationUpdate is a required field + StandardsControlAssociationUpdate *StandardsControlAssociationUpdate `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedStandardsControlAssociationUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedStandardsControlAssociationUpdate) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *UnprocessedStandardsControlAssociationUpdate) SetErrorCode(v string) *UnprocessedStandardsControlAssociationUpdate { + s.ErrorCode = &v + return s +} + +// SetErrorReason sets the ErrorReason field's value. +func (s *UnprocessedStandardsControlAssociationUpdate) SetErrorReason(v string) *UnprocessedStandardsControlAssociationUpdate { + s.ErrorReason = &v + return s +} + +// SetStandardsControlAssociationUpdate sets the StandardsControlAssociationUpdate field's value. +func (s *UnprocessedStandardsControlAssociationUpdate) SetStandardsControlAssociationUpdate(v *StandardsControlAssociationUpdate) *UnprocessedStandardsControlAssociationUpdate { + s.StandardsControlAssociationUpdate = v + return s +} + type UntagResourceInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -49903,6 +56892,146 @@ func (s UpdateActionTargetOutput) GoString() string { return s.String() } +// Specifies the parameters to update in an existing automation rule. +type UpdateAutomationRulesRequestItem struct { + _ struct{} `type:"structure"` + + // One or more actions to update finding fields if a finding matches the conditions + // specified in Criteria. + Actions []*AutomationRulesAction `min:"1" type:"list"` + + // A set of ASFF finding field attributes and corresponding expected values + // that Security Hub uses to filter findings. If a finding matches the conditions + // specified in this parameter, Security Hub applies the rule action to the + // finding. + Criteria *AutomationRulesFindingFilters `type:"structure"` + + // A description of the rule. + Description *string `type:"string"` + + // Specifies whether a rule is the last to be applied with respect to a finding + // that matches the rule criteria. This is useful when a finding matches the + // criteria for multiple rules, and each rule has different actions. If the + // value of this field is set to true for a rule, Security Hub applies the rule + // action to a finding that matches the rule criteria and won't evaluate other + // rules for the finding. The default value of this field is false. + IsTerminal *bool `type:"boolean"` + + // The Amazon Resource Name (ARN) for the rule. + // + // RuleArn is a required field + RuleArn *string `type:"string" required:"true"` + + // The name of the rule. + RuleName *string `type:"string"` + + // An integer ranging from 1 to 1000 that represents the order in which the + // rule action is applied to findings. Security Hub applies rules with lower + // values for this parameter first. + RuleOrder *int64 `min:"1" type:"integer"` + + // Whether the rule is active after it is created. If this parameter is equal + // to ENABLED, Security Hub will apply the rule to findings and finding updates + // after the rule is created. To change the value of this parameter after creating + // a rule, use BatchUpdateAutomationRules. + RuleStatus *string `type:"string" enum:"RuleStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAutomationRulesRequestItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAutomationRulesRequestItem) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateAutomationRulesRequestItem) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateAutomationRulesRequestItem"} + if s.Actions != nil && len(s.Actions) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Actions", 1)) + } + if s.RuleArn == nil { + invalidParams.Add(request.NewErrParamRequired("RuleArn")) + } + if s.RuleOrder != nil && *s.RuleOrder < 1 { + invalidParams.Add(request.NewErrParamMinValue("RuleOrder", 1)) + } + if s.Actions != nil { + for i, v := range s.Actions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Actions", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetActions sets the Actions field's value. +func (s *UpdateAutomationRulesRequestItem) SetActions(v []*AutomationRulesAction) *UpdateAutomationRulesRequestItem { + s.Actions = v + return s +} + +// SetCriteria sets the Criteria field's value. +func (s *UpdateAutomationRulesRequestItem) SetCriteria(v *AutomationRulesFindingFilters) *UpdateAutomationRulesRequestItem { + s.Criteria = v + return s +} + +// SetDescription sets the Description field's value. +func (s *UpdateAutomationRulesRequestItem) SetDescription(v string) *UpdateAutomationRulesRequestItem { + s.Description = &v + return s +} + +// SetIsTerminal sets the IsTerminal field's value. +func (s *UpdateAutomationRulesRequestItem) SetIsTerminal(v bool) *UpdateAutomationRulesRequestItem { + s.IsTerminal = &v + return s +} + +// SetRuleArn sets the RuleArn field's value. +func (s *UpdateAutomationRulesRequestItem) SetRuleArn(v string) *UpdateAutomationRulesRequestItem { + s.RuleArn = &v + return s +} + +// SetRuleName sets the RuleName field's value. +func (s *UpdateAutomationRulesRequestItem) SetRuleName(v string) *UpdateAutomationRulesRequestItem { + s.RuleName = &v + return s +} + +// SetRuleOrder sets the RuleOrder field's value. +func (s *UpdateAutomationRulesRequestItem) SetRuleOrder(v int64) *UpdateAutomationRulesRequestItem { + s.RuleOrder = &v + return s +} + +// SetRuleStatus sets the RuleStatus field's value. +func (s *UpdateAutomationRulesRequestItem) SetRuleStatus(v string) *UpdateAutomationRulesRequestItem { + s.RuleStatus = &v + return s +} + type UpdateFindingAggregatorInput struct { _ struct{} `type:"structure"` @@ -50344,6 +57473,19 @@ type UpdateSecurityHubConfigurationInput struct { // By default, this is set to true, and new controls are enabled automatically. // To not automatically enable new controls, set this to false. AutoEnableControls *bool `type:"boolean"` + + // Updates whether the calling account has consolidated control findings turned + // on. If the value for this field is set to SECURITY_CONTROL, Security Hub + // generates a single finding for a control check even when the check applies + // to multiple enabled standards. + // + // If the value for this field is set to STANDARD_CONTROL, Security Hub generates + // separate findings for a control check when the check applies to multiple + // enabled standards. + // + // For accounts that are part of an organization, this value can only be updated + // in the administrator account. + ControlFindingGenerator *string `type:"string" enum:"ControlFindingGenerator"` } // String returns the string representation. @@ -50370,6 +57512,12 @@ func (s *UpdateSecurityHubConfigurationInput) SetAutoEnableControls(v bool) *Upd return s } +// SetControlFindingGenerator sets the ControlFindingGenerator field's value. +func (s *UpdateSecurityHubConfigurationInput) SetControlFindingGenerator(v string) *UpdateSecurityHubConfigurationInput { + s.ControlFindingGenerator = &v + return s +} + type UpdateSecurityHubConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -50773,7 +57921,8 @@ type VulnerabilityVendor struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. VendorCreatedAt *string `type:"string"` // The severity that the vendor assigned to the vulnerability. @@ -50783,7 +57932,8 @@ type VulnerabilityVendor struct { // // Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time // Format (https://tools.ietf.org/html/rfc3339#section-5.6). The value cannot - // contain spaces. For example, 2020-03-22T13:22:13.933Z. + // contain spaces, and date and time should be separated by T. For example, + // 2020-03-22T13:22:13.933Z. VendorUpdatedAt *string `type:"string"` } @@ -51079,6 +58229,22 @@ func AdminStatus_Values() []string { } } +const ( + // AssociationStatusEnabled is a AssociationStatus enum value + AssociationStatusEnabled = "ENABLED" + + // AssociationStatusDisabled is a AssociationStatus enum value + AssociationStatusDisabled = "DISABLED" +) + +// AssociationStatus_Values returns all elements of the AssociationStatus enum +func AssociationStatus_Values() []string { + return []string{ + AssociationStatusEnabled, + AssociationStatusDisabled, + } +} + const ( // AutoEnableStandardsNone is a AutoEnableStandards enum value AutoEnableStandardsNone = "NONE" @@ -51095,6 +58261,18 @@ func AutoEnableStandards_Values() []string { } } +const ( + // AutomationRulesActionTypeFindingFieldsUpdate is a AutomationRulesActionType enum value + AutomationRulesActionTypeFindingFieldsUpdate = "FINDING_FIELDS_UPDATE" +) + +// AutomationRulesActionType_Values returns all elements of the AutomationRulesActionType enum +func AutomationRulesActionType_Values() []string { + return []string{ + AutomationRulesActionTypeFindingFieldsUpdate, + } +} + const ( // AwsIamAccessKeyStatusActive is a AwsIamAccessKeyStatus enum value AwsIamAccessKeyStatusActive = "Active" @@ -51151,6 +58329,22 @@ func ComplianceStatus_Values() []string { } } +const ( + // ControlFindingGeneratorStandardControl is a ControlFindingGenerator enum value + ControlFindingGeneratorStandardControl = "STANDARD_CONTROL" + + // ControlFindingGeneratorSecurityControl is a ControlFindingGenerator enum value + ControlFindingGeneratorSecurityControl = "SECURITY_CONTROL" +) + +// ControlFindingGenerator_Values returns all elements of the ControlFindingGenerator enum +func ControlFindingGenerator_Values() []string { + return []string{ + ControlFindingGeneratorStandardControl, + ControlFindingGeneratorSecurityControl, + } +} + const ( // ControlStatusEnabled is a ControlStatus enum value ControlStatusEnabled = "ENABLED" @@ -51179,6 +58373,22 @@ func DateRangeUnit_Values() []string { } } +const ( + // FindingHistoryUpdateSourceTypeBatchUpdateFindings is a FindingHistoryUpdateSourceType enum value + FindingHistoryUpdateSourceTypeBatchUpdateFindings = "BATCH_UPDATE_FINDINGS" + + // FindingHistoryUpdateSourceTypeBatchImportFindings is a FindingHistoryUpdateSourceType enum value + FindingHistoryUpdateSourceTypeBatchImportFindings = "BATCH_IMPORT_FINDINGS" +) + +// FindingHistoryUpdateSourceType_Values returns all elements of the FindingHistoryUpdateSourceType enum +func FindingHistoryUpdateSourceType_Values() []string { + return []string{ + FindingHistoryUpdateSourceTypeBatchUpdateFindings, + FindingHistoryUpdateSourceTypeBatchImportFindings, + } +} + const ( // IntegrationTypeSendFindingsToSecurityHub is a IntegrationType enum value IntegrationTypeSendFindingsToSecurityHub = "SEND_FINDINGS_TO_SECURITY_HUB" @@ -51355,6 +58565,38 @@ func RecordState_Values() []string { } } +const ( + // RegionAvailabilityStatusAvailable is a RegionAvailabilityStatus enum value + RegionAvailabilityStatusAvailable = "AVAILABLE" + + // RegionAvailabilityStatusUnavailable is a RegionAvailabilityStatus enum value + RegionAvailabilityStatusUnavailable = "UNAVAILABLE" +) + +// RegionAvailabilityStatus_Values returns all elements of the RegionAvailabilityStatus enum +func RegionAvailabilityStatus_Values() []string { + return []string{ + RegionAvailabilityStatusAvailable, + RegionAvailabilityStatusUnavailable, + } +} + +const ( + // RuleStatusEnabled is a RuleStatus enum value + RuleStatusEnabled = "ENABLED" + + // RuleStatusDisabled is a RuleStatus enum value + RuleStatusDisabled = "DISABLED" +) + +// RuleStatus_Values returns all elements of the RuleStatus enum +func RuleStatus_Values() []string { + return []string{ + RuleStatusEnabled, + RuleStatusDisabled, + } +} + const ( // SeverityLabelInformational is a SeverityLabel enum value SeverityLabelInformational = "INFORMATIONAL" @@ -51575,6 +58817,30 @@ func ThreatIntelIndicatorType_Values() []string { } } +const ( + // UnprocessedErrorCodeInvalidInput is a UnprocessedErrorCode enum value + UnprocessedErrorCodeInvalidInput = "INVALID_INPUT" + + // UnprocessedErrorCodeAccessDenied is a UnprocessedErrorCode enum value + UnprocessedErrorCodeAccessDenied = "ACCESS_DENIED" + + // UnprocessedErrorCodeNotFound is a UnprocessedErrorCode enum value + UnprocessedErrorCodeNotFound = "NOT_FOUND" + + // UnprocessedErrorCodeLimitExceeded is a UnprocessedErrorCode enum value + UnprocessedErrorCodeLimitExceeded = "LIMIT_EXCEEDED" +) + +// UnprocessedErrorCode_Values returns all elements of the UnprocessedErrorCode enum +func UnprocessedErrorCode_Values() []string { + return []string{ + UnprocessedErrorCodeInvalidInput, + UnprocessedErrorCodeAccessDenied, + UnprocessedErrorCodeNotFound, + UnprocessedErrorCodeLimitExceeded, + } +} + const ( // VerificationStateUnknown is a VerificationState enum value VerificationStateUnknown = "UNKNOWN" diff --git a/vendor/github.com/aws/aws-sdk-go/service/securityhub/doc.go b/vendor/github.com/aws/aws-sdk-go/service/securityhub/doc.go index f20c741..603def3 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/securityhub/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/securityhub/doc.go @@ -16,8 +16,8 @@ // only in the Amazon Web Services Region that is currently active or in the // specific Amazon Web Services Region that you specify in your request. Any // configuration or settings change that results from the operation is applied -// only to that Region. To make the same change in other Regions, execute the -// same command for each Region to apply the change to. +// only to that Region. To make the same change in other Regions, run the same +// command for each Region in which you want to apply the change. // // For example, if your Region is set to us-west-2, when you use CreateMembers // to add a member account to Security Hub, the association of the member account @@ -27,7 +27,7 @@ // // The following throttling limits apply to using Security Hub API operations. // -// - BatchEnableStandards - RateLimit of 1 request per second, BurstLimit +// - BatchEnableStandards - RateLimit of 1 request per second. BurstLimit // of 1 request per second. // // - GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests @@ -39,7 +39,7 @@ // - BatchUpdateFindings - RateLimit of 10 requests per second. BurstLimit // of 30 requests per second. // -// - UpdateStandardsControl - RateLimit of 1 request per second, BurstLimit +// - UpdateStandardsControl - RateLimit of 1 request per second. BurstLimit // of 5 requests per second. // // - All other operations - RateLimit of 10 requests per second. BurstLimit diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go index b4299d7..844e7b6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go @@ -70,22 +70,16 @@ func (c *SQS) AddPermissionRequest(input *AddPermissionInput) (req *request.Requ // with the Amazon SQS Access Policy Language (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-creating-custom-policies.html) // in the Amazon SQS Developer Guide. // -// - An Amazon SQS policy can have a maximum of 7 actions. +// - An Amazon SQS policy can have a maximum of seven actions per statement. // // - To remove the ability to change queue permissions, you must deny permission // to the AddPermission, RemovePermission, and SetQueueAttributes actions // in your IAM policy. // -// Some actions take lists of parameters. These lists are specified using the -// param.n notation. Values of n are integers starting from 1. For example, -// a parameter list with two elements looks like this: -// -// &AttributeName.1=first -// -// &AttributeName.2=second +// - Amazon SQS AddPermission does not support adding a non-account principal. // // Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -98,7 +92,7 @@ func (c *SQS) AddPermissionRequest(input *AddPermissionInput) (req *request.Requ // Returned Error Codes: // - ErrCodeOverLimit "OverLimit" // The specified action violates a limit. For example, ReceiveMessage returns -// this error if the maximum number of inflight messages is reached and AddPermission +// this error if the maximum number of in flight messages is reached and AddPermission // returns this error if the maximum number of permissions for the queue is // reached. // @@ -124,6 +118,95 @@ func (c *SQS) AddPermissionWithContext(ctx aws.Context, input *AddPermissionInpu return out, req.Send() } +const opCancelMessageMoveTask = "CancelMessageMoveTask" + +// CancelMessageMoveTaskRequest generates a "aws/request.Request" representing the +// client's request for the CancelMessageMoveTask operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CancelMessageMoveTask for more information on using the CancelMessageMoveTask +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CancelMessageMoveTaskRequest method. +// req, resp := client.CancelMessageMoveTaskRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/CancelMessageMoveTask +func (c *SQS) CancelMessageMoveTaskRequest(input *CancelMessageMoveTaskInput) (req *request.Request, output *CancelMessageMoveTaskOutput) { + op := &request.Operation{ + Name: opCancelMessageMoveTask, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CancelMessageMoveTaskInput{} + } + + output = &CancelMessageMoveTaskOutput{} + req = c.newRequest(op, input, output) + return +} + +// CancelMessageMoveTask API operation for Amazon Simple Queue Service. +// +// Cancels a specified message movement task. +// +// - A message movement can only be cancelled when the current status is +// RUNNING. +// +// - Cancelling a message movement task does not revert the messages that +// have already been moved. It can only stop the messages that have not been +// moved yet. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Queue Service's +// API operation CancelMessageMoveTask for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// One or more specified resources don't exist. +// +// - ErrCodeUnsupportedOperation "AWS.SimpleQueueService.UnsupportedOperation" +// Error code 400. Unsupported operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/CancelMessageMoveTask +func (c *SQS) CancelMessageMoveTask(input *CancelMessageMoveTaskInput) (*CancelMessageMoveTaskOutput, error) { + req, out := c.CancelMessageMoveTaskRequest(input) + return out, req.Send() +} + +// CancelMessageMoveTaskWithContext is the same as CancelMessageMoveTask with the addition of +// the ability to pass a context and additional request options. +// +// See CancelMessageMoveTask for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SQS) CancelMessageMoveTaskWithContext(ctx aws.Context, input *CancelMessageMoveTaskInput, opts ...request.Option) (*CancelMessageMoveTaskOutput, error) { + req, out := c.CancelMessageMoveTaskRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opChangeMessageVisibility = "ChangeMessageVisibility" // ChangeMessageVisibilityRequest generates a "aws/request.Request" representing the @@ -174,11 +257,13 @@ func (c *SQS) ChangeMessageVisibilityRequest(input *ChangeMessageVisibilityInput // Timeout (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon SQS Developer Guide. // -// For example, you have a message with a visibility timeout of 5 minutes. After -// 3 minutes, you call ChangeMessageVisibility with a timeout of 10 minutes. -// You can continue to call ChangeMessageVisibility to extend the visibility -// timeout to the maximum allowed time. If you try to extend the visibility -// timeout beyond the maximum, your request is rejected. +// For example, if the default timeout for a queue is 60 seconds, 15 seconds +// have elapsed since you received the message, and you send a ChangeMessageVisibility +// call with VisibilityTimeout set to 10 seconds, the 10 seconds begin to count +// from the time that you make the ChangeMessageVisibility call. Thus, any attempt +// to change the visibility timeout or to delete that message 10 seconds after +// you initially change the visibility timeout (a total of 25 seconds) might +// result in an error. // // An Amazon SQS message has three basic states: // @@ -193,20 +278,20 @@ func (c *SQS) ChangeMessageVisibilityRequest(input *ChangeMessageVisibilityInput // 1 and 2). There is no limit to the number of stored messages. A message is // considered to be in flight after it is received from a queue by a consumer, // but not yet deleted from the queue (that is, between states 2 and 3). There -// is a limit to the number of inflight messages. +// is a limit to the number of in flight messages. // -// Limits that apply to inflight messages are unrelated to the unlimited number +// Limits that apply to in flight messages are unrelated to the unlimited number // of stored messages. // // For most standard queues (depending on queue traffic and message backlog), -// there can be a maximum of approximately 120,000 inflight messages (received +// there can be a maximum of approximately 120,000 in flight messages (received // from a queue by a consumer, but not yet deleted from the queue). If you reach // this limit, Amazon SQS returns the OverLimit error message. To avoid reaching // the limit, you should delete messages from the queue after they're processed. // You can also increase the number of queues you use to process your messages. // To request a limit increase, file a support request (https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&limitType=service-code-sqs). // -// For FIFO queues, there can be a maximum of 20,000 inflight messages (received +// For FIFO queues, there can be a maximum of 20,000 in flight messages (received // from a queue by a consumer, but not yet deleted from the queue). If you reach // this limit, Amazon SQS returns no error messages. // @@ -310,14 +395,6 @@ func (c *SQS) ChangeMessageVisibilityBatchRequest(input *ChangeMessageVisibility // actions, you should check for batch errors even when the call returns an // HTTP status code of 200. // -// Some actions take lists of parameters. These lists are specified using the -// param.n notation. Values of n are integers starting from 1. For example, -// a parameter list with two elements looks like this: -// -// &AttributeName.1=first -// -// &AttributeName.2=second -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -438,16 +515,8 @@ func (c *SQS) CreateQueueRequest(input *CreateQueueInput) (req *request.Request, // - If the queue name, attribute names, or attribute values don't match // an existing queue, CreateQueue returns an error. // -// Some actions take lists of parameters. These lists are specified using the -// param.n notation. Values of n are integers starting from 1. For example, -// a parameter list with two elements looks like this: -// -// &AttributeName.1=first -// -// &AttributeName.2=second -// // Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -545,7 +614,7 @@ func (c *SQS) DeleteMessageRequest(input *DeleteMessageInput) (req *request.Requ // If you receive a message more than once, the ReceiptHandle is different each // time you receive a message. When you use the DeleteMessage action, you must // provide the most recently received ReceiptHandle for the message (otherwise, -// the request succeeds, but the message might not be deleted). +// the request succeeds, but the message will not be deleted). // // For standard queues, it is possible to receive a message even after you delete // it. This might happen on rare occasions if one of the servers which stores @@ -643,14 +712,6 @@ func (c *SQS) DeleteMessageBatchRequest(input *DeleteMessageBatchInput) (req *re // actions, you should check for batch errors even when the call returns an // HTTP status code of 200. // -// Some actions take lists of parameters. These lists are specified using the -// param.n notation. Values of n are integers starting from 1. For example, -// a parameter list with two elements looks like this: -// -// &AttributeName.1=first -// -// &AttributeName.2=second -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -752,9 +813,11 @@ func (c *SQS) DeleteQueueRequest(input *DeleteQueueInput) (req *request.Request, // a queue with the same name. // // Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // +// The delete operation uses the HTTP GET verb. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1097,6 +1160,89 @@ func (c *SQS) ListDeadLetterSourceQueuesPagesWithContext(ctx aws.Context, input return p.Err() } +const opListMessageMoveTasks = "ListMessageMoveTasks" + +// ListMessageMoveTasksRequest generates a "aws/request.Request" representing the +// client's request for the ListMessageMoveTasks operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListMessageMoveTasks for more information on using the ListMessageMoveTasks +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListMessageMoveTasksRequest method. +// req, resp := client.ListMessageMoveTasksRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ListMessageMoveTasks +func (c *SQS) ListMessageMoveTasksRequest(input *ListMessageMoveTasksInput) (req *request.Request, output *ListMessageMoveTasksOutput) { + op := &request.Operation{ + Name: opListMessageMoveTasks, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ListMessageMoveTasksInput{} + } + + output = &ListMessageMoveTasksOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListMessageMoveTasks API operation for Amazon Simple Queue Service. +// +// Gets the most recent message movement tasks (up to 10) under a specific source +// queue. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Queue Service's +// API operation ListMessageMoveTasks for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// One or more specified resources don't exist. +// +// - ErrCodeUnsupportedOperation "AWS.SimpleQueueService.UnsupportedOperation" +// Error code 400. Unsupported operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/ListMessageMoveTasks +func (c *SQS) ListMessageMoveTasks(input *ListMessageMoveTasksInput) (*ListMessageMoveTasksOutput, error) { + req, out := c.ListMessageMoveTasksRequest(input) + return out, req.Send() +} + +// ListMessageMoveTasksWithContext is the same as ListMessageMoveTasks with the addition of +// the ability to pass a context and additional request options. +// +// See ListMessageMoveTasks for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SQS) ListMessageMoveTasksWithContext(ctx aws.Context, input *ListMessageMoveTasksInput, opts ...request.Option) (*ListMessageMoveTasksOutput, error) { + req, out := c.ListMessageMoveTasksRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opListQueueTags = "ListQueueTags" // ListQueueTagsRequest generates a "aws/request.Request" representing the @@ -1145,7 +1291,7 @@ func (c *SQS) ListQueueTagsRequest(input *ListQueueTagsInput) (req *request.Requ // in the Amazon SQS Developer Guide. // // Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1238,7 +1384,7 @@ func (c *SQS) ListQueuesRequest(input *ListQueuesInput) (req *request.Request, o // request to listQueues to receive the next page of results. // // Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1518,7 +1664,7 @@ func (c *SQS) ReceiveMessageRequest(input *ReceiveMessageInput) (req *request.Re // Returned Error Codes: // - ErrCodeOverLimit "OverLimit" // The specified action violates a limit. For example, ReceiveMessage returns -// this error if the maximum number of inflight messages is reached and AddPermission +// this error if the maximum number of in flight messages is reached and AddPermission // returns this error if the maximum number of permissions for the queue is // reached. // @@ -1594,7 +1740,7 @@ func (c *SQS) RemovePermissionRequest(input *RemovePermissionInput) (req *reques // - Only the owner of a queue can remove permissions from it. // // - Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // // - To remove the ability to change queue permissions, you must deny permission @@ -1762,9 +1908,11 @@ func (c *SQS) SendMessageBatchRequest(input *SendMessageBatchInput) (req *reques // SendMessageBatch API operation for Amazon Simple Queue Service. // -// Delivers up to ten messages to the specified queue. This is a batch version -// of SendMessage. For a FIFO queue, multiple messages within a single batch -// are enqueued in the order they are sent. +// You can use SendMessageBatch to send up to 10 messages to the specified queue +// by assigning either identical or different values to each message (or by +// not assigning values at all). This is a batch version of SendMessage. For +// a FIFO queue, multiple messages within a single batch are enqueued in the +// order they are sent. // // The result of sending each message is reported individually in the response. // Because the batch request can result in a combination of successful and unsuccessful @@ -1773,7 +1921,7 @@ func (c *SQS) SendMessageBatchRequest(input *SendMessageBatchInput) (req *reques // // The maximum allowed individual message size and the maximum total payload // size (the sum of the individual lengths of all of the batched messages) are -// both 256 KB (262,144 bytes). +// both 256 KiB (262,144 bytes). // // A message can include only XML, JSON, and unformatted text. The following // Unicode characters are allowed: @@ -1786,14 +1934,6 @@ func (c *SQS) SendMessageBatchRequest(input *SendMessageBatchInput) (req *reques // If you don't specify the DelaySeconds parameter for an entry, Amazon SQS // uses the default value for the queue. // -// Some actions take lists of parameters. These lists are specified using the -// param.n notation. Values of n are integers starting from 1. For example, -// a parameter list with two elements looks like this: -// -// &AttributeName.1=first -// -// &AttributeName.2=second -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1890,14 +2030,16 @@ func (c *SQS) SetQueueAttributesRequest(input *SetQueueAttributesInput) (req *re // Sets the value of one or more queue attributes. When you change a queue's // attributes, the change can take up to 60 seconds for most of the attributes // to propagate throughout the Amazon SQS system. Changes made to the MessageRetentionPeriod -// attribute can take up to 15 minutes. +// attribute can take up to 15 minutes and will impact existing messages in +// the queue potentially causing them to be expired and deleted if the MessageRetentionPeriod +// is reduced below the age of existing messages. // // - In the future, new attributes might be added. If you write code that // calls this action, we recommend that you structure your code so that it // can handle new attributes gracefully. // // - Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // // - To remove the ability to change queue permissions, you must deny permission @@ -1937,6 +2079,100 @@ func (c *SQS) SetQueueAttributesWithContext(ctx aws.Context, input *SetQueueAttr return out, req.Send() } +const opStartMessageMoveTask = "StartMessageMoveTask" + +// StartMessageMoveTaskRequest generates a "aws/request.Request" representing the +// client's request for the StartMessageMoveTask operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartMessageMoveTask for more information on using the StartMessageMoveTask +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StartMessageMoveTaskRequest method. +// req, resp := client.StartMessageMoveTaskRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/StartMessageMoveTask +func (c *SQS) StartMessageMoveTaskRequest(input *StartMessageMoveTaskInput) (req *request.Request, output *StartMessageMoveTaskOutput) { + op := &request.Operation{ + Name: opStartMessageMoveTask, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StartMessageMoveTaskInput{} + } + + output = &StartMessageMoveTaskOutput{} + req = c.newRequest(op, input, output) + return +} + +// StartMessageMoveTask API operation for Amazon Simple Queue Service. +// +// Starts an asynchronous task to move messages from a specified source queue +// to a specified destination queue. +// +// - This action is currently limited to supporting message redrive from +// dead-letter queues (DLQs) only. In this context, the source queue is the +// dead-letter queue (DLQ), while the destination queue can be the original +// source queue (from which the messages were driven to the dead-letter-queue), +// or a custom destination queue. +// +// - Currently, only standard queues are supported. +// +// - Only one active message movement task is supported per queue at any +// given time. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Queue Service's +// API operation StartMessageMoveTask for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// One or more specified resources don't exist. +// +// - ErrCodeUnsupportedOperation "AWS.SimpleQueueService.UnsupportedOperation" +// Error code 400. Unsupported operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/StartMessageMoveTask +func (c *SQS) StartMessageMoveTask(input *StartMessageMoveTaskInput) (*StartMessageMoveTaskOutput, error) { + req, out := c.StartMessageMoveTaskRequest(input) + return out, req.Send() +} + +// StartMessageMoveTaskWithContext is the same as StartMessageMoveTask with the addition of +// the ability to pass a context and additional request options. +// +// See StartMessageMoveTask for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SQS) StartMessageMoveTaskWithContext(ctx aws.Context, input *StartMessageMoveTaskInput, opts ...request.Option) (*StartMessageMoveTaskOutput, error) { + req, out := c.StartMessageMoveTaskRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opTagQueue = "TagQueue" // TagQueueRequest generates a "aws/request.Request" representing the @@ -2001,7 +2237,7 @@ func (c *SQS) TagQueueRequest(input *TagQueueInput) (req *request.Request, outpu // in the Amazon SQS Developer Guide. // // Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2081,7 +2317,7 @@ func (c *SQS) UntagQueueRequest(input *UntagQueueInput) (req *request.Request, o // in the Amazon SQS Developer Guide. // // Cross-account permissions don't apply to this action. For more information, -// see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2305,10 +2541,87 @@ func (s *BatchResultErrorEntry) SetSenderFault(v bool) *BatchResultErrorEntry { return s } +type CancelMessageMoveTaskInput struct { + _ struct{} `type:"structure"` + + // An identifier associated with a message movement task. + // + // TaskHandle is a required field + TaskHandle *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelMessageMoveTaskInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelMessageMoveTaskInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CancelMessageMoveTaskInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CancelMessageMoveTaskInput"} + if s.TaskHandle == nil { + invalidParams.Add(request.NewErrParamRequired("TaskHandle")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTaskHandle sets the TaskHandle field's value. +func (s *CancelMessageMoveTaskInput) SetTaskHandle(v string) *CancelMessageMoveTaskInput { + s.TaskHandle = &v + return s +} + +type CancelMessageMoveTaskOutput struct { + _ struct{} `type:"structure"` + + // The approximate number of messages already moved to the destination queue. + ApproximateNumberOfMessagesMoved *int64 `type:"long"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelMessageMoveTaskOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelMessageMoveTaskOutput) GoString() string { + return s.String() +} + +// SetApproximateNumberOfMessagesMoved sets the ApproximateNumberOfMessagesMoved field's value. +func (s *CancelMessageMoveTaskOutput) SetApproximateNumberOfMessagesMoved(v int64) *CancelMessageMoveTaskOutput { + s.ApproximateNumberOfMessagesMoved = &v + return s +} + type ChangeMessageVisibilityBatchInput struct { _ struct{} `type:"structure"` - // A list of receipt handles of the messages for which the visibility timeout + // Lists the receipt handles of the messages for which the visibility timeout // must be changed. // // Entries is a required field @@ -2425,17 +2738,7 @@ func (s *ChangeMessageVisibilityBatchOutput) SetSuccessful(v []*ChangeMessageVis return s } -// Encloses a receipt handle and an entry id for each message in ChangeMessageVisibilityBatch. -// -// All of the following list parameters must be prefixed with ChangeMessageVisibilityBatchRequestEntry.n, -// where n is an integer value starting with 1. For example, a parameter list -// for this action might look like this: -// -// &ChangeMessageVisibilityBatchRequestEntry.1.Id=change_visibility_msg_2 -// -// &ChangeMessageVisibilityBatchRequestEntry.1.ReceiptHandle=your_receipt_handle -// -// &ChangeMessageVisibilityBatchRequestEntry.1.VisibilityTimeout=45 +// Encloses a receipt handle and an entry ID for each message in ChangeMessageVisibilityBatch. type ChangeMessageVisibilityBatchRequestEntry struct { _ struct{} `type:"structure"` @@ -2555,8 +2858,8 @@ type ChangeMessageVisibilityInput struct { // QueueUrl is a required field QueueUrl *string `type:"string" required:"true"` - // The receipt handle associated with the message whose visibility timeout is - // changed. This parameter is returned by the ReceiveMessage action. + // The receipt handle associated with the message, whose visibility timeout + // is changed. This parameter is returned by the ReceiveMessage action. // // ReceiptHandle is a required field ReceiptHandle *string `type:"string" required:"true"` @@ -2664,36 +2967,60 @@ type CreateQueueInput struct { // * MessageRetentionPeriod – The length of time, in seconds, for which // Amazon SQS retains a message. Valid values: An integer from 60 seconds // (1 minute) to 1,209,600 seconds (14 days). Default: 345,600 (4 days). + // When you change a queue's attributes, the change can take up to 60 seconds + // for most of the attributes to propagate throughout the Amazon SQS system. + // Changes made to the MessageRetentionPeriod attribute can take up to 15 + // minutes and will impact existing messages in the queue potentially causing + // them to be expired and deleted if the MessageRetentionPeriod is reduced + // below the age of existing messages. // // * Policy – The queue's policy. A valid Amazon Web Services policy. For // more information about policy structure, see Overview of Amazon Web Services // IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) - // in the Amazon IAM User Guide. + // in the IAM User Guide. // // * ReceiveMessageWaitTimeSeconds – The length of time, in seconds, for // which a ReceiveMessage action waits for a message to arrive. Valid values: // An integer from 0 to 20 (seconds). Default: 0. // - // * RedrivePolicy – The string that includes the parameters for the dead-letter - // queue functionality of the source queue as a JSON object. For more information - // about the redrive policy and dead-letter queues, see Using Amazon SQS - // Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) - // in the Amazon SQS Developer Guide. deadLetterTargetArn – The Amazon - // Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves - // messages after the value of maxReceiveCount is exceeded. maxReceiveCount - // – The number of times a message is delivered to the source queue before - // being moved to the dead-letter queue. When the ReceiveCount for a message - // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message - // to the dead-letter-queue. The dead-letter queue of a FIFO queue must also - // be a FIFO queue. Similarly, the dead-letter queue of a standard queue - // must also be a standard queue. - // // * VisibilityTimeout – The visibility timeout for the queue, in seconds. // Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For // more information about the visibility timeout, see Visibility Timeout // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon SQS Developer Guide. // + // The following attributes apply only to dead-letter queues: (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) + // + // * RedrivePolicy – The string that includes the parameters for the dead-letter + // queue functionality of the source queue as a JSON object. The parameters + // are as follows: deadLetterTargetArn – The Amazon Resource Name (ARN) + // of the dead-letter queue to which Amazon SQS moves messages after the + // value of maxReceiveCount is exceeded. maxReceiveCount – The number of + // times a message is delivered to the source queue before being moved to + // the dead-letter queue. Default: 10. When the ReceiveCount for a message + // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message + // to the dead-letter-queue. + // + // * RedriveAllowPolicy – The string that includes the parameters for the + // permissions for the dead-letter queue redrive permission and which source + // queues can specify dead-letter queues as a JSON object. The parameters + // are as follows: redrivePermission – The permission type that defines + // which source queues can specify the current queue as the dead-letter queue. + // Valid values are: allowAll – (Default) Any source queues in this Amazon + // Web Services account in the same Region can specify this queue as the + // dead-letter queue. denyAll – No source queues can specify this queue + // as the dead-letter queue. byQueue – Only queues specified by the sourceQueueArns + // parameter can specify this queue as the dead-letter queue. sourceQueueArns + // – The Amazon Resource Names (ARN)s of the source queues that can specify + // this queue as the dead-letter queue and redrive messages. You can specify + // this parameter only when the redrivePermission parameter is set to byQueue. + // You can specify up to 10 source queue ARNs. To allow more than 10 source + // queues to specify dead-letter queues, set the redrivePermission parameter + // to allowAll. + // + // The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, + // the dead-letter queue of a standard queue must also be a standard queue. + // // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // // * KmsMasterKeyId – The ID of an Amazon Web Services managed customer @@ -2711,11 +3038,11 @@ type CreateQueueInput struct { // Default: 300 (5 minutes). A shorter time period provides better security // but results in more calls to KMS which might incur charges after Free // Tier. For more information, see How Does the Data Key Reuse Period Work? - // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work) // // * SqsManagedSseEnabled – Enables server-side queue encryption using // SQS owned encryption keys. Only one server-side encryption option is supported - // per queue (e.g. SSE-KMS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) + // per queue (for example, SSE-KMS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) // or SSE-SQS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html)). // // The following attributes apply only to FIFO (first-in-first-out) queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): @@ -2809,7 +3136,7 @@ type CreateQueueInput struct { // and sqs:TagQueue permissions. // // Cross-account permissions don't apply to this action. For more information, - // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) + // see Grant cross-account permissions to a role and a username (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon SQS Developer Guide. Tags map[string]*string `locationName:"Tag" locationNameKey:"Key" locationNameValue:"Value" type:"map" flattened:"true"` } @@ -2898,7 +3225,7 @@ func (s *CreateQueueOutput) SetQueueUrl(v string) *CreateQueueOutput { type DeleteMessageBatchInput struct { _ struct{} `type:"structure"` - // A list of receipt handles for the messages to be deleted. + // Lists the receipt handles for the messages to be deleted. // // Entries is a required field Entries []*DeleteMessageBatchRequestEntry `locationNameList:"DeleteMessageBatchRequestEntry" type:"list" flattened:"true" required:"true"` @@ -3018,7 +3345,7 @@ func (s *DeleteMessageBatchOutput) SetSuccessful(v []*DeleteMessageBatchResultEn type DeleteMessageBatchRequestEntry struct { _ struct{} `type:"structure"` - // An identifier for this particular receipt handle. This is used to communicate + // The identifier for this particular receipt handle. This is used to communicate // the result. // // The Ids of a batch request need to be unique within a request. @@ -3274,7 +3601,7 @@ type GetQueueAttributesInput struct { // A list of attributes for which to retrieve information. // - // The AttributeName.N parameter is optional, but if you don't specify values + // The AttributeNames parameter is optional, but if you don't specify values // for this parameter, the request returns empty results. // // In the future, new attributes might be added. If you write code that calls @@ -3284,8 +3611,8 @@ type GetQueueAttributesInput struct { // The following attributes are supported: // // The ApproximateNumberOfMessagesDelayed, ApproximateNumberOfMessagesNotVisible, - // and ApproximateNumberOfMessagesVisible metrics may not achieve consistency - // until at least 1 minute after the producers stop sending messages. This period + // and ApproximateNumberOfMessages metrics may not achieve consistency until + // at least 1 minute after the producers stop sending messages. This period // is required for the queue metadata to reach eventual consistency. // // * All – Returns all values. @@ -3315,7 +3642,12 @@ type GetQueueAttributesInput struct { // can contain before Amazon SQS rejects it. // // * MessageRetentionPeriod – Returns the length of time, in seconds, for - // which Amazon SQS retains a message. + // which Amazon SQS retains a message. When you change a queue's attributes, + // the change can take up to 60 seconds for most of the attributes to propagate + // throughout the Amazon SQS system. Changes made to the MessageRetentionPeriod + // attribute can take up to 15 minutes and will impact existing messages + // in the queue potentially causing them to be expired and deleted if the + // MessageRetentionPeriod is reduced below the age of existing messages. // // * Policy – Returns the policy of the queue. // @@ -3324,23 +3656,43 @@ type GetQueueAttributesInput struct { // * ReceiveMessageWaitTimeSeconds – Returns the length of time, in seconds, // for which the ReceiveMessage action waits for a message to arrive. // - // * RedrivePolicy – The string that includes the parameters for the dead-letter - // queue functionality of the source queue as a JSON object. For more information - // about the redrive policy and dead-letter queues, see Using Amazon SQS - // Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) - // in the Amazon SQS Developer Guide. deadLetterTargetArn – The Amazon - // Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves - // messages after the value of maxReceiveCount is exceeded. maxReceiveCount - // – The number of times a message is delivered to the source queue before - // being moved to the dead-letter queue. When the ReceiveCount for a message - // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message - // to the dead-letter-queue. - // // * VisibilityTimeout – Returns the visibility timeout for the queue. // For more information about the visibility timeout, see Visibility Timeout // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon SQS Developer Guide. // + // The following attributes apply only to dead-letter queues: (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) + // + // * RedrivePolicy – The string that includes the parameters for the dead-letter + // queue functionality of the source queue as a JSON object. The parameters + // are as follows: deadLetterTargetArn – The Amazon Resource Name (ARN) + // of the dead-letter queue to which Amazon SQS moves messages after the + // value of maxReceiveCount is exceeded. maxReceiveCount – The number of + // times a message is delivered to the source queue before being moved to + // the dead-letter queue. Default: 10. When the ReceiveCount for a message + // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message + // to the dead-letter-queue. + // + // * RedriveAllowPolicy – The string that includes the parameters for the + // permissions for the dead-letter queue redrive permission and which source + // queues can specify dead-letter queues as a JSON object. The parameters + // are as follows: redrivePermission – The permission type that defines + // which source queues can specify the current queue as the dead-letter queue. + // Valid values are: allowAll – (Default) Any source queues in this Amazon + // Web Services account in the same Region can specify this queue as the + // dead-letter queue. denyAll – No source queues can specify this queue + // as the dead-letter queue. byQueue – Only queues specified by the sourceQueueArns + // parameter can specify this queue as the dead-letter queue. sourceQueueArns + // – The Amazon Resource Names (ARN)s of the source queues that can specify + // this queue as the dead-letter queue and redrive messages. You can specify + // this parameter only when the redrivePermission parameter is set to byQueue. + // You can specify up to 10 source queue ARNs. To allow more than 10 source + // queues to specify dead-letter queues, set the redrivePermission parameter + // to allowAll. + // + // The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, + // the dead-letter queue of a standard queue must also be a standard queue. + // // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // // * KmsMasterKeyId – Returns the ID of an Amazon Web Services managed @@ -3354,7 +3706,8 @@ type GetQueueAttributesInput struct { // // * SqsManagedSseEnabled – Returns information about whether the queue // is using SSE-SQS encryption using SQS owned encryption keys. Only one - // server-side encryption option is supported per queue (e.g. SSE-KMS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) + // server-side encryption option is supported per queue (for example, SSE-KMS + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) // or SSE-SQS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html)). // // The following attributes apply only to FIFO (first-in-first-out) queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): @@ -3682,6 +4035,207 @@ func (s *ListDeadLetterSourceQueuesOutput) SetQueueUrls(v []*string) *ListDeadLe return s } +type ListMessageMoveTasksInput struct { + _ struct{} `type:"structure"` + + // The maximum number of results to include in the response. The default is + // 1, which provides the most recent message movement task. The upper limit + // is 10. + MaxResults *int64 `type:"integer"` + + // The ARN of the queue whose message movement tasks are to be listed. + // + // SourceArn is a required field + SourceArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListMessageMoveTasksInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListMessageMoveTasksInput"} + if s.SourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("SourceArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListMessageMoveTasksInput) SetMaxResults(v int64) *ListMessageMoveTasksInput { + s.MaxResults = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *ListMessageMoveTasksInput) SetSourceArn(v string) *ListMessageMoveTasksInput { + s.SourceArn = &v + return s +} + +type ListMessageMoveTasksOutput struct { + _ struct{} `type:"structure"` + + // A list of message movement tasks and their attributes. + Results []*ListMessageMoveTasksResultEntry `locationNameList:"ListMessageMoveTasksResultEntry" type:"list" flattened:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksOutput) GoString() string { + return s.String() +} + +// SetResults sets the Results field's value. +func (s *ListMessageMoveTasksOutput) SetResults(v []*ListMessageMoveTasksResultEntry) *ListMessageMoveTasksOutput { + s.Results = v + return s +} + +// Contains the details of a message movement task. +type ListMessageMoveTasksResultEntry struct { + _ struct{} `type:"structure"` + + // The approximate number of messages already moved to the destination queue. + ApproximateNumberOfMessagesMoved *int64 `type:"long"` + + // The number of messages to be moved from the source queue. This number is + // obtained at the time of starting the message movement task. + ApproximateNumberOfMessagesToMove *int64 `type:"long"` + + // The ARN of the destination queue if it has been specified in the StartMessageMoveTask + // request. If a DestinationArn has not been specified in the StartMessageMoveTask + // request, this field value will be NULL. + DestinationArn *string `type:"string"` + + // The task failure reason (only included if the task status is FAILED). + FailureReason *string `type:"string"` + + // The number of messages to be moved per second (the message movement rate), + // if it has been specified in the StartMessageMoveTask request. If a MaxNumberOfMessagesPerSecond + // has not been specified in the StartMessageMoveTask request, this field value + // will be NULL. + MaxNumberOfMessagesPerSecond *int64 `type:"integer"` + + // The ARN of the queue that contains the messages to be moved to another queue. + SourceArn *string `type:"string"` + + // The timestamp of starting the message movement task. + StartedTimestamp *int64 `type:"long"` + + // The status of the message movement task. Possible values are: RUNNING, COMPLETED, + // CANCELLING, CANCELLED, and FAILED. + Status *string `type:"string"` + + // An identifier associated with a message movement task. When this field is + // returned in the response of the ListMessageMoveTasks action, it is only populated + // for tasks that are in RUNNING status. + TaskHandle *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksResultEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMessageMoveTasksResultEntry) GoString() string { + return s.String() +} + +// SetApproximateNumberOfMessagesMoved sets the ApproximateNumberOfMessagesMoved field's value. +func (s *ListMessageMoveTasksResultEntry) SetApproximateNumberOfMessagesMoved(v int64) *ListMessageMoveTasksResultEntry { + s.ApproximateNumberOfMessagesMoved = &v + return s +} + +// SetApproximateNumberOfMessagesToMove sets the ApproximateNumberOfMessagesToMove field's value. +func (s *ListMessageMoveTasksResultEntry) SetApproximateNumberOfMessagesToMove(v int64) *ListMessageMoveTasksResultEntry { + s.ApproximateNumberOfMessagesToMove = &v + return s +} + +// SetDestinationArn sets the DestinationArn field's value. +func (s *ListMessageMoveTasksResultEntry) SetDestinationArn(v string) *ListMessageMoveTasksResultEntry { + s.DestinationArn = &v + return s +} + +// SetFailureReason sets the FailureReason field's value. +func (s *ListMessageMoveTasksResultEntry) SetFailureReason(v string) *ListMessageMoveTasksResultEntry { + s.FailureReason = &v + return s +} + +// SetMaxNumberOfMessagesPerSecond sets the MaxNumberOfMessagesPerSecond field's value. +func (s *ListMessageMoveTasksResultEntry) SetMaxNumberOfMessagesPerSecond(v int64) *ListMessageMoveTasksResultEntry { + s.MaxNumberOfMessagesPerSecond = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *ListMessageMoveTasksResultEntry) SetSourceArn(v string) *ListMessageMoveTasksResultEntry { + s.SourceArn = &v + return s +} + +// SetStartedTimestamp sets the StartedTimestamp field's value. +func (s *ListMessageMoveTasksResultEntry) SetStartedTimestamp(v int64) *ListMessageMoveTasksResultEntry { + s.StartedTimestamp = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ListMessageMoveTasksResultEntry) SetStatus(v string) *ListMessageMoveTasksResultEntry { + s.Status = &v + return s +} + +// SetTaskHandle sets the TaskHandle field's value. +func (s *ListMessageMoveTasksResultEntry) SetTaskHandle(v string) *ListMessageMoveTasksResultEntry { + s.TaskHandle = &v + return s +} + type ListQueueTagsInput struct { _ struct{} `type:"structure"` @@ -3975,7 +4529,7 @@ func (s *Message) SetReceiptHandle(v string) *Message { // // Name, type, value and the message body must not be empty or null. All parts // of the message attribute, including Name, Type, and Value, are part of the -// message size restriction (256 KB or 262,144 bytes). +// message size restriction (256 KiB or 262,144 bytes). type MessageAttributeValue struct { _ struct{} `type:"structure"` @@ -4248,7 +4802,7 @@ type ReceiveMessageInput struct { // // * AWSTraceHeader – Returns the X-Ray trace header string. // - // * SenderId For an IAM user, returns the IAM user ID, for example ABCDEFGHI1JKLMNOPQ23R. + // * SenderId For a user, returns the user ID, for example ABCDEFGHI1JKLMNOPQ23R. // For an IAM role, returns the IAM role ID, for example ABCDE1F2GH3I4JK5LMNOP:i-a123b456. // // * SentTimestamp – Returns the time the message was sent to the queue @@ -4256,7 +4810,7 @@ type ReceiveMessageInput struct { // // * SqsManagedSseEnabled – Enables server-side queue encryption using // SQS owned encryption keys. Only one server-side encryption option is supported - // per queue (e.g. SSE-KMS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) + // per queue (for example, SSE-KMS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) // or SSE-SQS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html)). // // * MessageDeduplicationId – Returns the value provided by the producer @@ -5010,7 +5564,7 @@ type SendMessageInput struct { MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` // The message to send. The minimum size is one character. The maximum size - // is 256 KB. + // is 256 KiB. // // A message can include only XML, JSON, and unformatted text. The following // Unicode characters are allowed: @@ -5313,6 +5867,12 @@ type SetQueueAttributesInput struct { // * MessageRetentionPeriod – The length of time, in seconds, for which // Amazon SQS retains a message. Valid values: An integer representing seconds, // from 60 (1 minute) to 1,209,600 (14 days). Default: 345,600 (4 days). + // When you change a queue's attributes, the change can take up to 60 seconds + // for most of the attributes to propagate throughout the Amazon SQS system. + // Changes made to the MessageRetentionPeriod attribute can take up to 15 + // minutes and will impact existing messages in the queue potentially causing + // them to be expired and deleted if the MessageRetentionPeriod is reduced + // below the age of existing messages. // // * Policy – The queue's policy. A valid Amazon Web Services policy. For // more information about policy structure, see Overview of Amazon Web Services @@ -5323,26 +5883,44 @@ type SetQueueAttributesInput struct { // which a ReceiveMessage action waits for a message to arrive. Valid values: // An integer from 0 to 20 (seconds). Default: 0. // - // * RedrivePolicy – The string that includes the parameters for the dead-letter - // queue functionality of the source queue as a JSON object. For more information - // about the redrive policy and dead-letter queues, see Using Amazon SQS - // Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) - // in the Amazon SQS Developer Guide. deadLetterTargetArn – The Amazon - // Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves - // messages after the value of maxReceiveCount is exceeded. maxReceiveCount - // – The number of times a message is delivered to the source queue before - // being moved to the dead-letter queue. When the ReceiveCount for a message - // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message - // to the dead-letter-queue. The dead-letter queue of a FIFO queue must also - // be a FIFO queue. Similarly, the dead-letter queue of a standard queue - // must also be a standard queue. - // // * VisibilityTimeout – The visibility timeout for the queue, in seconds. // Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For // more information about the visibility timeout, see Visibility Timeout // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon SQS Developer Guide. // + // The following attributes apply only to dead-letter queues: (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) + // + // * RedrivePolicy – The string that includes the parameters for the dead-letter + // queue functionality of the source queue as a JSON object. The parameters + // are as follows: deadLetterTargetArn – The Amazon Resource Name (ARN) + // of the dead-letter queue to which Amazon SQS moves messages after the + // value of maxReceiveCount is exceeded. maxReceiveCount – The number of + // times a message is delivered to the source queue before being moved to + // the dead-letter queue. Default: 10. When the ReceiveCount for a message + // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message + // to the dead-letter-queue. + // + // * RedriveAllowPolicy – The string that includes the parameters for the + // permissions for the dead-letter queue redrive permission and which source + // queues can specify dead-letter queues as a JSON object. The parameters + // are as follows: redrivePermission – The permission type that defines + // which source queues can specify the current queue as the dead-letter queue. + // Valid values are: allowAll – (Default) Any source queues in this Amazon + // Web Services account in the same Region can specify this queue as the + // dead-letter queue. denyAll – No source queues can specify this queue + // as the dead-letter queue. byQueue – Only queues specified by the sourceQueueArns + // parameter can specify this queue as the dead-letter queue. sourceQueueArns + // – The Amazon Resource Names (ARN)s of the source queues that can specify + // this queue as the dead-letter queue and redrive messages. You can specify + // this parameter only when the redrivePermission parameter is set to byQueue. + // You can specify up to 10 source queue ARNs. To allow more than 10 source + // queues to specify dead-letter queues, set the redrivePermission parameter + // to allowAll. + // + // The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, + // the dead-letter queue of a standard queue must also be a standard queue. + // // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // // * KmsMasterKeyId – The ID of an Amazon Web Services managed customer @@ -5364,7 +5942,7 @@ type SetQueueAttributesInput struct { // // * SqsManagedSseEnabled – Enables server-side queue encryption using // SQS owned encryption keys. Only one server-side encryption option is supported - // per queue (e.g. SSE-KMS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) + // per queue (for example, SSE-KMS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) // or SSE-SQS (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html)). // // The following attribute applies only to FIFO (first-in-first-out) queues @@ -5491,6 +6069,111 @@ func (s SetQueueAttributesOutput) GoString() string { return s.String() } +type StartMessageMoveTaskInput struct { + _ struct{} `type:"structure"` + + // The ARN of the queue that receives the moved messages. You can use this field + // to specify the destination queue where you would like to redrive messages. + // If this field is left blank, the messages will be redriven back to their + // respective original source queues. + DestinationArn *string `type:"string"` + + // The number of messages to be moved per second (the message movement rate). + // You can use this field to define a fixed message movement rate. The maximum + // value for messages per second is 500. If this field is left blank, the system + // will optimize the rate based on the queue message backlog size, which may + // vary throughout the duration of the message movement task. + MaxNumberOfMessagesPerSecond *int64 `type:"integer"` + + // The ARN of the queue that contains the messages to be moved to another queue. + // Currently, only dead-letter queue (DLQ) ARNs are accepted. + // + // SourceArn is a required field + SourceArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartMessageMoveTaskInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartMessageMoveTaskInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartMessageMoveTaskInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartMessageMoveTaskInput"} + if s.SourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("SourceArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDestinationArn sets the DestinationArn field's value. +func (s *StartMessageMoveTaskInput) SetDestinationArn(v string) *StartMessageMoveTaskInput { + s.DestinationArn = &v + return s +} + +// SetMaxNumberOfMessagesPerSecond sets the MaxNumberOfMessagesPerSecond field's value. +func (s *StartMessageMoveTaskInput) SetMaxNumberOfMessagesPerSecond(v int64) *StartMessageMoveTaskInput { + s.MaxNumberOfMessagesPerSecond = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *StartMessageMoveTaskInput) SetSourceArn(v string) *StartMessageMoveTaskInput { + s.SourceArn = &v + return s +} + +type StartMessageMoveTaskOutput struct { + _ struct{} `type:"structure"` + + // An identifier associated with a message movement task. You can use this identifier + // to cancel a specified message movement task using the CancelMessageMoveTask + // action. + TaskHandle *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartMessageMoveTaskOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartMessageMoveTaskOutput) GoString() string { + return s.String() +} + +// SetTaskHandle sets the TaskHandle field's value. +func (s *StartMessageMoveTaskOutput) SetTaskHandle(v string) *StartMessageMoveTaskOutput { + s.TaskHandle = &v + return s +} + type TagQueueInput struct { _ struct{} `type:"structure"` @@ -5679,6 +6362,9 @@ const ( // MessageSystemAttributeNameAwstraceHeader is a MessageSystemAttributeName enum value MessageSystemAttributeNameAwstraceHeader = "AWSTraceHeader" + + // MessageSystemAttributeNameDeadLetterQueueSourceArn is a MessageSystemAttributeName enum value + MessageSystemAttributeNameDeadLetterQueueSourceArn = "DeadLetterQueueSourceArn" ) // MessageSystemAttributeName_Values returns all elements of the MessageSystemAttributeName enum @@ -5692,6 +6378,7 @@ func MessageSystemAttributeName_Values() []string { MessageSystemAttributeNameMessageDeduplicationId, MessageSystemAttributeNameMessageGroupId, MessageSystemAttributeNameAwstraceHeader, + MessageSystemAttributeNameDeadLetterQueueSourceArn, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/errors.go index 89eb40d..b32e6d9 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/errors.go @@ -56,7 +56,7 @@ const ( // "OverLimit". // // The specified action violates a limit. For example, ReceiveMessage returns - // this error if the maximum number of inflight messages is reached and AddPermission + // this error if the maximum number of in flight messages is reached and AddPermission // returns this error if the maximum number of permissions for the queue is // reached. ErrCodeOverLimit = "OverLimit" @@ -96,6 +96,12 @@ const ( // The specified receipt handle isn't valid. ErrCodeReceiptHandleIsInvalid = "ReceiptHandleIsInvalid" + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // One or more specified resources don't exist. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" + // ErrCodeTooManyEntriesInBatchRequest for service response error code // "AWS.SimpleQueueService.TooManyEntriesInBatchRequest". // diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 63729d0..7ac6b93 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -85,9 +85,9 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// When you create a role, you create two policies: A role trust policy that -// specifies who can assume the role and a permissions policy that specifies -// what can be done with the role. You specify the trusted principal who is +// When you create a role, you create two policies: a role trust policy that +// specifies who can assume the role, and a permissions policy that specifies +// what can be done with the role. You specify the trusted principal that is // allowed to assume the role in the role trust policy. // // To assume a role from a different account, your Amazon Web Services account @@ -96,9 +96,9 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // are allowed to delegate that access to users in the account. // // A user who wants to access a role in a different account must also have permissions -// that are delegated from the user account administrator. The administrator -// must attach a policy that allows the user to call AssumeRole for the ARN -// of the role in the other account. +// that are delegated from the account administrator. The administrator must +// attach a policy that allows the user to call AssumeRole for the ARN of the +// role in the other account. // // To allow a user to assume a role in the same account, you can do either of // the following: @@ -517,10 +517,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // a user. You can also supply the user with a consistent identity throughout // the lifetime of an application. // -// To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) -// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito -// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) -// in the Amazon Web Services SDK for iOS Developer Guide. +// To learn more about Amazon Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) +// in Amazon Cognito Developer Guide. // // Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web // Services security credentials. Therefore, you can distribute an application @@ -984,11 +982,11 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ // call the operation. // // No permissions are required to perform this operation. If an administrator -// adds a policy to your IAM user or role that explicitly denies access to the -// sts:GetCallerIdentity action, you can still perform this operation. Permissions -// are not required because the same information is returned when an IAM user -// or role is denied access. To view an example response, see I Am Not Authorized -// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) +// attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity +// action, you can still perform this operation. Permissions are not required +// because the same information is returned when access is denied. To view an +// example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1063,18 +1061,26 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // GetFederationToken API operation for AWS Security Token Service. // // Returns a set of temporary security credentials (consisting of an access -// key ID, a secret access key, and a security token) for a federated user. -// A typical use is in a proxy application that gets temporary security credentials -// on behalf of distributed applications inside a corporate network. You must -// call the GetFederationToken operation using the long-term security credentials -// of an IAM user. As a result, this call is appropriate in contexts where those -// credentials can be safely stored, usually in a server-based application. +// key ID, a secret access key, and a security token) for a user. A typical +// use is in a proxy application that gets temporary security credentials on +// behalf of distributed applications inside a corporate network. +// +// You must call the GetFederationToken operation using the long-term security +// credentials of an IAM user. As a result, this call is appropriate in contexts +// where those credentials can be safeguarded, usually in a server-based application. // For a comparison of GetFederationToken with the other API operations that // produce temporary credentials, see Requesting Temporary Security Credentials // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // +// Although it is possible to call GetFederationToken using the security credentials +// of an Amazon Web Services account root user rather than an IAM user that +// you create for the purpose of a proxy application, we do not recommend it. +// For more information, see Safeguard your root user credentials and don't +// use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) +// in the IAM User Guide. +// // You can create a mobile-based or browser-based app that can authenticate // users using a web identity provider like Login with Amazon, Facebook, Google, // or an OpenID Connect-compatible identity provider. In this case, we recommend @@ -1083,21 +1089,13 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) // in the IAM User Guide. // -// You can also call GetFederationToken using the security credentials of an -// Amazon Web Services account root user, but we do not recommend it. Instead, -// we recommend that you create an IAM user for the purpose of the proxy application. -// Then attach a policy to the IAM user that limits federated users to only -// the actions and resources that they need to access. For more information, -// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) -// in the IAM User Guide. -// // # Session duration // // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default // session duration is 43,200 seconds (12 hours). Temporary credentials obtained -// by using the Amazon Web Services account root user credentials have a maximum -// duration of 3,600 seconds (1 hour). +// by using the root user credentials have a maximum duration of 3,600 seconds +// (1 hour). // // # Permissions // @@ -1267,12 +1265,13 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // or IAM user. The credentials consist of an access key ID, a secret access // key, and a security token. Typically, you use GetSessionToken if you want // to use MFA to protect programmatic calls to specific Amazon Web Services -// API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would -// need to call GetSessionToken and submit an MFA code that is associated with -// their MFA device. Using the temporary security credentials that are returned -// from the call, IAM users can then make programmatic calls to API operations -// that require MFA authentication. If you do not supply a correct MFA code, -// then the API returns an access denied error. For a comparison of GetSessionToken +// API operations like Amazon EC2 StopInstances. +// +// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that +// is associated with their MFA device. Using the temporary security credentials +// that the call returns, IAM users can then make programmatic calls to API +// operations that require MFA authentication. An incorrect MFA code causes +// the API to return an access denied error. For a comparison of GetSessionToken // with the other API operations that produce temporary credentials, see Requesting // Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) @@ -1287,13 +1286,12 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // # Session Duration // // The GetSessionToken operation must be called by using the long-term Amazon -// Web Services security credentials of the Amazon Web Services account root -// user or an IAM user. Credentials that are created by IAM users are valid -// for the duration that you specify. This duration can range from 900 seconds -// (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default -// of 43,200 seconds (12 hours). Credentials based on account credentials can -// range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a -// default of 1 hour. +// Web Services security credentials of an IAM user. Credentials that are created +// by IAM users are valid for the duration that you specify. This duration can +// range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 +// hours), with a default of 43,200 seconds (12 hours). Credentials based on +// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds +// (1 hour), with a default of 1 hour. // // # Permissions // @@ -1305,20 +1303,20 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // // - You cannot call any STS API except AssumeRole or GetCallerIdentity. // -// We recommend that you do not call GetSessionToken with Amazon Web Services -// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) -// by creating one or more IAM users, giving them the necessary permissions, -// and using IAM users for everyday interaction with Amazon Web Services. +// The credentials that GetSessionToken returns are based on permissions associated +// with the IAM user whose credentials were used to call the operation. The +// temporary credentials have the same permissions as the IAM user. // -// The credentials that are returned by GetSessionToken are based on permissions -// associated with the user whose credentials were used to call the operation. -// If GetSessionToken is called using Amazon Web Services account root user -// credentials, the temporary credentials have root user permissions. Similarly, -// if GetSessionToken is called using the credentials of an IAM user, the temporary -// credentials have the same permissions as the IAM user. +// Although it is possible to call GetSessionToken using the security credentials +// of an Amazon Web Services account root user rather than an IAM user, we do +// not recommend it. If GetSessionToken is called using root user credentials, +// the temporary credentials have root user permissions. For more information, +// see Safeguard your root user credentials and don't use them for everyday +// tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) +// in the IAM User Guide // // For more information about using GetSessionToken to create temporary credentials, -// go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) +// see Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1900,8 +1898,12 @@ type AssumeRoleWithSAMLInput struct { // For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) // in the IAM User Guide. // + // SAMLAssertion is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AssumeRoleWithSAMLInput's + // String and GoString methods. + // // SAMLAssertion is a required field - SAMLAssertion *string `min:"4" type:"string" required:"true"` + SAMLAssertion *string `min:"4" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -2036,7 +2038,7 @@ type AssumeRoleWithSAMLOutput struct { // IAM. // // The combination of NameQualifier and Subject can be used to uniquely identify - // a federated user. + // a user. // // The following pseudocode shows how the hash value is calculated: // @@ -2266,8 +2268,12 @@ type AssumeRoleWithWebIdentityInput struct { // the user who is using your application with a web identity provider before // the application makes an AssumeRoleWithWebIdentity call. // + // WebIdentityToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AssumeRoleWithWebIdentityInput's + // String and GoString methods. + // // WebIdentityToken is a required field - WebIdentityToken *string `min:"4" type:"string" required:"true"` + WebIdentityToken *string `min:"4" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -2573,8 +2579,12 @@ type Credentials struct { // The secret access key that can be used to sign requests. // + // SecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Credentials's + // String and GoString methods. + // // SecretAccessKey is a required field - SecretAccessKey *string `type:"string" required:"true"` + SecretAccessKey *string `type:"string" required:"true" sensitive:"true"` // The token that users must pass to the service API to use the temporary credentials. // @@ -2922,10 +2932,9 @@ type GetFederationTokenInput struct { // The duration, in seconds, that the session should last. Acceptable durations // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained - // using Amazon Web Services account root user credentials are restricted to - // a maximum of 3,600 seconds (one hour). If the specified duration is longer - // than one hour, the session obtained by using root user credentials defaults - // to one hour. + // using root user credentials are restricted to a maximum of 3,600 seconds + // (one hour). If the specified duration is longer than one hour, the session + // obtained by using root user credentials defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The name of the federated user. The name is used as an identifier for the diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go index c40f5a2..ea1d9eb 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go @@ -4,10 +4,9 @@ // requests to AWS Security Token Service. // // Security Token Service (STS) enables you to request temporary, limited-privilege -// credentials for Identity and Access Management (IAM) users or for users that -// you authenticate (federated users). This guide provides descriptions of the -// STS API. For more information about using this service, see Temporary Security -// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). +// credentials for users. This guide provides descriptions of the STS API. For +// more information about using this service, see Temporary Security Credentials +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). // // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. // diff --git a/vendor/modules.txt b/vendor/modules.txt index 896b5c1..412fe16 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/aws/aws-sdk-go v1.44.199 +# github.com/aws/aws-sdk-go v1.44.289 ## explicit; go 1.11 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn