diff --git a/go.mod b/go.mod index 5c1af9bd3c2..7ce16e475e6 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.18 require ( github.com/IBM/keyprotect-go-client v0.9.2 - github.com/aws/aws-sdk-go v1.44.146 + github.com/aws/aws-sdk-go v1.44.172 github.com/aws/aws-sdk-go-v2/service/sts v1.17.7 github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 // TODO: API for managing subvolume metadata and snapshot metadata requires `ceph_ci_untested` build-tag diff --git a/go.sum b/go.sum index aa13405b775..104a17fc6ad 100644 --- a/go.sum +++ b/go.sum @@ -140,8 +140,8 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:l github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.44.146 h1:7YdGgPxDPRJu/yYffzZp/H7yHzQ6AqmuNFZPYraaN8I= -github.com/aws/aws-sdk-go v1.44.146/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.172 h1:JwhHWVkU/UUq8b4kc2ETzoYg6UXlSslK1EthXcXY8kI= +github.com/aws/aws-sdk-go v1.44.172/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY= github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index a1417674eb5..917df74ae10 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -663,6 +663,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -927,6 +930,25 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "aoss": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "api.detective": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -1456,6 +1478,26 @@ var awsPartition = partition{ }, }, }, + "api.ecr-public": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "api.ecr-public.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "api.ecr-public.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, "api.elastic-inference": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -1789,6 +1831,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -2973,6 +3018,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -3123,6 +3171,37 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "athena": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -4522,6 +4601,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -4909,6 +4991,17 @@ var awsPartition = partition{ }, }, }, + "codecatalyst": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "codecatalyst.global.api.aws", + }, + }, + }, "codecommit": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -5548,6 +5641,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -5648,6 +5744,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -7474,6 +7573,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -9204,6 +9306,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com", }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-central-2.amazonaws.com", + }, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -9348,6 +9459,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-eu-central-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-eu-north-1", }: endpoint{ @@ -11641,12 +11761,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -11656,6 +11782,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -12057,22 +12189,6 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, - endpointKey{ - Region: "dataplane-ap-south-1", - }: endpoint{ - Hostname: "greengrass-ats.iot.ap-south-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-south-1", - }, - }, - endpointKey{ - Region: "dataplane-us-east-2", - }: endpoint{ - Hostname: "greengrass-ats.iot.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -12219,6 +12335,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -12475,12 +12594,18 @@ var awsPartition = partition{ }, "identitystore": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -12490,6 +12615,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -12499,12 +12627,21 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -13769,6 +13906,9 @@ var awsPartition = partition{ }, "kendra": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -14292,6 +14432,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "ap-southeast-4-fips", + }: endpoint{ + Hostname: "kms-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -15137,6 +15286,121 @@ var awsPartition = partition{ }, }, }, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-west-2.amazonaws.com", + }, + }, + }, "license-manager-user-subscriptions": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -15538,6 +15802,10 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -15550,15 +15818,41 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + + Deprecated: boxedTrue, + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{}, }, }, "machinelearning": service{ @@ -15867,6 +16161,9 @@ var awsPartition = partition{ }, "mediaconvert": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, @@ -16438,6 +16735,76 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "mgh": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -16513,6 +16880,42 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "mgn-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "mgn-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "mgn-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "mgn-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -16522,15 +16925,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-west-2.amazonaws.com", + }, }, }, "migrationhub-orchestrator": service{ @@ -16933,6 +17360,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -17164,6 +17594,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -17400,6 +17833,14 @@ var awsPartition = partition{ }, "oidc": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "oidc.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, endpointKey{ Region: "ap-east-1", }: endpoint{ @@ -17456,6 +17897,14 @@ var awsPartition = partition{ Region: "ap-southeast-2", }, }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "oidc.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -17544,6 +17993,14 @@ var awsPartition = partition{ Region: "us-east-2", }, }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "oidc.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, endpointKey{ Region: "us-west-2", }: endpoint{ @@ -18133,6 +18590,79 @@ var awsPartition = partition{ }, }, }, + "pipes": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "polly": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -18256,6 +18786,14 @@ var awsPartition = partition{ }, "portal.sso": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "portal.sso.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, endpointKey{ Region: "ap-east-1", }: endpoint{ @@ -18312,6 +18850,14 @@ var awsPartition = partition{ Region: "ap-southeast-2", }, }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "portal.sso.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -18400,6 +18946,14 @@ var awsPartition = partition{ Region: "us-east-2", }, }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "portal.sso.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, endpointKey{ Region: "us-west-2", }: endpoint{ @@ -18629,12 +19183,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -18669,6 +19229,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -18690,12 +19253,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -18817,6 +19386,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -19865,7 +20437,9 @@ var awsPartition = partition{ }, "resource-explorer-2": service{ Defaults: endpointDefaults{ - defaultKey{}: endpoint{}, + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, defaultKey{ Variant: fipsVariant, }: endpoint{ @@ -20537,6 +21111,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -21659,6 +22236,13 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "sagemaker-geospatial": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "savingsplans": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, @@ -22082,6 +22666,31 @@ var awsPartition = partition{ }, }, }, + "securitylake": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "serverlessrepo": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -22461,33 +23070,102 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.af-south-1.amazonaws.com", + }, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-east-1.amazonaws.com", + }, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-northeast-1.amazonaws.com", + }, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-northeast-2.amazonaws.com", + }, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-northeast-3.amazonaws.com", + }, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-south-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-south-2.amazonaws.com", + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-1.amazonaws.com", + }, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-2.amazonaws.com", + }, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-3.amazonaws.com", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, @@ -22506,30 +23184,102 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-central-2.amazonaws.com", + }, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-north-1.amazonaws.com", + }, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-south-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-south-2.amazonaws.com", + }, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-west-1.amazonaws.com", + }, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-west-2.amazonaws.com", + }, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-west-3.amazonaws.com", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.me-central-1.amazonaws.com", + }, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.me-south-1.amazonaws.com", + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.sa-east-1.amazonaws.com", + }, endpointKey{ Region: "servicediscovery", }: endpoint{ @@ -22560,6 +23310,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-1", Variant: fipsVariant, @@ -22578,6 +23334,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-east-2", Variant: fipsVariant, @@ -22596,6 +23358,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-1", Variant: fipsVariant, @@ -22614,6 +23382,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-west-2.amazonaws.com", + }, endpointKey{ Region: "us-west-2", Variant: fipsVariant, @@ -22686,6 +23460,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -22826,6 +23603,34 @@ var awsPartition = partition{ }, }, }, + "simspaceweaver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "sms": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -22967,6 +23772,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -22976,12 +23787,51 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "sms-voice-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "sms-voice-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "sms-voice-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-west-2.amazonaws.com", + }, }, }, "snowball": service{ @@ -23798,8 +24648,18 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "ssm-sap": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, "sso": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -23821,6 +24681,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -23854,6 +24717,9 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -25471,6 +26337,21 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "voice-chime-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "voice-chime-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25487,12 +26368,12 @@ var awsPartition = partition{ Region: "us-east-1", Variant: fipsVariant, }: endpoint{ - Hostname: "fips.voice-chime.us-east-1.amazonaws.com", + Hostname: "voice-chime-fips.us-east-1.amazonaws.com", }, endpointKey{ Region: "us-east-1-fips", }: endpoint{ - Hostname: "fips.voice-chime.us-east-1.amazonaws.com", + Hostname: "voice-chime-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, @@ -25505,12 +26386,12 @@ var awsPartition = partition{ Region: "us-west-2", Variant: fipsVariant, }: endpoint{ - Hostname: "fips.voice-chime.us-west-2.amazonaws.com", + Hostname: "voice-chime-fips.us-west-2.amazonaws.com", }, endpointKey{ Region: "us-west-2-fips", }: endpoint{ - Hostname: "fips.voice-chime.us-west-2.amazonaws.com", + Hostname: "voice-chime-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, @@ -27463,9 +28344,21 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "autoscaling": service{ @@ -27723,6 +28616,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "dax": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -28063,14 +28966,6 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, - endpointKey{ - Region: "dataplane-cn-north-1", - }: endpoint{ - Hostname: "greengrass.ats.iot.cn-north-1.amazonaws.com.cn", - CredentialScope: credentialScope{ - Region: "cn-north-1", - }, - }, }, }, "guardduty": service{ @@ -28297,6 +29192,16 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "monitoring": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -28422,7 +29327,9 @@ var awscnPartition = partition{ }, "resource-explorer-2": service{ Defaults: endpointDefaults{ - defaultKey{}: endpoint{}, + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, defaultKey{ Variant: fipsVariant, }: endpoint{ @@ -28638,9 +29545,21 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.cn-north-1.amazonaws.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.cn-northwest-1.amazonaws.com.cn", + }, }, }, "sms": service{ @@ -29589,6 +30508,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, @@ -29598,6 +30523,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, @@ -32050,6 +32981,16 @@ var awsusgovPartition = partition{ }: endpoint{}, }, }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "models.lex": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -32333,6 +33274,16 @@ var awsusgovPartition = partition{ }, }, }, + "pi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "pinpoint": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -32619,7 +33570,9 @@ var awsusgovPartition = partition{ }, "resource-explorer-2": service{ Defaults: endpointDefaults{ - defaultKey{}: endpoint{}, + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, defaultKey{ Variant: fipsVariant, }: endpoint{ @@ -33236,6 +34189,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, @@ -33254,6 +34213,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-gov-west-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, @@ -33364,9 +34329,24 @@ var awsusgovPartition = partition{ }, "sms-voice": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "sms-voice-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-gov-west-1.amazonaws.com", + }, }, }, "snowball": service{ @@ -34648,6 +35628,13 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "glue": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, "health": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34769,6 +35756,13 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, "monitoring": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -35023,6 +36017,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, }, @@ -35423,6 +36420,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "monitoring": service{ Endpoints: serviceEndpoints{ endpointKey{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 244216b0940..40188dfb395 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.146" +const SDKVersion = "1.44.172" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go index c0c52e2db0f..4f933f2a1c4 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go @@ -13,10 +13,17 @@ import ( "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" ) +const ( + awsQueryError = "x-amzn-query-error" + // A valid header example - "x-amzn-query-error": ";" + awsQueryErrorPartsCount = 2 +) + // UnmarshalTypedError provides unmarshaling errors API response errors // for both typed and untyped errors. type UnmarshalTypedError struct { exceptions map[string]func(protocol.ResponseMetadata) error + queryExceptions map[string]func(protocol.ResponseMetadata, string) error } // NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the @@ -24,6 +31,21 @@ type UnmarshalTypedError struct { func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError { return &UnmarshalTypedError{ exceptions: exceptions, + queryExceptions: map[string]func(protocol.ResponseMetadata, string) error{}, + } +} + +func NewUnmarshalTypedErrorWithOptions(exceptions map[string]func(protocol.ResponseMetadata) error, optFns ...func(*UnmarshalTypedError)) *UnmarshalTypedError { + unmarshaledError := NewUnmarshalTypedError(exceptions) + for _, fn := range optFns { + fn(unmarshaledError) + } + return unmarshaledError +} + +func WithQueryCompatibility(queryExceptions map[string]func(protocol.ResponseMetadata, string) error) func(*UnmarshalTypedError) { + return func(typedError *UnmarshalTypedError) { + typedError.queryExceptions = queryExceptions } } @@ -50,18 +72,32 @@ func (u *UnmarshalTypedError) UnmarshalError( code := codeParts[len(codeParts)-1] msg := jsonErr.Message + queryCodeParts := queryCodeParts(resp, u) + if fn, ok := u.exceptions[code]; ok { - // If exception code is know, use associated constructor to get a value + // If query-compatible exceptions are found and query-error-header is found, + // then use associated constructor to get exception with query error code. + // + // If exception code is known, use associated constructor to get a value // for the exception that the JSON body can be unmarshaled into. - v := fn(respMeta) + var v error + queryErrFn, queryExceptionsFound := u.queryExceptions[code] + if len(queryCodeParts) == awsQueryErrorPartsCount && queryExceptionsFound { + v = queryErrFn(respMeta, queryCodeParts[0]) + } else { + v = fn(respMeta) + } err := jsonutil.UnmarshalJSONCaseInsensitive(v, body) if err != nil { return nil, err } - return v, nil } + if len(queryCodeParts) == awsQueryErrorPartsCount && len(u.queryExceptions) > 0 { + code = queryCodeParts[0] + } + // fallback to unmodeled generic exceptions return awserr.NewRequestFailure( awserr.New(code, msg, nil), @@ -70,6 +106,16 @@ func (u *UnmarshalTypedError) UnmarshalError( ), nil } +// A valid header example - "x-amzn-query-error": ";" +func queryCodeParts(resp *http.Response, u *UnmarshalTypedError) []string { + queryCodeHeader := resp.Header.Get(awsQueryError) + var queryCodeParts []string + if queryCodeHeader != "" && len(u.queryExceptions) > 0 { + queryCodeParts = strings.Split(queryCodeHeader, ";") + } + return queryCodeParts +} + // UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc // protocol request errors var UnmarshalErrorHandler = request.NamedHandler{ diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 026aa70cc71..ec806017bab 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -2450,6 +2450,81 @@ func (c *EC2) AttachNetworkInterfaceWithContext(ctx aws.Context, input *AttachNe return out, req.Send() } +const opAttachVerifiedAccessTrustProvider = "AttachVerifiedAccessTrustProvider" + +// AttachVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the AttachVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AttachVerifiedAccessTrustProvider for more information on using the AttachVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the AttachVerifiedAccessTrustProviderRequest method. +// req, resp := client.AttachVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachVerifiedAccessTrustProvider +func (c *EC2) AttachVerifiedAccessTrustProviderRequest(input *AttachVerifiedAccessTrustProviderInput) (req *request.Request, output *AttachVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opAttachVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AttachVerifiedAccessTrustProviderInput{} + } + + output = &AttachVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// AttachVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// A trust provider is a third-party entity that creates, maintains, and manages +// identity information for users and devices. One or more trust providers can +// be attached to an Amazon Web Services Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AttachVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachVerifiedAccessTrustProvider +func (c *EC2) AttachVerifiedAccessTrustProvider(input *AttachVerifiedAccessTrustProviderInput) (*AttachVerifiedAccessTrustProviderOutput, error) { + req, out := c.AttachVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// AttachVerifiedAccessTrustProviderWithContext is the same as AttachVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See AttachVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AttachVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *AttachVerifiedAccessTrustProviderInput, opts ...request.Option) (*AttachVerifiedAccessTrustProviderOutput, error) { + req, out := c.AttachVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAttachVolume = "AttachVolume" // AttachVolumeRequest generates a "aws/request.Request" representing the @@ -3402,7 +3477,7 @@ func (c *EC2) CancelImageLaunchPermissionRequest(input *CancelImageLaunchPermiss // Removes your Amazon Web Services account from the launch permissions for // the specified AMI. For more information, see Cancel having an AMI shared // with your Amazon Web Services account (https://docs.aws.amazon.com/) in the -// Amazon Elastic Compute Cloud User Guide. +// Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3948,11 +4023,11 @@ func (c *EC2) CopyImageRequest(input *CopyImageInput) (req *request.Request, out // key that you specify in the request using KmsKeyId. Outposts do not support // unencrypted snapshots. For more information, Amazon EBS local snapshots on // Outposts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // For more information about the prerequisites and limits when copying an AMI, // see Copy an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7304,7 +7379,7 @@ func (c *EC2) CreateReplaceRootVolumeTaskRequest(input *CreateReplaceRootVolumeT // to a specific snapshot taken from the original root volume, or that is restored // from an AMI that has the same key characteristics as that of the instance. // -// For more information, see Replace a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) +// For more information, see Replace a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replace-root.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -7478,10 +7553,10 @@ func (c *EC2) CreateRestoreImageTaskRequest(input *CreateRestoreImageTaskInput) // // To use this API, you must have the required permissions. For more information, // see Permissions for storing and restoring AMIs using Amazon S3 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // For more information, see Store and restore an AMI using Amazon S3 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8100,10 +8175,10 @@ func (c *EC2) CreateStoreImageTaskRequest(input *CreateStoreImageTaskInput) (req // // To use this API, you must have the required permissions. For more information, // see Permissions for storing and restoring AMIs using Amazon S3 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // For more information, see Store and restore an AMI using Amazon S3 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9563,6 +9638,311 @@ func (c *EC2) CreateTransitGatewayVpcAttachmentWithContext(ctx aws.Context, inpu return out, req.Send() } +const opCreateVerifiedAccessEndpoint = "CreateVerifiedAccessEndpoint" + +// CreateVerifiedAccessEndpointRequest generates a "aws/request.Request" representing the +// client's request for the CreateVerifiedAccessEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateVerifiedAccessEndpoint for more information on using the CreateVerifiedAccessEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateVerifiedAccessEndpointRequest method. +// req, resp := client.CreateVerifiedAccessEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessEndpoint +func (c *EC2) CreateVerifiedAccessEndpointRequest(input *CreateVerifiedAccessEndpointInput) (req *request.Request, output *CreateVerifiedAccessEndpointOutput) { + op := &request.Operation{ + Name: opCreateVerifiedAccessEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateVerifiedAccessEndpointInput{} + } + + output = &CreateVerifiedAccessEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateVerifiedAccessEndpoint API operation for Amazon Elastic Compute Cloud. +// +// An Amazon Web Services Verified Access endpoint is where you define your +// application along with an optional endpoint-level access policy. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateVerifiedAccessEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessEndpoint +func (c *EC2) CreateVerifiedAccessEndpoint(input *CreateVerifiedAccessEndpointInput) (*CreateVerifiedAccessEndpointOutput, error) { + req, out := c.CreateVerifiedAccessEndpointRequest(input) + return out, req.Send() +} + +// CreateVerifiedAccessEndpointWithContext is the same as CreateVerifiedAccessEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See CreateVerifiedAccessEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateVerifiedAccessEndpointWithContext(ctx aws.Context, input *CreateVerifiedAccessEndpointInput, opts ...request.Option) (*CreateVerifiedAccessEndpointOutput, error) { + req, out := c.CreateVerifiedAccessEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateVerifiedAccessGroup = "CreateVerifiedAccessGroup" + +// CreateVerifiedAccessGroupRequest generates a "aws/request.Request" representing the +// client's request for the CreateVerifiedAccessGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateVerifiedAccessGroup for more information on using the CreateVerifiedAccessGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateVerifiedAccessGroupRequest method. +// req, resp := client.CreateVerifiedAccessGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessGroup +func (c *EC2) CreateVerifiedAccessGroupRequest(input *CreateVerifiedAccessGroupInput) (req *request.Request, output *CreateVerifiedAccessGroupOutput) { + op := &request.Operation{ + Name: opCreateVerifiedAccessGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateVerifiedAccessGroupInput{} + } + + output = &CreateVerifiedAccessGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateVerifiedAccessGroup API operation for Amazon Elastic Compute Cloud. +// +// An Amazon Web Services Verified Access group is a collection of Amazon Web +// Services Verified Access endpoints who's associated applications have similar +// security requirements. Each instance within an Amazon Web Services Verified +// Access group shares an Amazon Web Services Verified Access policy. For example, +// you can group all Amazon Web Services Verified Access instances associated +// with “sales” applications together and use one common Amazon Web Services +// Verified Access policy. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateVerifiedAccessGroup for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessGroup +func (c *EC2) CreateVerifiedAccessGroup(input *CreateVerifiedAccessGroupInput) (*CreateVerifiedAccessGroupOutput, error) { + req, out := c.CreateVerifiedAccessGroupRequest(input) + return out, req.Send() +} + +// CreateVerifiedAccessGroupWithContext is the same as CreateVerifiedAccessGroup with the addition of +// the ability to pass a context and additional request options. +// +// See CreateVerifiedAccessGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateVerifiedAccessGroupWithContext(ctx aws.Context, input *CreateVerifiedAccessGroupInput, opts ...request.Option) (*CreateVerifiedAccessGroupOutput, error) { + req, out := c.CreateVerifiedAccessGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateVerifiedAccessInstance = "CreateVerifiedAccessInstance" + +// CreateVerifiedAccessInstanceRequest generates a "aws/request.Request" representing the +// client's request for the CreateVerifiedAccessInstance operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateVerifiedAccessInstance for more information on using the CreateVerifiedAccessInstance +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateVerifiedAccessInstanceRequest method. +// req, resp := client.CreateVerifiedAccessInstanceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessInstance +func (c *EC2) CreateVerifiedAccessInstanceRequest(input *CreateVerifiedAccessInstanceInput) (req *request.Request, output *CreateVerifiedAccessInstanceOutput) { + op := &request.Operation{ + Name: opCreateVerifiedAccessInstance, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateVerifiedAccessInstanceInput{} + } + + output = &CreateVerifiedAccessInstanceOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateVerifiedAccessInstance API operation for Amazon Elastic Compute Cloud. +// +// An Amazon Web Services Verified Access instance is a regional entity that +// evaluates application requests and grants access only when your security +// requirements are met. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateVerifiedAccessInstance for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessInstance +func (c *EC2) CreateVerifiedAccessInstance(input *CreateVerifiedAccessInstanceInput) (*CreateVerifiedAccessInstanceOutput, error) { + req, out := c.CreateVerifiedAccessInstanceRequest(input) + return out, req.Send() +} + +// CreateVerifiedAccessInstanceWithContext is the same as CreateVerifiedAccessInstance with the addition of +// the ability to pass a context and additional request options. +// +// See CreateVerifiedAccessInstance for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateVerifiedAccessInstanceWithContext(ctx aws.Context, input *CreateVerifiedAccessInstanceInput, opts ...request.Option) (*CreateVerifiedAccessInstanceOutput, error) { + req, out := c.CreateVerifiedAccessInstanceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateVerifiedAccessTrustProvider = "CreateVerifiedAccessTrustProvider" + +// CreateVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the CreateVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateVerifiedAccessTrustProvider for more information on using the CreateVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateVerifiedAccessTrustProviderRequest method. +// req, resp := client.CreateVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessTrustProvider +func (c *EC2) CreateVerifiedAccessTrustProviderRequest(input *CreateVerifiedAccessTrustProviderInput) (req *request.Request, output *CreateVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opCreateVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateVerifiedAccessTrustProviderInput{} + } + + output = &CreateVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// A trust provider is a third-party entity that creates, maintains, and manages +// identity information for users and devices. When an application request is +// made, the identity information sent by the trust provider will be evaluated +// by Amazon Web Services Verified Access, before allowing or denying the application +// request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessTrustProvider +func (c *EC2) CreateVerifiedAccessTrustProvider(input *CreateVerifiedAccessTrustProviderInput) (*CreateVerifiedAccessTrustProviderOutput, error) { + req, out := c.CreateVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// CreateVerifiedAccessTrustProviderWithContext is the same as CreateVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See CreateVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *CreateVerifiedAccessTrustProviderInput, opts ...request.Option) (*CreateVerifiedAccessTrustProviderOutput, error) { + req, out := c.CreateVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateVolume = "CreateVolume" // CreateVolumeRequest generates a "aws/request.Request" representing the @@ -14764,6 +15144,298 @@ func (c *EC2) DeleteTransitGatewayVpcAttachmentWithContext(ctx aws.Context, inpu return out, req.Send() } +const opDeleteVerifiedAccessEndpoint = "DeleteVerifiedAccessEndpoint" + +// DeleteVerifiedAccessEndpointRequest generates a "aws/request.Request" representing the +// client's request for the DeleteVerifiedAccessEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteVerifiedAccessEndpoint for more information on using the DeleteVerifiedAccessEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteVerifiedAccessEndpointRequest method. +// req, resp := client.DeleteVerifiedAccessEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessEndpoint +func (c *EC2) DeleteVerifiedAccessEndpointRequest(input *DeleteVerifiedAccessEndpointInput) (req *request.Request, output *DeleteVerifiedAccessEndpointOutput) { + op := &request.Operation{ + Name: opDeleteVerifiedAccessEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteVerifiedAccessEndpointInput{} + } + + output = &DeleteVerifiedAccessEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteVerifiedAccessEndpoint API operation for Amazon Elastic Compute Cloud. +// +// Delete an Amazon Web Services Verified Access endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteVerifiedAccessEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessEndpoint +func (c *EC2) DeleteVerifiedAccessEndpoint(input *DeleteVerifiedAccessEndpointInput) (*DeleteVerifiedAccessEndpointOutput, error) { + req, out := c.DeleteVerifiedAccessEndpointRequest(input) + return out, req.Send() +} + +// DeleteVerifiedAccessEndpointWithContext is the same as DeleteVerifiedAccessEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteVerifiedAccessEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteVerifiedAccessEndpointWithContext(ctx aws.Context, input *DeleteVerifiedAccessEndpointInput, opts ...request.Option) (*DeleteVerifiedAccessEndpointOutput, error) { + req, out := c.DeleteVerifiedAccessEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteVerifiedAccessGroup = "DeleteVerifiedAccessGroup" + +// DeleteVerifiedAccessGroupRequest generates a "aws/request.Request" representing the +// client's request for the DeleteVerifiedAccessGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteVerifiedAccessGroup for more information on using the DeleteVerifiedAccessGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteVerifiedAccessGroupRequest method. +// req, resp := client.DeleteVerifiedAccessGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessGroup +func (c *EC2) DeleteVerifiedAccessGroupRequest(input *DeleteVerifiedAccessGroupInput) (req *request.Request, output *DeleteVerifiedAccessGroupOutput) { + op := &request.Operation{ + Name: opDeleteVerifiedAccessGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteVerifiedAccessGroupInput{} + } + + output = &DeleteVerifiedAccessGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteVerifiedAccessGroup API operation for Amazon Elastic Compute Cloud. +// +// Delete an Amazon Web Services Verified Access group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteVerifiedAccessGroup for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessGroup +func (c *EC2) DeleteVerifiedAccessGroup(input *DeleteVerifiedAccessGroupInput) (*DeleteVerifiedAccessGroupOutput, error) { + req, out := c.DeleteVerifiedAccessGroupRequest(input) + return out, req.Send() +} + +// DeleteVerifiedAccessGroupWithContext is the same as DeleteVerifiedAccessGroup with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteVerifiedAccessGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteVerifiedAccessGroupWithContext(ctx aws.Context, input *DeleteVerifiedAccessGroupInput, opts ...request.Option) (*DeleteVerifiedAccessGroupOutput, error) { + req, out := c.DeleteVerifiedAccessGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteVerifiedAccessInstance = "DeleteVerifiedAccessInstance" + +// DeleteVerifiedAccessInstanceRequest generates a "aws/request.Request" representing the +// client's request for the DeleteVerifiedAccessInstance operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteVerifiedAccessInstance for more information on using the DeleteVerifiedAccessInstance +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteVerifiedAccessInstanceRequest method. +// req, resp := client.DeleteVerifiedAccessInstanceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessInstance +func (c *EC2) DeleteVerifiedAccessInstanceRequest(input *DeleteVerifiedAccessInstanceInput) (req *request.Request, output *DeleteVerifiedAccessInstanceOutput) { + op := &request.Operation{ + Name: opDeleteVerifiedAccessInstance, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteVerifiedAccessInstanceInput{} + } + + output = &DeleteVerifiedAccessInstanceOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteVerifiedAccessInstance API operation for Amazon Elastic Compute Cloud. +// +// Delete an Amazon Web Services Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteVerifiedAccessInstance for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessInstance +func (c *EC2) DeleteVerifiedAccessInstance(input *DeleteVerifiedAccessInstanceInput) (*DeleteVerifiedAccessInstanceOutput, error) { + req, out := c.DeleteVerifiedAccessInstanceRequest(input) + return out, req.Send() +} + +// DeleteVerifiedAccessInstanceWithContext is the same as DeleteVerifiedAccessInstance with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteVerifiedAccessInstance for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteVerifiedAccessInstanceWithContext(ctx aws.Context, input *DeleteVerifiedAccessInstanceInput, opts ...request.Option) (*DeleteVerifiedAccessInstanceOutput, error) { + req, out := c.DeleteVerifiedAccessInstanceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteVerifiedAccessTrustProvider = "DeleteVerifiedAccessTrustProvider" + +// DeleteVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the DeleteVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteVerifiedAccessTrustProvider for more information on using the DeleteVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteVerifiedAccessTrustProviderRequest method. +// req, resp := client.DeleteVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessTrustProvider +func (c *EC2) DeleteVerifiedAccessTrustProviderRequest(input *DeleteVerifiedAccessTrustProviderInput) (req *request.Request, output *DeleteVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opDeleteVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteVerifiedAccessTrustProviderInput{} + } + + output = &DeleteVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// Delete an Amazon Web Services Verified Access trust provider. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessTrustProvider +func (c *EC2) DeleteVerifiedAccessTrustProvider(input *DeleteVerifiedAccessTrustProviderInput) (*DeleteVerifiedAccessTrustProviderOutput, error) { + req, out := c.DeleteVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// DeleteVerifiedAccessTrustProviderWithContext is the same as DeleteVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *DeleteVerifiedAccessTrustProviderInput, opts ...request.Option) (*DeleteVerifiedAccessTrustProviderOutput, error) { + req, out := c.DeleteVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteVolume = "DeleteVolume" // DeleteVolumeRequest generates a "aws/request.Request" representing the @@ -15759,7 +16431,7 @@ func (c *EC2) DeregisterImageRequest(input *DeregisterImageInput) (req *request. // If you deregister an AMI that matches a Recycle Bin retention rule, the AMI // is retained in the Recycle Bin for the specified retention period. For more // information, see Recycle Bin (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // When you deregister an AMI, it doesn't affect any instances that you've already // launched from the AMI. You'll continue to incur usage costs for those instances @@ -16628,6 +17300,136 @@ func (c *EC2) DescribeAvailabilityZonesWithContext(ctx aws.Context, input *Descr return out, req.Send() } +const opDescribeAwsNetworkPerformanceMetricSubscriptions = "DescribeAwsNetworkPerformanceMetricSubscriptions" + +// DescribeAwsNetworkPerformanceMetricSubscriptionsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeAwsNetworkPerformanceMetricSubscriptions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeAwsNetworkPerformanceMetricSubscriptions for more information on using the DescribeAwsNetworkPerformanceMetricSubscriptions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeAwsNetworkPerformanceMetricSubscriptionsRequest method. +// req, resp := client.DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAwsNetworkPerformanceMetricSubscriptions +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) (req *request.Request, output *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) { + op := &request.Operation{ + Name: opDescribeAwsNetworkPerformanceMetricSubscriptions, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeAwsNetworkPerformanceMetricSubscriptionsInput{} + } + + output = &DescribeAwsNetworkPerformanceMetricSubscriptionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeAwsNetworkPerformanceMetricSubscriptions API operation for Amazon Elastic Compute Cloud. +// +// Describes the current Infrastructure Performance metric subscriptions. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeAwsNetworkPerformanceMetricSubscriptions for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAwsNetworkPerformanceMetricSubscriptions +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptions(input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) (*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, error) { + req, out := c.DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(input) + return out, req.Send() +} + +// DescribeAwsNetworkPerformanceMetricSubscriptionsWithContext is the same as DescribeAwsNetworkPerformanceMetricSubscriptions with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeAwsNetworkPerformanceMetricSubscriptions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptionsWithContext(ctx aws.Context, input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput, opts ...request.Option) (*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, error) { + req, out := c.DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeAwsNetworkPerformanceMetricSubscriptionsPages iterates over the pages of a DescribeAwsNetworkPerformanceMetricSubscriptions operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeAwsNetworkPerformanceMetricSubscriptions method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeAwsNetworkPerformanceMetricSubscriptions operation. +// pageNum := 0 +// err := client.DescribeAwsNetworkPerformanceMetricSubscriptionsPages(params, +// func(page *ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptionsPages(input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput, fn func(*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, bool) bool) error { + return c.DescribeAwsNetworkPerformanceMetricSubscriptionsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeAwsNetworkPerformanceMetricSubscriptionsPagesWithContext same as DescribeAwsNetworkPerformanceMetricSubscriptionsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptionsPagesWithContext(ctx aws.Context, input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput, fn func(*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeAwsNetworkPerformanceMetricSubscriptionsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeBundleTasks = "DescribeBundleTasks" // DescribeBundleTasksRequest generates a "aws/request.Request" representing the @@ -20550,6 +21352,12 @@ func (c *EC2) DescribeImagesRequest(input *DescribeImagesInput) (req *request.Re Name: opDescribeImages, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -20603,6 +21411,57 @@ func (c *EC2) DescribeImagesWithContext(ctx aws.Context, input *DescribeImagesIn return out, req.Send() } +// DescribeImagesPages iterates over the pages of a DescribeImages operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeImages method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeImages operation. +// pageNum := 0 +// err := client.DescribeImagesPages(params, +// func(page *ec2.DescribeImagesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeImagesPages(input *DescribeImagesInput, fn func(*DescribeImagesOutput, bool) bool) error { + return c.DescribeImagesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeImagesPagesWithContext same as DescribeImagesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeImagesPagesWithContext(ctx aws.Context, input *DescribeImagesInput, fn func(*DescribeImagesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeImagesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeImagesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeImagesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeImportImageTasks = "DescribeImportImageTasks" // DescribeImportImageTasksRequest generates a "aws/request.Request" representing the @@ -25642,7 +26501,7 @@ func (c *EC2) DescribeReplaceRootVolumeTasksRequest(input *DescribeReplaceRootVo // DescribeReplaceRootVolumeTasks API operation for Amazon Elastic Compute Cloud. // // Describes a root volume replacement task. For more information, see Replace -// a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) +// a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replace-root.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -28149,10 +29008,10 @@ func (c *EC2) DescribeStoreImageTasksRequest(input *DescribeStoreImageTasksInput // // To use this API, you must have the required permissions. For more information, // see Permissions for storing and restoring AMIs using Amazon S3 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html#ami-s3-permissions) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // For more information, see Store and restore an AMI using Amazon S3 (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -30329,6 +31188,657 @@ func (c *EC2) DescribeTrunkInterfaceAssociationsPagesWithContext(ctx aws.Context return p.Err() } +const opDescribeVerifiedAccessEndpoints = "DescribeVerifiedAccessEndpoints" + +// DescribeVerifiedAccessEndpointsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessEndpoints operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessEndpoints for more information on using the DescribeVerifiedAccessEndpoints +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessEndpointsRequest method. +// req, resp := client.DescribeVerifiedAccessEndpointsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessEndpoints +func (c *EC2) DescribeVerifiedAccessEndpointsRequest(input *DescribeVerifiedAccessEndpointsInput) (req *request.Request, output *DescribeVerifiedAccessEndpointsOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessEndpoints, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessEndpointsInput{} + } + + output = &DescribeVerifiedAccessEndpointsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessEndpoints API operation for Amazon Elastic Compute Cloud. +// +// Describe Amazon Web Services Verified Access endpoints. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessEndpoints for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessEndpoints +func (c *EC2) DescribeVerifiedAccessEndpoints(input *DescribeVerifiedAccessEndpointsInput) (*DescribeVerifiedAccessEndpointsOutput, error) { + req, out := c.DescribeVerifiedAccessEndpointsRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessEndpointsWithContext is the same as DescribeVerifiedAccessEndpoints with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessEndpoints for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessEndpointsWithContext(ctx aws.Context, input *DescribeVerifiedAccessEndpointsInput, opts ...request.Option) (*DescribeVerifiedAccessEndpointsOutput, error) { + req, out := c.DescribeVerifiedAccessEndpointsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessEndpointsPages iterates over the pages of a DescribeVerifiedAccessEndpoints operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessEndpoints method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessEndpoints operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessEndpointsPages(params, +// func(page *ec2.DescribeVerifiedAccessEndpointsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessEndpointsPages(input *DescribeVerifiedAccessEndpointsInput, fn func(*DescribeVerifiedAccessEndpointsOutput, bool) bool) error { + return c.DescribeVerifiedAccessEndpointsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessEndpointsPagesWithContext same as DescribeVerifiedAccessEndpointsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessEndpointsPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessEndpointsInput, fn func(*DescribeVerifiedAccessEndpointsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessEndpointsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessEndpointsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessEndpointsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeVerifiedAccessGroups = "DescribeVerifiedAccessGroups" + +// DescribeVerifiedAccessGroupsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessGroups operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessGroups for more information on using the DescribeVerifiedAccessGroups +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessGroupsRequest method. +// req, resp := client.DescribeVerifiedAccessGroupsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessGroups +func (c *EC2) DescribeVerifiedAccessGroupsRequest(input *DescribeVerifiedAccessGroupsInput) (req *request.Request, output *DescribeVerifiedAccessGroupsOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessGroups, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessGroupsInput{} + } + + output = &DescribeVerifiedAccessGroupsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessGroups API operation for Amazon Elastic Compute Cloud. +// +// Describe details of existing Verified Access groups. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessGroups for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessGroups +func (c *EC2) DescribeVerifiedAccessGroups(input *DescribeVerifiedAccessGroupsInput) (*DescribeVerifiedAccessGroupsOutput, error) { + req, out := c.DescribeVerifiedAccessGroupsRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessGroupsWithContext is the same as DescribeVerifiedAccessGroups with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessGroups for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessGroupsWithContext(ctx aws.Context, input *DescribeVerifiedAccessGroupsInput, opts ...request.Option) (*DescribeVerifiedAccessGroupsOutput, error) { + req, out := c.DescribeVerifiedAccessGroupsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessGroupsPages iterates over the pages of a DescribeVerifiedAccessGroups operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessGroups method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessGroups operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessGroupsPages(params, +// func(page *ec2.DescribeVerifiedAccessGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessGroupsPages(input *DescribeVerifiedAccessGroupsInput, fn func(*DescribeVerifiedAccessGroupsOutput, bool) bool) error { + return c.DescribeVerifiedAccessGroupsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessGroupsPagesWithContext same as DescribeVerifiedAccessGroupsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessGroupsPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessGroupsInput, fn func(*DescribeVerifiedAccessGroupsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessGroupsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessGroupsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessGroupsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeVerifiedAccessInstanceLoggingConfigurations = "DescribeVerifiedAccessInstanceLoggingConfigurations" + +// DescribeVerifiedAccessInstanceLoggingConfigurationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessInstanceLoggingConfigurations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessInstanceLoggingConfigurations for more information on using the DescribeVerifiedAccessInstanceLoggingConfigurations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessInstanceLoggingConfigurationsRequest method. +// req, resp := client.DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessInstanceLoggingConfigurations +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) (req *request.Request, output *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessInstanceLoggingConfigurations, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessInstanceLoggingConfigurationsInput{} + } + + output = &DescribeVerifiedAccessInstanceLoggingConfigurationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessInstanceLoggingConfigurations API operation for Amazon Elastic Compute Cloud. +// +// Describes the current logging configuration for the Amazon Web Services Verified +// Access instances. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessInstanceLoggingConfigurations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessInstanceLoggingConfigurations +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurations(input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) (*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, error) { + req, out := c.DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessInstanceLoggingConfigurationsWithContext is the same as DescribeVerifiedAccessInstanceLoggingConfigurations with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessInstanceLoggingConfigurations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsWithContext(ctx aws.Context, input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput, opts ...request.Option) (*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, error) { + req, out := c.DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessInstanceLoggingConfigurationsPages iterates over the pages of a DescribeVerifiedAccessInstanceLoggingConfigurations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessInstanceLoggingConfigurations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessInstanceLoggingConfigurations operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessInstanceLoggingConfigurationsPages(params, +// func(page *ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsPages(input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput, fn func(*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, bool) bool) error { + return c.DescribeVerifiedAccessInstanceLoggingConfigurationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessInstanceLoggingConfigurationsPagesWithContext same as DescribeVerifiedAccessInstanceLoggingConfigurationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput, fn func(*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessInstanceLoggingConfigurationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeVerifiedAccessInstances = "DescribeVerifiedAccessInstances" + +// DescribeVerifiedAccessInstancesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessInstances operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessInstances for more information on using the DescribeVerifiedAccessInstances +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessInstancesRequest method. +// req, resp := client.DescribeVerifiedAccessInstancesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessInstances +func (c *EC2) DescribeVerifiedAccessInstancesRequest(input *DescribeVerifiedAccessInstancesInput) (req *request.Request, output *DescribeVerifiedAccessInstancesOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessInstances, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessInstancesInput{} + } + + output = &DescribeVerifiedAccessInstancesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessInstances API operation for Amazon Elastic Compute Cloud. +// +// Describe Verified Access instances. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessInstances for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessInstances +func (c *EC2) DescribeVerifiedAccessInstances(input *DescribeVerifiedAccessInstancesInput) (*DescribeVerifiedAccessInstancesOutput, error) { + req, out := c.DescribeVerifiedAccessInstancesRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessInstancesWithContext is the same as DescribeVerifiedAccessInstances with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessInstances for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessInstancesWithContext(ctx aws.Context, input *DescribeVerifiedAccessInstancesInput, opts ...request.Option) (*DescribeVerifiedAccessInstancesOutput, error) { + req, out := c.DescribeVerifiedAccessInstancesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessInstancesPages iterates over the pages of a DescribeVerifiedAccessInstances operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessInstances method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessInstances operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessInstancesPages(params, +// func(page *ec2.DescribeVerifiedAccessInstancesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessInstancesPages(input *DescribeVerifiedAccessInstancesInput, fn func(*DescribeVerifiedAccessInstancesOutput, bool) bool) error { + return c.DescribeVerifiedAccessInstancesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessInstancesPagesWithContext same as DescribeVerifiedAccessInstancesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessInstancesPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessInstancesInput, fn func(*DescribeVerifiedAccessInstancesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessInstancesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessInstancesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessInstancesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeVerifiedAccessTrustProviders = "DescribeVerifiedAccessTrustProviders" + +// DescribeVerifiedAccessTrustProvidersRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessTrustProviders operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessTrustProviders for more information on using the DescribeVerifiedAccessTrustProviders +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessTrustProvidersRequest method. +// req, resp := client.DescribeVerifiedAccessTrustProvidersRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessTrustProviders +func (c *EC2) DescribeVerifiedAccessTrustProvidersRequest(input *DescribeVerifiedAccessTrustProvidersInput) (req *request.Request, output *DescribeVerifiedAccessTrustProvidersOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessTrustProviders, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessTrustProvidersInput{} + } + + output = &DescribeVerifiedAccessTrustProvidersOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessTrustProviders API operation for Amazon Elastic Compute Cloud. +// +// Describe details of existing Verified Access trust providers. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessTrustProviders for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessTrustProviders +func (c *EC2) DescribeVerifiedAccessTrustProviders(input *DescribeVerifiedAccessTrustProvidersInput) (*DescribeVerifiedAccessTrustProvidersOutput, error) { + req, out := c.DescribeVerifiedAccessTrustProvidersRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessTrustProvidersWithContext is the same as DescribeVerifiedAccessTrustProviders with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessTrustProviders for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessTrustProvidersWithContext(ctx aws.Context, input *DescribeVerifiedAccessTrustProvidersInput, opts ...request.Option) (*DescribeVerifiedAccessTrustProvidersOutput, error) { + req, out := c.DescribeVerifiedAccessTrustProvidersRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessTrustProvidersPages iterates over the pages of a DescribeVerifiedAccessTrustProviders operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessTrustProviders method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessTrustProviders operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessTrustProvidersPages(params, +// func(page *ec2.DescribeVerifiedAccessTrustProvidersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessTrustProvidersPages(input *DescribeVerifiedAccessTrustProvidersInput, fn func(*DescribeVerifiedAccessTrustProvidersOutput, bool) bool) error { + return c.DescribeVerifiedAccessTrustProvidersPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessTrustProvidersPagesWithContext same as DescribeVerifiedAccessTrustProvidersPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessTrustProvidersPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessTrustProvidersInput, fn func(*DescribeVerifiedAccessTrustProvidersOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessTrustProvidersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessTrustProvidersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessTrustProvidersOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeVolumeAttribute = "DescribeVolumeAttribute" // DescribeVolumeAttributeRequest generates a "aws/request.Request" representing the @@ -32517,6 +34027,79 @@ func (c *EC2) DetachNetworkInterfaceWithContext(ctx aws.Context, input *DetachNe return out, req.Send() } +const opDetachVerifiedAccessTrustProvider = "DetachVerifiedAccessTrustProvider" + +// DetachVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the DetachVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DetachVerifiedAccessTrustProvider for more information on using the DetachVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DetachVerifiedAccessTrustProviderRequest method. +// req, resp := client.DetachVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachVerifiedAccessTrustProvider +func (c *EC2) DetachVerifiedAccessTrustProviderRequest(input *DetachVerifiedAccessTrustProviderInput) (req *request.Request, output *DetachVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opDetachVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DetachVerifiedAccessTrustProviderInput{} + } + + output = &DetachVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// DetachVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// Detach a trust provider from an Amazon Web Services Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DetachVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachVerifiedAccessTrustProvider +func (c *EC2) DetachVerifiedAccessTrustProvider(input *DetachVerifiedAccessTrustProviderInput) (*DetachVerifiedAccessTrustProviderOutput, error) { + req, out := c.DetachVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// DetachVerifiedAccessTrustProviderWithContext is the same as DetachVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See DetachVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DetachVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *DetachVerifiedAccessTrustProviderInput, opts ...request.Option) (*DetachVerifiedAccessTrustProviderOutput, error) { + req, out := c.DetachVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDetachVolume = "DetachVolume" // DetachVolumeRequest generates a "aws/request.Request" representing the @@ -32759,6 +34342,79 @@ func (c *EC2) DisableAddressTransferWithContext(ctx aws.Context, input *DisableA return out, req.Send() } +const opDisableAwsNetworkPerformanceMetricSubscription = "DisableAwsNetworkPerformanceMetricSubscription" + +// DisableAwsNetworkPerformanceMetricSubscriptionRequest generates a "aws/request.Request" representing the +// client's request for the DisableAwsNetworkPerformanceMetricSubscription operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableAwsNetworkPerformanceMetricSubscription for more information on using the DisableAwsNetworkPerformanceMetricSubscription +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableAwsNetworkPerformanceMetricSubscriptionRequest method. +// req, resp := client.DisableAwsNetworkPerformanceMetricSubscriptionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableAwsNetworkPerformanceMetricSubscription +func (c *EC2) DisableAwsNetworkPerformanceMetricSubscriptionRequest(input *DisableAwsNetworkPerformanceMetricSubscriptionInput) (req *request.Request, output *DisableAwsNetworkPerformanceMetricSubscriptionOutput) { + op := &request.Operation{ + Name: opDisableAwsNetworkPerformanceMetricSubscription, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableAwsNetworkPerformanceMetricSubscriptionInput{} + } + + output = &DisableAwsNetworkPerformanceMetricSubscriptionOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableAwsNetworkPerformanceMetricSubscription API operation for Amazon Elastic Compute Cloud. +// +// Disables Infrastructure Performance metric subscriptions. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableAwsNetworkPerformanceMetricSubscription for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableAwsNetworkPerformanceMetricSubscription +func (c *EC2) DisableAwsNetworkPerformanceMetricSubscription(input *DisableAwsNetworkPerformanceMetricSubscriptionInput) (*DisableAwsNetworkPerformanceMetricSubscriptionOutput, error) { + req, out := c.DisableAwsNetworkPerformanceMetricSubscriptionRequest(input) + return out, req.Send() +} + +// DisableAwsNetworkPerformanceMetricSubscriptionWithContext is the same as DisableAwsNetworkPerformanceMetricSubscription with the addition of +// the ability to pass a context and additional request options. +// +// See DisableAwsNetworkPerformanceMetricSubscription for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableAwsNetworkPerformanceMetricSubscriptionWithContext(ctx aws.Context, input *DisableAwsNetworkPerformanceMetricSubscriptionInput, opts ...request.Option) (*DisableAwsNetworkPerformanceMetricSubscriptionOutput, error) { + req, out := c.DisableAwsNetworkPerformanceMetricSubscriptionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableEbsEncryptionByDefault = "DisableEbsEncryptionByDefault" // DisableEbsEncryptionByDefaultRequest generates a "aws/request.Request" representing the @@ -33039,7 +34695,7 @@ func (c *EC2) DisableImageDeprecationRequest(input *DisableImageDeprecationInput // Cancels the deprecation of the specified AMI. // // For more information, see Deprecate an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -34533,6 +36189,79 @@ func (c *EC2) EnableAddressTransferWithContext(ctx aws.Context, input *EnableAdd return out, req.Send() } +const opEnableAwsNetworkPerformanceMetricSubscription = "EnableAwsNetworkPerformanceMetricSubscription" + +// EnableAwsNetworkPerformanceMetricSubscriptionRequest generates a "aws/request.Request" representing the +// client's request for the EnableAwsNetworkPerformanceMetricSubscription operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableAwsNetworkPerformanceMetricSubscription for more information on using the EnableAwsNetworkPerformanceMetricSubscription +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableAwsNetworkPerformanceMetricSubscriptionRequest method. +// req, resp := client.EnableAwsNetworkPerformanceMetricSubscriptionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableAwsNetworkPerformanceMetricSubscription +func (c *EC2) EnableAwsNetworkPerformanceMetricSubscriptionRequest(input *EnableAwsNetworkPerformanceMetricSubscriptionInput) (req *request.Request, output *EnableAwsNetworkPerformanceMetricSubscriptionOutput) { + op := &request.Operation{ + Name: opEnableAwsNetworkPerformanceMetricSubscription, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableAwsNetworkPerformanceMetricSubscriptionInput{} + } + + output = &EnableAwsNetworkPerformanceMetricSubscriptionOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableAwsNetworkPerformanceMetricSubscription API operation for Amazon Elastic Compute Cloud. +// +// Enables Infrastructure Performance subscriptions. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableAwsNetworkPerformanceMetricSubscription for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableAwsNetworkPerformanceMetricSubscription +func (c *EC2) EnableAwsNetworkPerformanceMetricSubscription(input *EnableAwsNetworkPerformanceMetricSubscriptionInput) (*EnableAwsNetworkPerformanceMetricSubscriptionOutput, error) { + req, out := c.EnableAwsNetworkPerformanceMetricSubscriptionRequest(input) + return out, req.Send() +} + +// EnableAwsNetworkPerformanceMetricSubscriptionWithContext is the same as EnableAwsNetworkPerformanceMetricSubscription with the addition of +// the ability to pass a context and additional request options. +// +// See EnableAwsNetworkPerformanceMetricSubscription for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableAwsNetworkPerformanceMetricSubscriptionWithContext(ctx aws.Context, input *EnableAwsNetworkPerformanceMetricSubscriptionInput, opts ...request.Option) (*EnableAwsNetworkPerformanceMetricSubscriptionOutput, error) { + req, out := c.EnableAwsNetworkPerformanceMetricSubscriptionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableEbsEncryptionByDefault = "EnableEbsEncryptionByDefault" // EnableEbsEncryptionByDefaultRequest generates a "aws/request.Request" representing the @@ -34829,7 +36558,7 @@ func (c *EC2) EnableImageDeprecationRequest(input *EnableImageDeprecationInput) // Enables deprecation of the specified AMI at the specified date and time. // // For more information, see Deprecate an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -34935,6 +36664,84 @@ func (c *EC2) EnableIpamOrganizationAdminAccountWithContext(ctx aws.Context, inp return out, req.Send() } +const opEnableReachabilityAnalyzerOrganizationSharing = "EnableReachabilityAnalyzerOrganizationSharing" + +// EnableReachabilityAnalyzerOrganizationSharingRequest generates a "aws/request.Request" representing the +// client's request for the EnableReachabilityAnalyzerOrganizationSharing operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableReachabilityAnalyzerOrganizationSharing for more information on using the EnableReachabilityAnalyzerOrganizationSharing +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableReachabilityAnalyzerOrganizationSharingRequest method. +// req, resp := client.EnableReachabilityAnalyzerOrganizationSharingRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableReachabilityAnalyzerOrganizationSharing +func (c *EC2) EnableReachabilityAnalyzerOrganizationSharingRequest(input *EnableReachabilityAnalyzerOrganizationSharingInput) (req *request.Request, output *EnableReachabilityAnalyzerOrganizationSharingOutput) { + op := &request.Operation{ + Name: opEnableReachabilityAnalyzerOrganizationSharing, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableReachabilityAnalyzerOrganizationSharingInput{} + } + + output = &EnableReachabilityAnalyzerOrganizationSharingOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableReachabilityAnalyzerOrganizationSharing API operation for Amazon Elastic Compute Cloud. +// +// Establishes a trust relationship between Reachability Analyzer and Organizations. +// This operation must be performed by the management account for the organization. +// +// After you establish a trust relationship, a user in the management account +// or a delegated administrator account can run a cross-account analysis using +// resources from the member accounts. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableReachabilityAnalyzerOrganizationSharing for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableReachabilityAnalyzerOrganizationSharing +func (c *EC2) EnableReachabilityAnalyzerOrganizationSharing(input *EnableReachabilityAnalyzerOrganizationSharingInput) (*EnableReachabilityAnalyzerOrganizationSharingOutput, error) { + req, out := c.EnableReachabilityAnalyzerOrganizationSharingRequest(input) + return out, req.Send() +} + +// EnableReachabilityAnalyzerOrganizationSharingWithContext is the same as EnableReachabilityAnalyzerOrganizationSharing with the addition of +// the ability to pass a context and additional request options. +// +// See EnableReachabilityAnalyzerOrganizationSharing for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableReachabilityAnalyzerOrganizationSharingWithContext(ctx aws.Context, input *EnableReachabilityAnalyzerOrganizationSharingInput, opts ...request.Option) (*EnableReachabilityAnalyzerOrganizationSharingOutput, error) { + req, out := c.EnableReachabilityAnalyzerOrganizationSharingRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableSerialConsoleAccess = "EnableSerialConsoleAccess" // EnableSerialConsoleAccessRequest generates a "aws/request.Request" representing the @@ -35916,6 +37723,136 @@ func (c *EC2) GetAssociatedIpv6PoolCidrsPagesWithContext(ctx aws.Context, input return p.Err() } +const opGetAwsNetworkPerformanceData = "GetAwsNetworkPerformanceData" + +// GetAwsNetworkPerformanceDataRequest generates a "aws/request.Request" representing the +// client's request for the GetAwsNetworkPerformanceData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetAwsNetworkPerformanceData for more information on using the GetAwsNetworkPerformanceData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetAwsNetworkPerformanceDataRequest method. +// req, resp := client.GetAwsNetworkPerformanceDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAwsNetworkPerformanceData +func (c *EC2) GetAwsNetworkPerformanceDataRequest(input *GetAwsNetworkPerformanceDataInput) (req *request.Request, output *GetAwsNetworkPerformanceDataOutput) { + op := &request.Operation{ + Name: opGetAwsNetworkPerformanceData, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &GetAwsNetworkPerformanceDataInput{} + } + + output = &GetAwsNetworkPerformanceDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetAwsNetworkPerformanceData API operation for Amazon Elastic Compute Cloud. +// +// Gets network performance data. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetAwsNetworkPerformanceData for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAwsNetworkPerformanceData +func (c *EC2) GetAwsNetworkPerformanceData(input *GetAwsNetworkPerformanceDataInput) (*GetAwsNetworkPerformanceDataOutput, error) { + req, out := c.GetAwsNetworkPerformanceDataRequest(input) + return out, req.Send() +} + +// GetAwsNetworkPerformanceDataWithContext is the same as GetAwsNetworkPerformanceData with the addition of +// the ability to pass a context and additional request options. +// +// See GetAwsNetworkPerformanceData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetAwsNetworkPerformanceDataWithContext(ctx aws.Context, input *GetAwsNetworkPerformanceDataInput, opts ...request.Option) (*GetAwsNetworkPerformanceDataOutput, error) { + req, out := c.GetAwsNetworkPerformanceDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// GetAwsNetworkPerformanceDataPages iterates over the pages of a GetAwsNetworkPerformanceData operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetAwsNetworkPerformanceData method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetAwsNetworkPerformanceData operation. +// pageNum := 0 +// err := client.GetAwsNetworkPerformanceDataPages(params, +// func(page *ec2.GetAwsNetworkPerformanceDataOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) GetAwsNetworkPerformanceDataPages(input *GetAwsNetworkPerformanceDataInput, fn func(*GetAwsNetworkPerformanceDataOutput, bool) bool) error { + return c.GetAwsNetworkPerformanceDataPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetAwsNetworkPerformanceDataPagesWithContext same as GetAwsNetworkPerformanceDataPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetAwsNetworkPerformanceDataPagesWithContext(ctx aws.Context, input *GetAwsNetworkPerformanceDataInput, fn func(*GetAwsNetworkPerformanceDataOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetAwsNetworkPerformanceDataInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetAwsNetworkPerformanceDataRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetAwsNetworkPerformanceDataOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetCapacityReservationUsage = "GetCapacityReservationUsage" // GetCapacityReservationUsageRequest generates a "aws/request.Request" representing the @@ -39308,6 +41245,152 @@ func (c *EC2) GetTransitGatewayRouteTablePropagationsPagesWithContext(ctx aws.Co return p.Err() } +const opGetVerifiedAccessEndpointPolicy = "GetVerifiedAccessEndpointPolicy" + +// GetVerifiedAccessEndpointPolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetVerifiedAccessEndpointPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetVerifiedAccessEndpointPolicy for more information on using the GetVerifiedAccessEndpointPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetVerifiedAccessEndpointPolicyRequest method. +// req, resp := client.GetVerifiedAccessEndpointPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVerifiedAccessEndpointPolicy +func (c *EC2) GetVerifiedAccessEndpointPolicyRequest(input *GetVerifiedAccessEndpointPolicyInput) (req *request.Request, output *GetVerifiedAccessEndpointPolicyOutput) { + op := &request.Operation{ + Name: opGetVerifiedAccessEndpointPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetVerifiedAccessEndpointPolicyInput{} + } + + output = &GetVerifiedAccessEndpointPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetVerifiedAccessEndpointPolicy API operation for Amazon Elastic Compute Cloud. +// +// Get the Verified Access policy associated with the endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetVerifiedAccessEndpointPolicy for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVerifiedAccessEndpointPolicy +func (c *EC2) GetVerifiedAccessEndpointPolicy(input *GetVerifiedAccessEndpointPolicyInput) (*GetVerifiedAccessEndpointPolicyOutput, error) { + req, out := c.GetVerifiedAccessEndpointPolicyRequest(input) + return out, req.Send() +} + +// GetVerifiedAccessEndpointPolicyWithContext is the same as GetVerifiedAccessEndpointPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetVerifiedAccessEndpointPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetVerifiedAccessEndpointPolicyWithContext(ctx aws.Context, input *GetVerifiedAccessEndpointPolicyInput, opts ...request.Option) (*GetVerifiedAccessEndpointPolicyOutput, error) { + req, out := c.GetVerifiedAccessEndpointPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetVerifiedAccessGroupPolicy = "GetVerifiedAccessGroupPolicy" + +// GetVerifiedAccessGroupPolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetVerifiedAccessGroupPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetVerifiedAccessGroupPolicy for more information on using the GetVerifiedAccessGroupPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetVerifiedAccessGroupPolicyRequest method. +// req, resp := client.GetVerifiedAccessGroupPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVerifiedAccessGroupPolicy +func (c *EC2) GetVerifiedAccessGroupPolicyRequest(input *GetVerifiedAccessGroupPolicyInput) (req *request.Request, output *GetVerifiedAccessGroupPolicyOutput) { + op := &request.Operation{ + Name: opGetVerifiedAccessGroupPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetVerifiedAccessGroupPolicyInput{} + } + + output = &GetVerifiedAccessGroupPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetVerifiedAccessGroupPolicy API operation for Amazon Elastic Compute Cloud. +// +// Shows the contents of the Verified Access policy associated with the group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetVerifiedAccessGroupPolicy for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVerifiedAccessGroupPolicy +func (c *EC2) GetVerifiedAccessGroupPolicy(input *GetVerifiedAccessGroupPolicyInput) (*GetVerifiedAccessGroupPolicyOutput, error) { + req, out := c.GetVerifiedAccessGroupPolicyRequest(input) + return out, req.Send() +} + +// GetVerifiedAccessGroupPolicyWithContext is the same as GetVerifiedAccessGroupPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetVerifiedAccessGroupPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetVerifiedAccessGroupPolicyWithContext(ctx aws.Context, input *GetVerifiedAccessGroupPolicyInput, opts ...request.Option) (*GetVerifiedAccessGroupPolicyOutput, error) { + req, out := c.GetVerifiedAccessGroupPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetVpnConnectionDeviceSampleConfiguration = "GetVpnConnectionDeviceSampleConfiguration" // GetVpnConnectionDeviceSampleConfigurationRequest generates a "aws/request.Request" representing the @@ -40055,7 +42138,7 @@ func (c *EC2) ListImagesInRecycleBinRequest(input *ListImagesInRecycleBinInput) // // Lists one or more AMIs that are currently in the Recycle Bin. For more information, // see Recycle Bin (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -43642,6 +45725,519 @@ func (c *EC2) ModifyTransitGatewayVpcAttachmentWithContext(ctx aws.Context, inpu return out, req.Send() } +const opModifyVerifiedAccessEndpoint = "ModifyVerifiedAccessEndpoint" + +// ModifyVerifiedAccessEndpointRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessEndpoint for more information on using the ModifyVerifiedAccessEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessEndpointRequest method. +// req, resp := client.ModifyVerifiedAccessEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessEndpoint +func (c *EC2) ModifyVerifiedAccessEndpointRequest(input *ModifyVerifiedAccessEndpointInput) (req *request.Request, output *ModifyVerifiedAccessEndpointOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessEndpointInput{} + } + + output = &ModifyVerifiedAccessEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessEndpoint API operation for Amazon Elastic Compute Cloud. +// +// Modifies the configuration of an Amazon Web Services Verified Access endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessEndpoint +func (c *EC2) ModifyVerifiedAccessEndpoint(input *ModifyVerifiedAccessEndpointInput) (*ModifyVerifiedAccessEndpointOutput, error) { + req, out := c.ModifyVerifiedAccessEndpointRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessEndpointWithContext is the same as ModifyVerifiedAccessEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessEndpointWithContext(ctx aws.Context, input *ModifyVerifiedAccessEndpointInput, opts ...request.Option) (*ModifyVerifiedAccessEndpointOutput, error) { + req, out := c.ModifyVerifiedAccessEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessEndpointPolicy = "ModifyVerifiedAccessEndpointPolicy" + +// ModifyVerifiedAccessEndpointPolicyRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessEndpointPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessEndpointPolicy for more information on using the ModifyVerifiedAccessEndpointPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessEndpointPolicyRequest method. +// req, resp := client.ModifyVerifiedAccessEndpointPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessEndpointPolicy +func (c *EC2) ModifyVerifiedAccessEndpointPolicyRequest(input *ModifyVerifiedAccessEndpointPolicyInput) (req *request.Request, output *ModifyVerifiedAccessEndpointPolicyOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessEndpointPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessEndpointPolicyInput{} + } + + output = &ModifyVerifiedAccessEndpointPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessEndpointPolicy API operation for Amazon Elastic Compute Cloud. +// +// Modifies the specified Verified Access endpoint policy. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessEndpointPolicy for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessEndpointPolicy +func (c *EC2) ModifyVerifiedAccessEndpointPolicy(input *ModifyVerifiedAccessEndpointPolicyInput) (*ModifyVerifiedAccessEndpointPolicyOutput, error) { + req, out := c.ModifyVerifiedAccessEndpointPolicyRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessEndpointPolicyWithContext is the same as ModifyVerifiedAccessEndpointPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessEndpointPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessEndpointPolicyWithContext(ctx aws.Context, input *ModifyVerifiedAccessEndpointPolicyInput, opts ...request.Option) (*ModifyVerifiedAccessEndpointPolicyOutput, error) { + req, out := c.ModifyVerifiedAccessEndpointPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessGroup = "ModifyVerifiedAccessGroup" + +// ModifyVerifiedAccessGroupRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessGroup for more information on using the ModifyVerifiedAccessGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessGroupRequest method. +// req, resp := client.ModifyVerifiedAccessGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessGroup +func (c *EC2) ModifyVerifiedAccessGroupRequest(input *ModifyVerifiedAccessGroupInput) (req *request.Request, output *ModifyVerifiedAccessGroupOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessGroupInput{} + } + + output = &ModifyVerifiedAccessGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessGroup API operation for Amazon Elastic Compute Cloud. +// +// Modifies the specified Verified Access group configuration. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessGroup for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessGroup +func (c *EC2) ModifyVerifiedAccessGroup(input *ModifyVerifiedAccessGroupInput) (*ModifyVerifiedAccessGroupOutput, error) { + req, out := c.ModifyVerifiedAccessGroupRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessGroupWithContext is the same as ModifyVerifiedAccessGroup with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessGroupWithContext(ctx aws.Context, input *ModifyVerifiedAccessGroupInput, opts ...request.Option) (*ModifyVerifiedAccessGroupOutput, error) { + req, out := c.ModifyVerifiedAccessGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessGroupPolicy = "ModifyVerifiedAccessGroupPolicy" + +// ModifyVerifiedAccessGroupPolicyRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessGroupPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessGroupPolicy for more information on using the ModifyVerifiedAccessGroupPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessGroupPolicyRequest method. +// req, resp := client.ModifyVerifiedAccessGroupPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessGroupPolicy +func (c *EC2) ModifyVerifiedAccessGroupPolicyRequest(input *ModifyVerifiedAccessGroupPolicyInput) (req *request.Request, output *ModifyVerifiedAccessGroupPolicyOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessGroupPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessGroupPolicyInput{} + } + + output = &ModifyVerifiedAccessGroupPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessGroupPolicy API operation for Amazon Elastic Compute Cloud. +// +// Modifies the specified Verified Access group policy. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessGroupPolicy for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessGroupPolicy +func (c *EC2) ModifyVerifiedAccessGroupPolicy(input *ModifyVerifiedAccessGroupPolicyInput) (*ModifyVerifiedAccessGroupPolicyOutput, error) { + req, out := c.ModifyVerifiedAccessGroupPolicyRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessGroupPolicyWithContext is the same as ModifyVerifiedAccessGroupPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessGroupPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessGroupPolicyWithContext(ctx aws.Context, input *ModifyVerifiedAccessGroupPolicyInput, opts ...request.Option) (*ModifyVerifiedAccessGroupPolicyOutput, error) { + req, out := c.ModifyVerifiedAccessGroupPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessInstance = "ModifyVerifiedAccessInstance" + +// ModifyVerifiedAccessInstanceRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessInstance operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessInstance for more information on using the ModifyVerifiedAccessInstance +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessInstanceRequest method. +// req, resp := client.ModifyVerifiedAccessInstanceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessInstance +func (c *EC2) ModifyVerifiedAccessInstanceRequest(input *ModifyVerifiedAccessInstanceInput) (req *request.Request, output *ModifyVerifiedAccessInstanceOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessInstance, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessInstanceInput{} + } + + output = &ModifyVerifiedAccessInstanceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessInstance API operation for Amazon Elastic Compute Cloud. +// +// Modifies the configuration of the specified Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessInstance for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessInstance +func (c *EC2) ModifyVerifiedAccessInstance(input *ModifyVerifiedAccessInstanceInput) (*ModifyVerifiedAccessInstanceOutput, error) { + req, out := c.ModifyVerifiedAccessInstanceRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessInstanceWithContext is the same as ModifyVerifiedAccessInstance with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessInstance for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessInstanceWithContext(ctx aws.Context, input *ModifyVerifiedAccessInstanceInput, opts ...request.Option) (*ModifyVerifiedAccessInstanceOutput, error) { + req, out := c.ModifyVerifiedAccessInstanceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessInstanceLoggingConfiguration = "ModifyVerifiedAccessInstanceLoggingConfiguration" + +// ModifyVerifiedAccessInstanceLoggingConfigurationRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessInstanceLoggingConfiguration operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessInstanceLoggingConfiguration for more information on using the ModifyVerifiedAccessInstanceLoggingConfiguration +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessInstanceLoggingConfigurationRequest method. +// req, resp := client.ModifyVerifiedAccessInstanceLoggingConfigurationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessInstanceLoggingConfiguration +func (c *EC2) ModifyVerifiedAccessInstanceLoggingConfigurationRequest(input *ModifyVerifiedAccessInstanceLoggingConfigurationInput) (req *request.Request, output *ModifyVerifiedAccessInstanceLoggingConfigurationOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessInstanceLoggingConfiguration, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessInstanceLoggingConfigurationInput{} + } + + output = &ModifyVerifiedAccessInstanceLoggingConfigurationOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessInstanceLoggingConfiguration API operation for Amazon Elastic Compute Cloud. +// +// Modifies the logging configuration for the specified Amazon Web Services +// Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessInstanceLoggingConfiguration for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessInstanceLoggingConfiguration +func (c *EC2) ModifyVerifiedAccessInstanceLoggingConfiguration(input *ModifyVerifiedAccessInstanceLoggingConfigurationInput) (*ModifyVerifiedAccessInstanceLoggingConfigurationOutput, error) { + req, out := c.ModifyVerifiedAccessInstanceLoggingConfigurationRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessInstanceLoggingConfigurationWithContext is the same as ModifyVerifiedAccessInstanceLoggingConfiguration with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessInstanceLoggingConfiguration for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessInstanceLoggingConfigurationWithContext(ctx aws.Context, input *ModifyVerifiedAccessInstanceLoggingConfigurationInput, opts ...request.Option) (*ModifyVerifiedAccessInstanceLoggingConfigurationOutput, error) { + req, out := c.ModifyVerifiedAccessInstanceLoggingConfigurationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessTrustProvider = "ModifyVerifiedAccessTrustProvider" + +// ModifyVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessTrustProvider for more information on using the ModifyVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessTrustProviderRequest method. +// req, resp := client.ModifyVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessTrustProvider +func (c *EC2) ModifyVerifiedAccessTrustProviderRequest(input *ModifyVerifiedAccessTrustProviderInput) (req *request.Request, output *ModifyVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessTrustProviderInput{} + } + + output = &ModifyVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// Modifies the configuration of the specified Amazon Web Services Verified +// Access trust provider. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessTrustProvider +func (c *EC2) ModifyVerifiedAccessTrustProvider(input *ModifyVerifiedAccessTrustProviderInput) (*ModifyVerifiedAccessTrustProviderOutput, error) { + req, out := c.ModifyVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessTrustProviderWithContext is the same as ModifyVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *ModifyVerifiedAccessTrustProviderInput, opts ...request.Option) (*ModifyVerifiedAccessTrustProviderOutput, error) { + req, out := c.ModifyVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyVolume = "ModifyVolume" // ModifyVolumeRequest generates a "aws/request.Request" representing the @@ -45717,7 +48313,7 @@ func (c *EC2) RegisterImageRequest(input *RegisterImageInput) (req *request.Requ // Instance will not be applied to the On-Demand Instance. For information about // how to obtain the platform details and billing information of an AMI, see // Understand AMI billing information (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -48015,7 +50611,7 @@ func (c *EC2) RestoreImageFromRecycleBinRequest(input *RestoreImageFromRecycleBi // // Restores an AMI from the Recycle Bin. For more information, see Recycle Bin // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html) in -// the Amazon Elastic Compute Cloud User Guide. +// the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -50721,7 +53317,7 @@ func (s *AcceptTransitGatewayMulticastDomainAssociationsInput) SetTransitGateway type AcceptTransitGatewayMulticastDomainAssociationsOutput struct { _ struct{} `type:"structure"` - // Describes the multicast domain associations. + // Information about the multicast domain associations. Associations *TransitGatewayMulticastDomainAssociations `locationName:"associations" type:"structure"` } @@ -55561,6 +58157,10 @@ type AttachNetworkInterfaceInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // Configures ENA Express for the network interface that this action attaches + // to the instance. + EnaSrdSpecification *EnaSrdSpecification `type:"structure"` + // The ID of the instance. // // InstanceId is a required field @@ -55626,6 +58226,12 @@ func (s *AttachNetworkInterfaceInput) SetDryRun(v bool) *AttachNetworkInterfaceI return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *AttachNetworkInterfaceInput) SetEnaSrdSpecification(v *EnaSrdSpecification) *AttachNetworkInterfaceInput { + s.EnaSrdSpecification = v + return s +} + // SetInstanceId sets the InstanceId field's value. func (s *AttachNetworkInterfaceInput) SetInstanceId(v string) *AttachNetworkInterfaceInput { s.InstanceId = &v @@ -55685,6 +58291,129 @@ func (s *AttachNetworkInterfaceOutput) SetNetworkCardIndex(v int64) *AttachNetwo return s } +type AttachVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services Verified Access trust provider. + // + // VerifiedAccessTrustProviderId is a required field + VerifiedAccessTrustProviderId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AttachVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AttachVerifiedAccessTrustProviderInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + if s.VerifiedAccessTrustProviderId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessTrustProviderId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *AttachVerifiedAccessTrustProviderInput) SetClientToken(v string) *AttachVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *AttachVerifiedAccessTrustProviderInput) SetDryRun(v bool) *AttachVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *AttachVerifiedAccessTrustProviderInput) SetVerifiedAccessInstanceId(v string) *AttachVerifiedAccessTrustProviderInput { + s.VerifiedAccessInstanceId = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *AttachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *AttachVerifiedAccessTrustProviderInput { + s.VerifiedAccessTrustProviderId = &v + return s +} + +type AttachVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *AttachVerifiedAccessTrustProviderOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *AttachVerifiedAccessTrustProviderOutput { + s.VerifiedAccessInstance = v + return s +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *AttachVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *AttachVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type AttachVolumeInput struct { _ struct{} `type:"structure"` @@ -55877,6 +58606,83 @@ func (s *AttachVpnGatewayOutput) SetVpcAttachment(v *VpcAttachment) *AttachVpnGa return s } +// Describes the ENA Express configuration for the network interface that's +// attached to the instance. +type AttachmentEnaSrdSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether ENA Express is enabled for the network interface that's + // attached to the instance. + EnaSrdEnabled *bool `locationName:"enaSrdEnabled" type:"boolean"` + + // ENA Express configuration for UDP network traffic. + EnaSrdUdpSpecification *AttachmentEnaSrdUdpSpecification `locationName:"enaSrdUdpSpecification" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachmentEnaSrdSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachmentEnaSrdSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *AttachmentEnaSrdSpecification) SetEnaSrdEnabled(v bool) *AttachmentEnaSrdSpecification { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *AttachmentEnaSrdSpecification) SetEnaSrdUdpSpecification(v *AttachmentEnaSrdUdpSpecification) *AttachmentEnaSrdSpecification { + s.EnaSrdUdpSpecification = v + return s +} + +// Describes the ENA Express configuration for UDP traffic on the network interface +// that's attached to the instance. +type AttachmentEnaSrdUdpSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic to and from the instance uses ENA Express. + // To specify this setting, you must first enable ENA Express. + EnaSrdUdpEnabled *bool `locationName:"enaSrdUdpEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachmentEnaSrdUdpSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachmentEnaSrdUdpSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *AttachmentEnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *AttachmentEnaSrdUdpSpecification { + s.EnaSrdUdpEnabled = &v + return s +} + // Describes a value for a resource attribute that is a Boolean value. type AttributeBooleanValue struct { _ struct{} `type:"structure"` @@ -61667,7 +64473,7 @@ type CopyImageInput struct { // // For more information, see Copy AMIs from an Amazon Web Services Region to // an Outpost (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#copy-amis) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. DestinationOutpostArn *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -61682,7 +64488,7 @@ type CopyImageInput struct { // for Amazon EBS is used unless you specify a non-default Key Management Service // (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS encryption // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. Encrypted *bool `locationName:"encrypted" type:"boolean"` // The identifier of the symmetric Key Management Service (KMS) KMS key to use @@ -63469,7 +66275,7 @@ func (s *CreateCoipPoolInput) SetTagSpecifications(v []*TagSpecification) *Creat type CreateCoipPoolOutput struct { _ struct{} `type:"structure"` - // Describes a customer-owned address pool. + // Information about the CoIP address pool. CoipPool *CoipPool `locationName:"coipPool" type:"structure"` } @@ -66525,7 +69331,7 @@ func (s *CreateLocalGatewayRouteTableInput) SetTagSpecifications(v []*TagSpecifi type CreateLocalGatewayRouteTableOutput struct { _ struct{} `type:"structure"` - // Describes a local gateway route table. + // Information about the local gateway route table. LocalGatewayRouteTable *LocalGatewayRouteTable `locationName:"localGatewayRouteTable" type:"structure"` } @@ -66638,8 +69444,7 @@ func (s *CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociationInput) SetT type CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociationOutput struct { _ struct{} `type:"structure"` - // Describes an association between a local gateway route table and a virtual - // interface group. + // Information about the local gateway route table virtual interface group association. LocalGatewayRouteTableVirtualInterfaceGroupAssociation *LocalGatewayRouteTableVirtualInterfaceGroupAssociation `locationName:"localGatewayRouteTableVirtualInterfaceGroupAssociation" type:"structure"` } @@ -72138,6 +74943,891 @@ func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } +// Options for a network interface-type endpoint. +type CreateVerifiedAccessEndpointEniOptions struct { + _ struct{} `type:"structure"` + + // The ID of the network interface. + NetworkInterfaceId *string `type:"string"` + + // The IP port number. + Port *int64 `min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `type:"string" enum:"VerifiedAccessEndpointProtocol"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointEniOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointEniOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessEndpointEniOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessEndpointEniOptions"} + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *CreateVerifiedAccessEndpointEniOptions) SetNetworkInterfaceId(v string) *CreateVerifiedAccessEndpointEniOptions { + s.NetworkInterfaceId = &v + return s +} + +// SetPort sets the Port field's value. +func (s *CreateVerifiedAccessEndpointEniOptions) SetPort(v int64) *CreateVerifiedAccessEndpointEniOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *CreateVerifiedAccessEndpointEniOptions) SetProtocol(v string) *CreateVerifiedAccessEndpointEniOptions { + s.Protocol = &v + return s +} + +type CreateVerifiedAccessEndpointInput struct { + _ struct{} `type:"structure"` + + // The DNS name for users to reach your application. + // + // ApplicationDomain is a required field + ApplicationDomain *string `type:"string" required:"true"` + + // The Amazon Web Services network component Verified Access attaches to. + // + // AttachmentType is a required field + AttachmentType *string `type:"string" required:"true" enum:"VerifiedAccessEndpointAttachmentType"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access endpoint. + Description *string `type:"string"` + + // The ARN of the public TLS/SSL certificate in Amazon Web Services Certificate + // Manager to associate with the endpoint. The CN in the certificate must match + // the DNS name your end users will use to reach your application. + // + // DomainCertificateArn is a required field + DomainCertificateArn *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // A custom identifier that gets prepended to a DNS name that is generated for + // the endpoint. + // + // EndpointDomainPrefix is a required field + EndpointDomainPrefix *string `type:"string" required:"true"` + + // The type of Amazon Web Services Verified Access endpoint to create. + // + // EndpointType is a required field + EndpointType *string `type:"string" required:"true" enum:"VerifiedAccessEndpointType"` + + // The load balancer details if creating the Amazon Web Services Verified Access + // endpoint as load-balancertype. + LoadBalancerOptions *CreateVerifiedAccessEndpointLoadBalancerOptions `type:"structure"` + + // The network interface details if creating the Amazon Web Services Verified + // Access endpoint as network-interfacetype. + NetworkInterfaceOptions *CreateVerifiedAccessEndpointEniOptions `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `type:"string"` + + // The Amazon EC2 security groups to associate with the Amazon Web Services + // Verified Access endpoint. + SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` + + // The tags to assign to the Amazon Web Services Verified Access endpoint. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The ID of the Verified Access group to associate the endpoint with. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessEndpointInput"} + if s.ApplicationDomain == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationDomain")) + } + if s.AttachmentType == nil { + invalidParams.Add(request.NewErrParamRequired("AttachmentType")) + } + if s.DomainCertificateArn == nil { + invalidParams.Add(request.NewErrParamRequired("DomainCertificateArn")) + } + if s.EndpointDomainPrefix == nil { + invalidParams.Add(request.NewErrParamRequired("EndpointDomainPrefix")) + } + if s.EndpointType == nil { + invalidParams.Add(request.NewErrParamRequired("EndpointType")) + } + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + if s.LoadBalancerOptions != nil { + if err := s.LoadBalancerOptions.Validate(); err != nil { + invalidParams.AddNested("LoadBalancerOptions", err.(request.ErrInvalidParams)) + } + } + if s.NetworkInterfaceOptions != nil { + if err := s.NetworkInterfaceOptions.Validate(); err != nil { + invalidParams.AddNested("NetworkInterfaceOptions", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationDomain sets the ApplicationDomain field's value. +func (s *CreateVerifiedAccessEndpointInput) SetApplicationDomain(v string) *CreateVerifiedAccessEndpointInput { + s.ApplicationDomain = &v + return s +} + +// SetAttachmentType sets the AttachmentType field's value. +func (s *CreateVerifiedAccessEndpointInput) SetAttachmentType(v string) *CreateVerifiedAccessEndpointInput { + s.AttachmentType = &v + return s +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateVerifiedAccessEndpointInput) SetClientToken(v string) *CreateVerifiedAccessEndpointInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateVerifiedAccessEndpointInput) SetDescription(v string) *CreateVerifiedAccessEndpointInput { + s.Description = &v + return s +} + +// SetDomainCertificateArn sets the DomainCertificateArn field's value. +func (s *CreateVerifiedAccessEndpointInput) SetDomainCertificateArn(v string) *CreateVerifiedAccessEndpointInput { + s.DomainCertificateArn = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateVerifiedAccessEndpointInput) SetDryRun(v bool) *CreateVerifiedAccessEndpointInput { + s.DryRun = &v + return s +} + +// SetEndpointDomainPrefix sets the EndpointDomainPrefix field's value. +func (s *CreateVerifiedAccessEndpointInput) SetEndpointDomainPrefix(v string) *CreateVerifiedAccessEndpointInput { + s.EndpointDomainPrefix = &v + return s +} + +// SetEndpointType sets the EndpointType field's value. +func (s *CreateVerifiedAccessEndpointInput) SetEndpointType(v string) *CreateVerifiedAccessEndpointInput { + s.EndpointType = &v + return s +} + +// SetLoadBalancerOptions sets the LoadBalancerOptions field's value. +func (s *CreateVerifiedAccessEndpointInput) SetLoadBalancerOptions(v *CreateVerifiedAccessEndpointLoadBalancerOptions) *CreateVerifiedAccessEndpointInput { + s.LoadBalancerOptions = v + return s +} + +// SetNetworkInterfaceOptions sets the NetworkInterfaceOptions field's value. +func (s *CreateVerifiedAccessEndpointInput) SetNetworkInterfaceOptions(v *CreateVerifiedAccessEndpointEniOptions) *CreateVerifiedAccessEndpointInput { + s.NetworkInterfaceOptions = v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *CreateVerifiedAccessEndpointInput) SetPolicyDocument(v string) *CreateVerifiedAccessEndpointInput { + s.PolicyDocument = &v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *CreateVerifiedAccessEndpointInput) SetSecurityGroupIds(v []*string) *CreateVerifiedAccessEndpointInput { + s.SecurityGroupIds = v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVerifiedAccessEndpointInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessEndpointInput { + s.TagSpecifications = v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *CreateVerifiedAccessEndpointInput) SetVerifiedAccessGroupId(v string) *CreateVerifiedAccessEndpointInput { + s.VerifiedAccessGroupId = &v + return s +} + +// Describes a load balancer when creating an Amazon Web Services Verified Access +// endpoint using the load-balancer type. +type CreateVerifiedAccessEndpointLoadBalancerOptions struct { + _ struct{} `type:"structure"` + + // The ARN of the load balancer. + LoadBalancerArn *string `type:"string"` + + // The IP port number. + Port *int64 `min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `type:"string" enum:"VerifiedAccessEndpointProtocol"` + + // The IDs of the subnets. + SubnetIds []*string `locationName:"SubnetId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointLoadBalancerOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointLoadBalancerOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessEndpointLoadBalancerOptions"} + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetLoadBalancerArn(v string) *CreateVerifiedAccessEndpointLoadBalancerOptions { + s.LoadBalancerArn = &v + return s +} + +// SetPort sets the Port field's value. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetPort(v int64) *CreateVerifiedAccessEndpointLoadBalancerOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetProtocol(v string) *CreateVerifiedAccessEndpointLoadBalancerOptions { + s.Protocol = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*string) *CreateVerifiedAccessEndpointLoadBalancerOptions { + s.SubnetIds = v + return s +} + +type CreateVerifiedAccessEndpointOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessEndpoint sets the VerifiedAccessEndpoint field's value. +func (s *CreateVerifiedAccessEndpointOutput) SetVerifiedAccessEndpoint(v *VerifiedAccessEndpoint) *CreateVerifiedAccessEndpointOutput { + s.VerifiedAccessEndpoint = v + return s +} + +type CreateVerifiedAccessGroupInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access group. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `type:"string"` + + // The tags to assign to the Amazon Web Services Verified Access group. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessGroupInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateVerifiedAccessGroupInput) SetClientToken(v string) *CreateVerifiedAccessGroupInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateVerifiedAccessGroupInput) SetDescription(v string) *CreateVerifiedAccessGroupInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateVerifiedAccessGroupInput) SetDryRun(v bool) *CreateVerifiedAccessGroupInput { + s.DryRun = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *CreateVerifiedAccessGroupInput) SetPolicyDocument(v string) *CreateVerifiedAccessGroupInput { + s.PolicyDocument = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVerifiedAccessGroupInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessGroupInput { + s.TagSpecifications = v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *CreateVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) *CreateVerifiedAccessGroupInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type CreateVerifiedAccessGroupOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Verified Access group. + VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessGroupOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessGroup sets the VerifiedAccessGroup field's value. +func (s *CreateVerifiedAccessGroupOutput) SetVerifiedAccessGroup(v *VerifiedAccessGroup) *CreateVerifiedAccessGroupOutput { + s.VerifiedAccessGroup = v + return s +} + +type CreateVerifiedAccessInstanceInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access instance. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The tags to assign to the Amazon Web Services Verified Access instance. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessInstanceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessInstanceInput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateVerifiedAccessInstanceInput) SetClientToken(v string) *CreateVerifiedAccessInstanceInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateVerifiedAccessInstanceInput) SetDescription(v string) *CreateVerifiedAccessInstanceInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateVerifiedAccessInstanceInput) SetDryRun(v bool) *CreateVerifiedAccessInstanceInput { + s.DryRun = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVerifiedAccessInstanceInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessInstanceInput { + s.TagSpecifications = v + return s +} + +type CreateVerifiedAccessInstanceOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessInstanceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessInstanceOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *CreateVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *CreateVerifiedAccessInstanceOutput { + s.VerifiedAccessInstance = v + return s +} + +// Options for a device-identity type trust provider. +type CreateVerifiedAccessTrustProviderDeviceOptions struct { + _ struct{} `type:"structure"` + + // The ID of the tenant application with the device-identity provider. + TenantId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderDeviceOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderDeviceOptions) GoString() string { + return s.String() +} + +// SetTenantId sets the TenantId field's value. +func (s *CreateVerifiedAccessTrustProviderDeviceOptions) SetTenantId(v string) *CreateVerifiedAccessTrustProviderDeviceOptions { + s.TenantId = &v + return s +} + +type CreateVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access trust provider. + Description *string `type:"string"` + + // The options for device identity based trust providers. + DeviceOptions *CreateVerifiedAccessTrustProviderDeviceOptions `type:"structure"` + + // The type of device-based trust provider. + DeviceTrustProviderType *string `type:"string" enum:"DeviceTrustProviderType"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The OpenID Connect details for an oidc-type, user-identity based trust provider. + OidcOptions *CreateVerifiedAccessTrustProviderOidcOptions `type:"structure"` + + // The identifier to be used when working with policy rules. + // + // PolicyReferenceName is a required field + PolicyReferenceName *string `type:"string" required:"true"` + + // The tags to assign to the Amazon Web Services Verified Access trust provider. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The type of trust provider can be either user or device-based. + // + // TrustProviderType is a required field + TrustProviderType *string `type:"string" required:"true" enum:"TrustProviderType"` + + // The type of user-based trust provider. + UserTrustProviderType *string `type:"string" enum:"UserTrustProviderType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessTrustProviderInput"} + if s.PolicyReferenceName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyReferenceName")) + } + if s.TrustProviderType == nil { + invalidParams.Add(request.NewErrParamRequired("TrustProviderType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetClientToken(v string) *CreateVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetDescription(v string) *CreateVerifiedAccessTrustProviderInput { + s.Description = &v + return s +} + +// SetDeviceOptions sets the DeviceOptions field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetDeviceOptions(v *CreateVerifiedAccessTrustProviderDeviceOptions) *CreateVerifiedAccessTrustProviderInput { + s.DeviceOptions = v + return s +} + +// SetDeviceTrustProviderType sets the DeviceTrustProviderType field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetDeviceTrustProviderType(v string) *CreateVerifiedAccessTrustProviderInput { + s.DeviceTrustProviderType = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetDryRun(v bool) *CreateVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetOidcOptions sets the OidcOptions field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetOidcOptions(v *CreateVerifiedAccessTrustProviderOidcOptions) *CreateVerifiedAccessTrustProviderInput { + s.OidcOptions = v + return s +} + +// SetPolicyReferenceName sets the PolicyReferenceName field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetPolicyReferenceName(v string) *CreateVerifiedAccessTrustProviderInput { + s.PolicyReferenceName = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessTrustProviderInput { + s.TagSpecifications = v + return s +} + +// SetTrustProviderType sets the TrustProviderType field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetTrustProviderType(v string) *CreateVerifiedAccessTrustProviderInput { + s.TrustProviderType = &v + return s +} + +// SetUserTrustProviderType sets the UserTrustProviderType field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetUserTrustProviderType(v string) *CreateVerifiedAccessTrustProviderInput { + s.UserTrustProviderType = &v + return s +} + +// Options for an OIDC-based, user-identity type trust provider. +type CreateVerifiedAccessTrustProviderOidcOptions struct { + _ struct{} `type:"structure"` + + // The OIDC authorization endpoint. + AuthorizationEndpoint *string `type:"string"` + + // The client identifier. + ClientId *string `type:"string"` + + // The client secret. + ClientSecret *string `type:"string"` + + // The OIDC issuer. + Issuer *string `type:"string"` + + // OpenID Connect (OIDC) scopes are used by an application during authentication + // to authorize access to a user's details. Each scope returns a specific set + // of user attributes. + Scope *string `type:"string"` + + // The OIDC token endpoint. + TokenEndpoint *string `type:"string"` + + // The OIDC user info endpoint. + UserInfoEndpoint *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderOidcOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderOidcOptions) GoString() string { + return s.String() +} + +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetAuthorizationEndpoint(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetClientId(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetClientSecret(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.ClientSecret = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetIssuer(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.Issuer = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetScope(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.Scope = &v + return s +} + +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetTokenEndpoint(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.TokenEndpoint = &v + return s +} + +// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetUserInfoEndpoint(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.UserInfoEndpoint = &v + return s +} + +type CreateVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *CreateVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *CreateVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type CreateVolumeInput struct { _ struct{} `type:"structure"` @@ -73811,6 +77501,182 @@ func (s *CustomerGateway) SetType(v string) *CustomerGateway { return s } +// A query used for retrieving network health data. +type DataQuery struct { + _ struct{} `type:"structure"` + + // The Region or Availability Zone that's the target for the data query. For + // example, eu-north-1. + Destination *string `type:"string"` + + // A user-defined ID associated with a data query that's returned in the dataResponse + // identifying the query. For example, if you set the Id to MyQuery01in the + // query, the dataResponse identifies the query as MyQuery01. + Id *string `type:"string"` + + // The aggregation metric used for the data query. Currently only aggregation-latency + // is supported, indicating network latency. + Metric *string `type:"string" enum:"MetricType"` + + // The aggregation period used for the data query. + Period *string `type:"string" enum:"PeriodType"` + + // The Region or Availability Zone that's the source for the data query. For + // example, us-east-1. + Source *string `type:"string"` + + // Metric data aggregations over specified periods of time. The following are + // the supported Infrastructure Performance statistics: + // + // * p50 - The median value of the metric aggregated over a specified start + // and end time. For example, a metric of five_minutes is the median of all + // the data points gathered within those five minutes. + Statistic *string `type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataQuery) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataQuery) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *DataQuery) SetDestination(v string) *DataQuery { + s.Destination = &v + return s +} + +// SetId sets the Id field's value. +func (s *DataQuery) SetId(v string) *DataQuery { + s.Id = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *DataQuery) SetMetric(v string) *DataQuery { + s.Metric = &v + return s +} + +// SetPeriod sets the Period field's value. +func (s *DataQuery) SetPeriod(v string) *DataQuery { + s.Period = &v + return s +} + +// SetSource sets the Source field's value. +func (s *DataQuery) SetSource(v string) *DataQuery { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *DataQuery) SetStatistic(v string) *DataQuery { + s.Statistic = &v + return s +} + +// The response to a DataQuery. +type DataResponse struct { + _ struct{} `type:"structure"` + + // The Region or Availability Zone that's the destination for the data query. + // For example, eu-west-1. + Destination *string `locationName:"destination" type:"string"` + + // The ID passed in the DataQuery. + Id *string `locationName:"id" type:"string"` + + // The metric used for the network performance request. Currently only aggregate-latency + // is supported, showing network latency during a specified period. + Metric *string `locationName:"metric" type:"string" enum:"MetricType"` + + // A list of MetricPoint objects. + MetricPoints []*MetricPoint `locationName:"metricPointSet" locationNameList:"item" type:"list"` + + // The period used for the network performance request. + Period *string `locationName:"period" type:"string" enum:"PeriodType"` + + // The Region or Availability Zone that's the source for the data query. For + // example, us-east-1. + Source *string `locationName:"source" type:"string"` + + // The statistic used for the network performance request. + Statistic *string `locationName:"statistic" type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataResponse) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *DataResponse) SetDestination(v string) *DataResponse { + s.Destination = &v + return s +} + +// SetId sets the Id field's value. +func (s *DataResponse) SetId(v string) *DataResponse { + s.Id = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *DataResponse) SetMetric(v string) *DataResponse { + s.Metric = &v + return s +} + +// SetMetricPoints sets the MetricPoints field's value. +func (s *DataResponse) SetMetricPoints(v []*MetricPoint) *DataResponse { + s.MetricPoints = v + return s +} + +// SetPeriod sets the Period field's value. +func (s *DataResponse) SetPeriod(v string) *DataResponse { + s.Period = &v + return s +} + +// SetSource sets the Source field's value. +func (s *DataResponse) SetSource(v string) *DataResponse { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *DataResponse) SetStatistic(v string) *DataResponse { + s.Statistic = &v + return s +} + type DeleteCarrierGatewayInput struct { _ struct{} `type:"structure"` @@ -74265,7 +78131,7 @@ func (s *DeleteCoipPoolInput) SetDryRun(v bool) *DeleteCoipPoolInput { type DeleteCoipPoolOutput struct { _ struct{} `type:"structure"` - // Describes a customer-owned address pool. + // Information about the CoIP address pool. CoipPool *CoipPool `locationName:"coipPool" type:"structure"` } @@ -76019,7 +79885,7 @@ func (s *DeleteLocalGatewayRouteTableInput) SetLocalGatewayRouteTableId(v string type DeleteLocalGatewayRouteTableOutput struct { _ struct{} `type:"structure"` - // Describes a local gateway route table. + // Information about the local gateway route table. LocalGatewayRouteTable *LocalGatewayRouteTable `locationName:"localGatewayRouteTable" type:"structure"` } @@ -76108,8 +79974,7 @@ func (s *DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociationInput) SetL type DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociationOutput struct { _ struct{} `type:"structure"` - // Describes an association between a local gateway route table and a virtual - // interface group. + // Information about the association. LocalGatewayRouteTableVirtualInterfaceGroupAssociation *LocalGatewayRouteTableVirtualInterfaceGroupAssociation `locationName:"localGatewayRouteTableVirtualInterfaceGroupAssociation" type:"structure"` } @@ -79478,6 +83343,406 @@ func (s *DeleteTransitGatewayVpcAttachmentOutput) SetTransitGatewayVpcAttachment return s } +type DeleteVerifiedAccessEndpointInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access endpoint. + // + // VerifiedAccessEndpointId is a required field + VerifiedAccessEndpointId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteVerifiedAccessEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteVerifiedAccessEndpointInput"} + if s.VerifiedAccessEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DeleteVerifiedAccessEndpointInput) SetClientToken(v string) *DeleteVerifiedAccessEndpointInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteVerifiedAccessEndpointInput) SetDryRun(v bool) *DeleteVerifiedAccessEndpointInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *DeleteVerifiedAccessEndpointInput) SetVerifiedAccessEndpointId(v string) *DeleteVerifiedAccessEndpointInput { + s.VerifiedAccessEndpointId = &v + return s +} + +type DeleteVerifiedAccessEndpointOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessEndpointOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessEndpoint sets the VerifiedAccessEndpoint field's value. +func (s *DeleteVerifiedAccessEndpointOutput) SetVerifiedAccessEndpoint(v *VerifiedAccessEndpoint) *DeleteVerifiedAccessEndpointOutput { + s.VerifiedAccessEndpoint = v + return s +} + +type DeleteVerifiedAccessGroupInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access group. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteVerifiedAccessGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteVerifiedAccessGroupInput"} + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DeleteVerifiedAccessGroupInput) SetClientToken(v string) *DeleteVerifiedAccessGroupInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteVerifiedAccessGroupInput) SetDryRun(v bool) *DeleteVerifiedAccessGroupInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *DeleteVerifiedAccessGroupInput) SetVerifiedAccessGroupId(v string) *DeleteVerifiedAccessGroupInput { + s.VerifiedAccessGroupId = &v + return s +} + +type DeleteVerifiedAccessGroupOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access group. + VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessGroupOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessGroup sets the VerifiedAccessGroup field's value. +func (s *DeleteVerifiedAccessGroupOutput) SetVerifiedAccessGroup(v *VerifiedAccessGroup) *DeleteVerifiedAccessGroupOutput { + s.VerifiedAccessGroup = v + return s +} + +type DeleteVerifiedAccessInstanceInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessInstanceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessInstanceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteVerifiedAccessInstanceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteVerifiedAccessInstanceInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DeleteVerifiedAccessInstanceInput) SetClientToken(v string) *DeleteVerifiedAccessInstanceInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteVerifiedAccessInstanceInput) SetDryRun(v bool) *DeleteVerifiedAccessInstanceInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *DeleteVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string) *DeleteVerifiedAccessInstanceInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type DeleteVerifiedAccessInstanceOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessInstanceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessInstanceOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *DeleteVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *DeleteVerifiedAccessInstanceOutput { + s.VerifiedAccessInstance = v + return s +} + +type DeleteVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access trust provider. + // + // VerifiedAccessTrustProviderId is a required field + VerifiedAccessTrustProviderId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteVerifiedAccessTrustProviderInput"} + if s.VerifiedAccessTrustProviderId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessTrustProviderId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DeleteVerifiedAccessTrustProviderInput) SetClientToken(v string) *DeleteVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteVerifiedAccessTrustProviderInput) SetDryRun(v bool) *DeleteVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *DeleteVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *DeleteVerifiedAccessTrustProviderInput { + s.VerifiedAccessTrustProviderId = &v + return s +} + +type DeleteVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *DeleteVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *DeleteVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type DeleteVolumeInput struct { _ struct{} `type:"structure"` @@ -81581,6 +85846,109 @@ func (s *DescribeAvailabilityZonesOutput) SetAvailabilityZones(v []*Availability return s } +type DescribeAwsNetworkPerformanceMetricSubscriptionsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAwsNetworkPerformanceMetricSubscriptionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAwsNetworkPerformanceMetricSubscriptionsInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) SetDryRun(v bool) *DescribeAwsNetworkPerformanceMetricSubscriptionsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) SetFilters(v []*Filter) *DescribeAwsNetworkPerformanceMetricSubscriptionsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) SetMaxResults(v int64) *DescribeAwsNetworkPerformanceMetricSubscriptionsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) SetNextToken(v string) *DescribeAwsNetworkPerformanceMetricSubscriptionsInput { + s.NextToken = &v + return s +} + +type DescribeAwsNetworkPerformanceMetricSubscriptionsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Describes the current Infrastructure Performance subscriptions. + Subscriptions []*Subscription `locationName:"subscriptionSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) SetNextToken(v string) *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput { + s.NextToken = &v + return s +} + +// SetSubscriptions sets the Subscriptions field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) SetSubscriptions(v []*Subscription) *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput { + s.Subscriptions = v + return s +} + type DescribeBundleTasksInput struct { _ struct{} `type:"structure"` @@ -86269,7 +90637,7 @@ type DescribeImageAttributeOutput struct { // by default, the instance requires that IMDSv2 is used when requesting instance // metadata. In addition, HttpPutResponseHopLimit is set to 2. For more information, // see Configure the AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-IMDS-new-instances.html#configure-IMDS-new-instances-ami-configuration) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. ImdsSupport *AttributeValue `locationName:"imdsSupport" type:"structure"` // The kernel ID. @@ -86303,7 +90671,7 @@ type DescribeImageAttributeOutput struct { // command. You can inspect and modify the UEFI data by using the python-uefivars // tool (https://github.com/awslabs/python-uefivars) on GitHub. For more information, // see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. UefiData *AttributeValue `locationName:"uefiData" type:"structure"` } @@ -86530,6 +90898,13 @@ type DescribeImagesInput struct { // of what you specify for this parameter. IncludeDeprecated *bool `type:"boolean"` + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + // Scopes the results to images with the specified owners. You can specify a // combination of Amazon Web Services account IDs, self, amazon, and aws-marketplace. // If you omit this parameter, the results include all images for which you @@ -86585,6 +90960,18 @@ func (s *DescribeImagesInput) SetIncludeDeprecated(v bool) *DescribeImagesInput return s } +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeImagesInput) SetMaxResults(v int64) *DescribeImagesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeImagesInput) SetNextToken(v string) *DescribeImagesInput { + s.NextToken = &v + return s +} + // SetOwners sets the Owners field's value. func (s *DescribeImagesInput) SetOwners(v []*string) *DescribeImagesInput { s.Owners = v @@ -86596,6 +90983,10 @@ type DescribeImagesOutput struct { // Information about the images. Images []*Image `locationName:"imagesSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation. @@ -86622,6 +91013,12 @@ func (s *DescribeImagesOutput) SetImages(v []*Image) *DescribeImagesOutput { return s } +// SetNextToken sets the NextToken field's value. +func (s *DescribeImagesOutput) SetNextToken(v string) *DescribeImagesOutput { + s.NextToken = &v + return s +} + type DescribeImportImageTasksInput struct { _ struct{} `type:"structure"` @@ -98132,6 +102529,659 @@ func (s *DescribeTrunkInterfaceAssociationsOutput) SetNextToken(v string) *Descr return s } +type DescribeVerifiedAccessEndpointsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpointIds []*string `locationName:"VerifiedAccessEndpointId" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access group. + VerifiedAccessGroupId *string `type:"string"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessEndpointsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessEndpointsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessEndpointsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessEndpointsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetDryRun(v bool) *DescribeVerifiedAccessEndpointsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetFilters(v []*Filter) *DescribeVerifiedAccessEndpointsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetMaxResults(v int64) *DescribeVerifiedAccessEndpointsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetNextToken(v string) *DescribeVerifiedAccessEndpointsInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessEndpointIds sets the VerifiedAccessEndpointIds field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetVerifiedAccessEndpointIds(v []*string) *DescribeVerifiedAccessEndpointsInput { + s.VerifiedAccessEndpointIds = v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetVerifiedAccessGroupId(v string) *DescribeVerifiedAccessEndpointsInput { + s.VerifiedAccessGroupId = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetVerifiedAccessInstanceId(v string) *DescribeVerifiedAccessEndpointsInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type DescribeVerifiedAccessEndpointsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpoints []*VerifiedAccessEndpoint `locationName:"verifiedAccessEndpointSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessEndpointsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessEndpointsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessEndpointsOutput) SetNextToken(v string) *DescribeVerifiedAccessEndpointsOutput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessEndpoints sets the VerifiedAccessEndpoints field's value. +func (s *DescribeVerifiedAccessEndpointsOutput) SetVerifiedAccessEndpoints(v []*VerifiedAccessEndpoint) *DescribeVerifiedAccessEndpointsOutput { + s.VerifiedAccessEndpoints = v + return s +} + +type DescribeVerifiedAccessGroupsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the Amazon Web Services Verified Access groups. + VerifiedAccessGroupIds []*string `locationName:"VerifiedAccessGroupId" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessGroupsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessGroupsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessGroupsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetDryRun(v bool) *DescribeVerifiedAccessGroupsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetFilters(v []*Filter) *DescribeVerifiedAccessGroupsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetMaxResults(v int64) *DescribeVerifiedAccessGroupsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetNextToken(v string) *DescribeVerifiedAccessGroupsInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessGroupIds sets the VerifiedAccessGroupIds field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetVerifiedAccessGroupIds(v []*string) *DescribeVerifiedAccessGroupsInput { + s.VerifiedAccessGroupIds = v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetVerifiedAccessInstanceId(v string) *DescribeVerifiedAccessGroupsInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type DescribeVerifiedAccessGroupsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The ID of the Verified Access group. + VerifiedAccessGroups []*VerifiedAccessGroup `locationName:"verifiedAccessGroupSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessGroupsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessGroupsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessGroupsOutput) SetNextToken(v string) *DescribeVerifiedAccessGroupsOutput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessGroups sets the VerifiedAccessGroups field's value. +func (s *DescribeVerifiedAccessGroupsOutput) SetVerifiedAccessGroups(v []*VerifiedAccessGroup) *DescribeVerifiedAccessGroupsOutput { + s.VerifiedAccessGroups = v + return s +} + +type DescribeVerifiedAccessInstanceLoggingConfigurationsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"1" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the Amazon Web Services Verified Access instances. + VerifiedAccessInstanceIds []*string `locationName:"VerifiedAccessInstanceId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstanceLoggingConfigurationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstanceLoggingConfigurationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessInstanceLoggingConfigurationsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetDryRun(v bool) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetFilters(v []*Filter) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetMaxResults(v int64) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetNextToken(v string) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessInstanceIds sets the VerifiedAccessInstanceIds field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetVerifiedAccessInstanceIds(v []*string) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.VerifiedAccessInstanceIds = v + return s +} + +type DescribeVerifiedAccessInstanceLoggingConfigurationsOutput struct { + _ struct{} `type:"structure"` + + // The current logging configuration for the Amazon Web Services Verified Access + // instances. + LoggingConfigurations []*VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfigurationSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) GoString() string { + return s.String() +} + +// SetLoggingConfigurations sets the LoggingConfigurations field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) SetLoggingConfigurations(v []*VerifiedAccessInstanceLoggingConfiguration) *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput { + s.LoggingConfigurations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) SetNextToken(v string) *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput { + s.NextToken = &v + return s +} + +type DescribeVerifiedAccessInstancesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the Amazon Web Services Verified Access instances. + VerifiedAccessInstanceIds []*string `locationName:"VerifiedAccessInstanceId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstancesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstancesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessInstancesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessInstancesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetDryRun(v bool) *DescribeVerifiedAccessInstancesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetFilters(v []*Filter) *DescribeVerifiedAccessInstancesInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetMaxResults(v int64) *DescribeVerifiedAccessInstancesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetNextToken(v string) *DescribeVerifiedAccessInstancesInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessInstanceIds sets the VerifiedAccessInstanceIds field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetVerifiedAccessInstanceIds(v []*string) *DescribeVerifiedAccessInstancesInput { + s.VerifiedAccessInstanceIds = v + return s +} + +type DescribeVerifiedAccessInstancesOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The IDs of the Amazon Web Services Verified Access instances. + VerifiedAccessInstances []*VerifiedAccessInstance `locationName:"verifiedAccessInstanceSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstancesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstancesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessInstancesOutput) SetNextToken(v string) *DescribeVerifiedAccessInstancesOutput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessInstances sets the VerifiedAccessInstances field's value. +func (s *DescribeVerifiedAccessInstancesOutput) SetVerifiedAccessInstances(v []*VerifiedAccessInstance) *DescribeVerifiedAccessInstancesOutput { + s.VerifiedAccessInstances = v + return s +} + +type DescribeVerifiedAccessTrustProvidersInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the Amazon Web Services Verified Access trust providers. + VerifiedAccessTrustProviderIds []*string `locationName:"VerifiedAccessTrustProviderId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessTrustProvidersInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessTrustProvidersInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessTrustProvidersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessTrustProvidersInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetDryRun(v bool) *DescribeVerifiedAccessTrustProvidersInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetFilters(v []*Filter) *DescribeVerifiedAccessTrustProvidersInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetMaxResults(v int64) *DescribeVerifiedAccessTrustProvidersInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetNextToken(v string) *DescribeVerifiedAccessTrustProvidersInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessTrustProviderIds sets the VerifiedAccessTrustProviderIds field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetVerifiedAccessTrustProviderIds(v []*string) *DescribeVerifiedAccessTrustProvidersInput { + s.VerifiedAccessTrustProviderIds = v + return s +} + +type DescribeVerifiedAccessTrustProvidersOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The IDs of the Amazon Web Services Verified Access trust providers. + VerifiedAccessTrustProviders []*VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProviderSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessTrustProvidersOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessTrustProvidersOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessTrustProvidersOutput) SetNextToken(v string) *DescribeVerifiedAccessTrustProvidersOutput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessTrustProviders sets the VerifiedAccessTrustProviders field's value. +func (s *DescribeVerifiedAccessTrustProvidersOutput) SetVerifiedAccessTrustProviders(v []*VerifiedAccessTrustProvider) *DescribeVerifiedAccessTrustProvidersOutput { + s.VerifiedAccessTrustProviders = v + return s +} + type DescribeVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -99576,9 +104626,12 @@ type DescribeVpcEndpointServicesInput struct { // One or more filters. // + // * owner - The ID or alias of the Amazon Web Services account that owns + // the service. + // // * service-name - The name of the service. // - // * service-type - The type of service (Interface | Gateway). + // * service-type - The type of service (Interface | Gateway | GatewayLoadBalancer). // // * supported-ip-address-types - The IP address type (ipv4 | ipv6). // @@ -99723,16 +104776,6 @@ type DescribeVpcEndpointsInput struct { // // * service-name - The name of the service. // - // * vpc-id - The ID of the VPC in which the endpoint resides. - // - // * vpc-endpoint-id - The ID of the endpoint. - // - // * vpc-endpoint-state - The state of the endpoint (pendingAcceptance | - // pending | available | deleting | deleted | rejected | failed). - // - // * vpc-endpoint-type - The type of VPC endpoint (Interface | Gateway | - // GatewayLoadBalancer). - // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. // For example, to find all resources that have a tag with the key Owner @@ -99742,6 +104785,16 @@ type DescribeVpcEndpointsInput struct { // * tag-key - The key of a tag assigned to the resource. Use this filter // to find all resources assigned a tag with a specific key, regardless of // the tag value. + // + // * vpc-id - The ID of the VPC in which the endpoint resides. + // + // * vpc-endpoint-id - The ID of the endpoint. + // + // * vpc-endpoint-state - The state of the endpoint (pendingAcceptance | + // pending | available | deleting | deleted | rejected | failed). + // + // * vpc-endpoint-type - The type of VPC endpoint (Interface | Gateway | + // GatewayLoadBalancer). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of items to return for this request. The request returns @@ -100830,6 +105883,129 @@ func (s DetachNetworkInterfaceOutput) GoString() string { return s.String() } +type DetachVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services Verified Access trust provider. + // + // VerifiedAccessTrustProviderId is a required field + VerifiedAccessTrustProviderId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DetachVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DetachVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DetachVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DetachVerifiedAccessTrustProviderInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + if s.VerifiedAccessTrustProviderId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessTrustProviderId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DetachVerifiedAccessTrustProviderInput) SetClientToken(v string) *DetachVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DetachVerifiedAccessTrustProviderInput) SetDryRun(v bool) *DetachVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *DetachVerifiedAccessTrustProviderInput) SetVerifiedAccessInstanceId(v string) *DetachVerifiedAccessTrustProviderInput { + s.VerifiedAccessInstanceId = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *DetachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *DetachVerifiedAccessTrustProviderInput { + s.VerifiedAccessTrustProviderId = &v + return s +} + +type DetachVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DetachVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DetachVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *DetachVerifiedAccessTrustProviderOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *DetachVerifiedAccessTrustProviderOutput { + s.VerifiedAccessInstance = v + return s +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *DetachVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *DetachVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type DetachVolumeInput struct { _ struct{} `type:"structure"` @@ -101017,6 +106193,39 @@ func (s DetachVpnGatewayOutput) GoString() string { return s.String() } +// Options for an Amazon Web Services Verified Access device-identity based +// trust provider. +type DeviceOptions struct { + _ struct{} `type:"structure"` + + // The ID of the tenant application with the device-identity provider. + TenantId *string `locationName:"tenantId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeviceOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeviceOptions) GoString() string { + return s.String() +} + +// SetTenantId sets the TenantId field's value. +func (s *DeviceOptions) SetTenantId(v string) *DeviceOptions { + s.TenantId = &v + return s +} + // Describes a DHCP configuration option. type DhcpConfiguration struct { _ struct{} `type:"structure"` @@ -101270,6 +106479,109 @@ func (s *DisableAddressTransferOutput) SetAddressTransfer(v *AddressTransfer) *D return s } +type DisableAwsNetworkPerformanceMetricSubscriptionInput struct { + _ struct{} `type:"structure"` + + // The target Region or Availability Zone that the metric subscription is disabled + // for. For example, eu-north-1. + Destination *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The metric used for the disabled subscription. + Metric *string `type:"string" enum:"MetricType"` + + // The source Region or Availability Zone that the metric subscription is disabled + // for. For example, us-east-1. + Source *string `type:"string"` + + // The statistic used for the disabled subscription. + Statistic *string `type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableAwsNetworkPerformanceMetricSubscriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableAwsNetworkPerformanceMetricSubscriptionInput) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetDestination(v string) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.Destination = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetDryRun(v bool) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.DryRun = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetMetric(v string) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.Metric = &v + return s +} + +// SetSource sets the Source field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetSource(v string) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetStatistic(v string) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.Statistic = &v + return s +} + +type DisableAwsNetworkPerformanceMetricSubscriptionOutput struct { + _ struct{} `type:"structure"` + + // Indicates whether the unsubscribe action was successful. + Output *bool `locationName:"output" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableAwsNetworkPerformanceMetricSubscriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableAwsNetworkPerformanceMetricSubscriptionOutput) GoString() string { + return s.String() +} + +// SetOutput sets the Output field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionOutput) SetOutput(v bool) *DisableAwsNetworkPerformanceMetricSubscriptionOutput { + s.Output = &v + return s +} + type DisableEbsEncryptionByDefaultInput struct { _ struct{} `type:"structure"` @@ -104946,6 +110258,96 @@ func (s *ElasticInferenceAcceleratorAssociation) SetElasticInferenceAcceleratorA return s } +// ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology +// to increase the maximum bandwidth used per stream and minimize tail latency +// of network traffic between EC2 instances. With ENA Express, you can communicate +// between two EC2 instances in the same subnet within the same account, or +// in different accounts. Both sending and receiving instances must have ENA +// Express enabled. +// +// To improve the reliability of network packet delivery, ENA Express reorders +// network packets on the receiving end by default. However, some UDP-based +// applications are designed to handle network packets that are out of order +// to reduce the overhead for packet delivery at the network layer. When ENA +// Express is enabled, you can specify whether UDP network traffic uses it. +type EnaSrdSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether ENA Express is enabled for the network interface. + EnaSrdEnabled *bool `type:"boolean"` + + // Configures ENA Express for UDP network traffic. + EnaSrdUdpSpecification *EnaSrdUdpSpecification `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *EnaSrdSpecification) SetEnaSrdEnabled(v bool) *EnaSrdSpecification { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *EnaSrdSpecification) SetEnaSrdUdpSpecification(v *EnaSrdUdpSpecification) *EnaSrdSpecification { + s.EnaSrdUdpSpecification = v + return s +} + +// ENA Express is compatible with both TCP and UDP transport protocols. When +// it’s enabled, TCP traffic automatically uses it. However, some UDP-based +// applications are designed to handle network packets that are out of order, +// without a need for retransmission, such as live video broadcasting or other +// near-real-time applications. For UDP traffic, you can specify whether to +// use ENA Express, based on your application environment needs. +type EnaSrdUdpSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic uses ENA Express. To specify this setting, + // you must first enable ENA Express. + EnaSrdUdpEnabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdUdpSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdUdpSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *EnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *EnaSrdUdpSpecification { + s.EnaSrdUdpEnabled = &v + return s +} + type EnableAddressTransferInput struct { _ struct{} `type:"structure"` @@ -105049,6 +110451,109 @@ func (s *EnableAddressTransferOutput) SetAddressTransfer(v *AddressTransfer) *En return s } +type EnableAwsNetworkPerformanceMetricSubscriptionInput struct { + _ struct{} `type:"structure"` + + // The target Region or Availability Zone that the metric subscription is enabled + // for. For example, eu-west-1. + Destination *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The metric used for the enabled subscription. + Metric *string `type:"string" enum:"MetricType"` + + // The source Region or Availability Zone that the metric subscription is enabled + // for. For example, us-east-1. + Source *string `type:"string"` + + // The statistic used for the enabled subscription. + Statistic *string `type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableAwsNetworkPerformanceMetricSubscriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableAwsNetworkPerformanceMetricSubscriptionInput) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetDestination(v string) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.Destination = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetDryRun(v bool) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.DryRun = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetMetric(v string) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.Metric = &v + return s +} + +// SetSource sets the Source field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetSource(v string) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetStatistic(v string) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.Statistic = &v + return s +} + +type EnableAwsNetworkPerformanceMetricSubscriptionOutput struct { + _ struct{} `type:"structure"` + + // Indicates whether the subscribe action was successful. + Output *bool `locationName:"output" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableAwsNetworkPerformanceMetricSubscriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableAwsNetworkPerformanceMetricSubscriptionOutput) GoString() string { + return s.String() +} + +// SetOutput sets the Output field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionOutput) SetOutput(v bool) *EnableAwsNetworkPerformanceMetricSubscriptionOutput { + s.Output = &v + return s +} + type EnableEbsEncryptionByDefaultInput struct { _ struct{} `type:"structure"` @@ -105896,6 +111401,71 @@ func (s *EnableIpamOrganizationAdminAccountOutput) SetSuccess(v bool) *EnableIpa return s } +type EnableReachabilityAnalyzerOrganizationSharingInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableReachabilityAnalyzerOrganizationSharingInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableReachabilityAnalyzerOrganizationSharingInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableReachabilityAnalyzerOrganizationSharingInput) SetDryRun(v bool) *EnableReachabilityAnalyzerOrganizationSharingInput { + s.DryRun = &v + return s +} + +type EnableReachabilityAnalyzerOrganizationSharingOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + ReturnValue *bool `locationName:"returnValue" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableReachabilityAnalyzerOrganizationSharingOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableReachabilityAnalyzerOrganizationSharingOutput) GoString() string { + return s.String() +} + +// SetReturnValue sets the ReturnValue field's value. +func (s *EnableReachabilityAnalyzerOrganizationSharingOutput) SetReturnValue(v bool) *EnableReachabilityAnalyzerOrganizationSharingOutput { + s.ReturnValue = &v + return s +} + type EnableSerialConsoleAccessInput struct { _ struct{} `type:"structure"` @@ -109876,6 +115446,8 @@ type FpgaImage struct { // The FPGA image identifier (AFI ID). FpgaImageId *string `locationName:"fpgaImageId" type:"string"` + InstanceTypes []*string `locationName:"instanceTypes" locationNameList:"item" type:"list"` + // The name of the AFI. Name *string `locationName:"name" type:"string"` @@ -109956,6 +115528,12 @@ func (s *FpgaImage) SetFpgaImageId(v string) *FpgaImage { return s } +// SetInstanceTypes sets the InstanceTypes field's value. +func (s *FpgaImage) SetInstanceTypes(v []*string) *FpgaImage { + s.InstanceTypes = v + return s +} + // SetName sets the Name field's value. func (s *FpgaImage) SetName(v string) *FpgaImage { s.Name = &v @@ -110384,6 +115962,129 @@ func (s *GetAssociatedIpv6PoolCidrsOutput) SetNextToken(v string) *GetAssociated return s } +type GetAwsNetworkPerformanceDataInput struct { + _ struct{} `type:"structure"` + + // A list of network performance data queries. + DataQueries []*DataQuery `locationName:"DataQuery" type:"list"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ending time for the performance data request. The end time must be formatted + // as yyyy-mm-ddThh:mm:ss. For example, 2022-06-12T12:00:00.000Z. + EndTime *time.Time `type:"timestamp"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The starting time for the performance data request. The starting time must + // be formatted as yyyy-mm-ddThh:mm:ss. For example, 2022-06-10T12:00:00.000Z. + StartTime *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAwsNetworkPerformanceDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAwsNetworkPerformanceDataInput) GoString() string { + return s.String() +} + +// SetDataQueries sets the DataQueries field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetDataQueries(v []*DataQuery) *GetAwsNetworkPerformanceDataInput { + s.DataQueries = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetDryRun(v bool) *GetAwsNetworkPerformanceDataInput { + s.DryRun = &v + return s +} + +// SetEndTime sets the EndTime field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetEndTime(v time.Time) *GetAwsNetworkPerformanceDataInput { + s.EndTime = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetMaxResults(v int64) *GetAwsNetworkPerformanceDataInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetNextToken(v string) *GetAwsNetworkPerformanceDataInput { + s.NextToken = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetStartTime(v time.Time) *GetAwsNetworkPerformanceDataInput { + s.StartTime = &v + return s +} + +type GetAwsNetworkPerformanceDataOutput struct { + _ struct{} `type:"structure"` + + // The list of data responses. + DataResponses []*DataResponse `locationName:"dataResponseSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAwsNetworkPerformanceDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAwsNetworkPerformanceDataOutput) GoString() string { + return s.String() +} + +// SetDataResponses sets the DataResponses field's value. +func (s *GetAwsNetworkPerformanceDataOutput) SetDataResponses(v []*DataResponse) *GetAwsNetworkPerformanceDataOutput { + s.DataResponses = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetAwsNetworkPerformanceDataOutput) SetNextToken(v string) *GetAwsNetworkPerformanceDataOutput { + s.NextToken = &v + return s +} + type GetCapacityReservationUsageInput struct { _ struct{} `type:"structure"` @@ -114620,6 +120321,202 @@ func (s *GetTransitGatewayRouteTablePropagationsOutput) SetTransitGatewayRouteTa return s } +type GetVerifiedAccessEndpointPolicyInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access endpoint. + // + // VerifiedAccessEndpointId is a required field + VerifiedAccessEndpointId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessEndpointPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessEndpointPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetVerifiedAccessEndpointPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetVerifiedAccessEndpointPolicyInput"} + if s.VerifiedAccessEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetVerifiedAccessEndpointPolicyInput) SetDryRun(v bool) *GetVerifiedAccessEndpointPolicyInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *GetVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v string) *GetVerifiedAccessEndpointPolicyInput { + s.VerifiedAccessEndpointId = &v + return s +} + +type GetVerifiedAccessEndpointPolicyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The status of the Verified Access policy. + PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessEndpointPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessEndpointPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *GetVerifiedAccessEndpointPolicyOutput) SetPolicyDocument(v string) *GetVerifiedAccessEndpointPolicyOutput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *GetVerifiedAccessEndpointPolicyOutput) SetPolicyEnabled(v bool) *GetVerifiedAccessEndpointPolicyOutput { + s.PolicyEnabled = &v + return s +} + +type GetVerifiedAccessGroupPolicyInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access group. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessGroupPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessGroupPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetVerifiedAccessGroupPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetVerifiedAccessGroupPolicyInput"} + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetVerifiedAccessGroupPolicyInput) SetDryRun(v bool) *GetVerifiedAccessGroupPolicyInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *GetVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string) *GetVerifiedAccessGroupPolicyInput { + s.VerifiedAccessGroupId = &v + return s +} + +type GetVerifiedAccessGroupPolicyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The status of the Verified Access policy. + PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessGroupPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessGroupPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *GetVerifiedAccessGroupPolicyOutput) SetPolicyDocument(v string) *GetVerifiedAccessGroupPolicyOutput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *GetVerifiedAccessGroupPolicyOutput) SetPolicyEnabled(v bool) *GetVerifiedAccessGroupPolicyOutput { + s.PolicyEnabled = &v + return s +} + type GetVpnConnectionDeviceSampleConfigurationInput struct { _ struct{} `type:"structure"` @@ -116083,7 +121980,7 @@ type Image struct { BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` // The boot mode of the image. For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. BootMode *string `locationName:"bootMode" type:"string" enum:"BootModeValues"` // The date and time the image was created. @@ -116121,7 +122018,7 @@ type Image struct { // by default, the instance requires that IMDSv2 is used when requesting instance // metadata. In addition, HttpPutResponseHopLimit is set to 2. For more information, // see Configure the AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-IMDS-new-instances.html#configure-IMDS-new-instances-ami-configuration) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. ImdsSupport *string `locationName:"imdsSupport" type:"string" enum:"ImdsSupportValues"` // The kernel associated with the image, if any. Only applicable for machine @@ -116139,7 +122036,7 @@ type Image struct { // The platform details associated with the billing code of the AMI. For more // information, see Understand AMI billing information (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. PlatformDetails *string `locationName:"platformDetails" type:"string"` // Any product codes associated with the AMI. @@ -116177,7 +122074,7 @@ type Image struct { // If the image is configured for NitroTPM support, the value is v2.0. For more // information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. TpmSupport *string `locationName:"tpmSupport" type:"string" enum:"TpmSupportValues"` // The operation of the Amazon EC2 instance and the billing code that is associated @@ -128417,7 +134314,7 @@ type LocalGatewayRouteTable struct { // The state of the local gateway route table. State *string `locationName:"state" type:"string"` - // Describes a state change. + // Information about the state change. StateReason *StateReason `locationName:"stateReason" type:"structure"` // The tags assigned to the local gateway route table. @@ -129197,6 +135094,69 @@ func (s *MemoryMiBRequest) SetMin(v int64) *MemoryMiBRequest { return s } +// Indicates whether the network was healthy or unhealthy at a particular point. +// The value is aggregated from the startDate to the endDate. Currently only +// five_minutes is supported. +type MetricPoint struct { + _ struct{} `type:"structure"` + + // The end date for the metric point. The ending time must be formatted as yyyy-mm-ddThh:mm:ss. + // For example, 2022-06-12T12:00:00.000Z. + EndDate *time.Time `locationName:"endDate" type:"timestamp"` + + // The start date for the metric point. The starting date for the metric point. + // The starting time must be formatted as yyyy-mm-ddThh:mm:ss. For example, + // 2022-06-10T12:00:00.000Z. + StartDate *time.Time `locationName:"startDate" type:"timestamp"` + + // The status of the metric point. + Status *string `locationName:"status" type:"string"` + + Value *float64 `locationName:"value" type:"float"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricPoint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricPoint) GoString() string { + return s.String() +} + +// SetEndDate sets the EndDate field's value. +func (s *MetricPoint) SetEndDate(v time.Time) *MetricPoint { + s.EndDate = &v + return s +} + +// SetStartDate sets the StartDate field's value. +func (s *MetricPoint) SetStartDate(v time.Time) *MetricPoint { + s.StartDate = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *MetricPoint) SetStatus(v string) *MetricPoint { + s.Status = &v + return s +} + +// SetValue sets the Value field's value. +func (s *MetricPoint) SetValue(v float64) *MetricPoint { + s.Value = &v + return s +} + type ModifyAddressAttributeInput struct { _ struct{} `type:"structure"` @@ -132877,7 +138837,7 @@ func (s *ModifyLocalGatewayRouteInput) SetNetworkInterfaceId(v string) *ModifyLo type ModifyLocalGatewayRouteOutput struct { _ struct{} `type:"structure"` - // Describes a route for a local gateway route table. + // Information about the local gateway route table. Route *LocalGatewayRoute `locationName:"route" type:"structure"` } @@ -133069,7 +139029,7 @@ func (s *ModifyManagedPrefixListOutput) SetPrefixList(v *ManagedPrefixList) *Mod type ModifyNetworkInterfaceAttributeInput struct { _ struct{} `type:"structure"` - // Information about the interface attachment. If modifying the 'delete on termination' + // Information about the interface attachment. If modifying the delete on termination // attribute, you must specify the ID of the interface attachment. Attachment *NetworkInterfaceAttachmentChanges `locationName:"attachment" type:"structure"` @@ -133082,6 +139042,10 @@ type ModifyNetworkInterfaceAttributeInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // Updates the ENA Express configuration for the network interface that’s + // attached to the instance. + EnaSrdSpecification *EnaSrdSpecification `type:"structure"` + // Changes the security groups for the network interface. The new set of groups // you specify replaces the current set. You must specify at least one group, // even if it's just the default security group in the VPC. You must specify @@ -133151,6 +139115,12 @@ func (s *ModifyNetworkInterfaceAttributeInput) SetDryRun(v bool) *ModifyNetworkI return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *ModifyNetworkInterfaceAttributeInput) SetEnaSrdSpecification(v *EnaSrdSpecification) *ModifyNetworkInterfaceAttributeInput { + s.EnaSrdSpecification = v + return s +} + // SetGroups sets the Groups field's value. func (s *ModifyNetworkInterfaceAttributeInput) SetGroups(v []*string) *ModifyNetworkInterfaceAttributeInput { s.Groups = v @@ -134716,7 +140686,7 @@ func (s *ModifyTransitGatewayOptions) SetVpnEcmpSupport(v string) *ModifyTransit type ModifyTransitGatewayOutput struct { _ struct{} `type:"structure"` - // Describes a transit gateway. + // Information about the transit gateway. TransitGateway *TransitGateway `locationName:"transitGateway" type:"structure"` } @@ -135034,6 +141004,1033 @@ func (s *ModifyTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } +// Options for a network-interface type Verified Access endpoint. +type ModifyVerifiedAccessEndpointEniOptions struct { + _ struct{} `type:"structure"` + + // The IP port number. + Port *int64 `min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `type:"string" enum:"VerifiedAccessEndpointProtocol"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointEniOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointEniOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessEndpointEniOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointEniOptions"} + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPort sets the Port field's value. +func (s *ModifyVerifiedAccessEndpointEniOptions) SetPort(v int64) *ModifyVerifiedAccessEndpointEniOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *ModifyVerifiedAccessEndpointEniOptions) SetProtocol(v string) *ModifyVerifiedAccessEndpointEniOptions { + s.Protocol = &v + return s +} + +type ModifyVerifiedAccessEndpointInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access endpoint. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The load balancer details if creating the Amazon Web Services Verified Access + // endpoint as load-balancertype. + LoadBalancerOptions *ModifyVerifiedAccessEndpointLoadBalancerOptions `type:"structure"` + + // The network interface options. + NetworkInterfaceOptions *ModifyVerifiedAccessEndpointEniOptions `type:"structure"` + + // The ID of the Amazon Web Services Verified Access endpoint. + // + // VerifiedAccessEndpointId is a required field + VerifiedAccessEndpointId *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services Verified Access group. + VerifiedAccessGroupId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointInput"} + if s.VerifiedAccessEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) + } + if s.LoadBalancerOptions != nil { + if err := s.LoadBalancerOptions.Validate(); err != nil { + invalidParams.AddNested("LoadBalancerOptions", err.(request.ErrInvalidParams)) + } + } + if s.NetworkInterfaceOptions != nil { + if err := s.NetworkInterfaceOptions.Validate(); err != nil { + invalidParams.AddNested("NetworkInterfaceOptions", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetClientToken(v string) *ModifyVerifiedAccessEndpointInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetDescription(v string) *ModifyVerifiedAccessEndpointInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetDryRun(v bool) *ModifyVerifiedAccessEndpointInput { + s.DryRun = &v + return s +} + +// SetLoadBalancerOptions sets the LoadBalancerOptions field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetLoadBalancerOptions(v *ModifyVerifiedAccessEndpointLoadBalancerOptions) *ModifyVerifiedAccessEndpointInput { + s.LoadBalancerOptions = v + return s +} + +// SetNetworkInterfaceOptions sets the NetworkInterfaceOptions field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetNetworkInterfaceOptions(v *ModifyVerifiedAccessEndpointEniOptions) *ModifyVerifiedAccessEndpointInput { + s.NetworkInterfaceOptions = v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetVerifiedAccessEndpointId(v string) *ModifyVerifiedAccessEndpointInput { + s.VerifiedAccessEndpointId = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetVerifiedAccessGroupId(v string) *ModifyVerifiedAccessEndpointInput { + s.VerifiedAccessGroupId = &v + return s +} + +// Describes a load balancer when creating an Amazon Web Services Verified Access +// endpoint using the load-balancer type. +type ModifyVerifiedAccessEndpointLoadBalancerOptions struct { + _ struct{} `type:"structure"` + + // The IP port number. + Port *int64 `min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `type:"string" enum:"VerifiedAccessEndpointProtocol"` + + // The IDs of the subnets. + SubnetIds []*string `locationName:"SubnetId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointLoadBalancerOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointLoadBalancerOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointLoadBalancerOptions"} + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPort sets the Port field's value. +func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetPort(v int64) *ModifyVerifiedAccessEndpointLoadBalancerOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetProtocol(v string) *ModifyVerifiedAccessEndpointLoadBalancerOptions { + s.Protocol = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*string) *ModifyVerifiedAccessEndpointLoadBalancerOptions { + s.SubnetIds = v + return s +} + +type ModifyVerifiedAccessEndpointOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access endpoint details. + VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessEndpoint sets the VerifiedAccessEndpoint field's value. +func (s *ModifyVerifiedAccessEndpointOutput) SetVerifiedAccessEndpoint(v *VerifiedAccessEndpoint) *ModifyVerifiedAccessEndpointOutput { + s.VerifiedAccessEndpoint = v + return s +} + +type ModifyVerifiedAccessEndpointPolicyInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `type:"string"` + + // The status of the Verified Access policy. + // + // PolicyEnabled is a required field + PolicyEnabled *bool `type:"boolean" required:"true"` + + // The ID of the Amazon Web Services Verified Access endpoint. + // + // VerifiedAccessEndpointId is a required field + VerifiedAccessEndpointId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessEndpointPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointPolicyInput"} + if s.PolicyEnabled == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyEnabled")) + } + if s.VerifiedAccessEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetClientToken(v string) *ModifyVerifiedAccessEndpointPolicyInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetDryRun(v bool) *ModifyVerifiedAccessEndpointPolicyInput { + s.DryRun = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetPolicyDocument(v string) *ModifyVerifiedAccessEndpointPolicyInput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetPolicyEnabled(v bool) *ModifyVerifiedAccessEndpointPolicyInput { + s.PolicyEnabled = &v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v string) *ModifyVerifiedAccessEndpointPolicyInput { + s.VerifiedAccessEndpointId = &v + return s +} + +type ModifyVerifiedAccessEndpointPolicyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The status of the Verified Access policy. + PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ModifyVerifiedAccessEndpointPolicyOutput) SetPolicyDocument(v string) *ModifyVerifiedAccessEndpointPolicyOutput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *ModifyVerifiedAccessEndpointPolicyOutput) SetPolicyEnabled(v bool) *ModifyVerifiedAccessEndpointPolicyOutput { + s.PolicyEnabled = &v + return s +} + +type ModifyVerifiedAccessGroupInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access group. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access group. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessGroupInput"} + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessGroupInput) SetClientToken(v string) *ModifyVerifiedAccessGroupInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyVerifiedAccessGroupInput) SetDescription(v string) *ModifyVerifiedAccessGroupInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessGroupInput) SetDryRun(v bool) *ModifyVerifiedAccessGroupInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *ModifyVerifiedAccessGroupInput) SetVerifiedAccessGroupId(v string) *ModifyVerifiedAccessGroupInput { + s.VerifiedAccessGroupId = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *ModifyVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) *ModifyVerifiedAccessGroupInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type ModifyVerifiedAccessGroupOutput struct { + _ struct{} `type:"structure"` + + // Details of Amazon Web Services Verified Access group. + VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessGroup sets the VerifiedAccessGroup field's value. +func (s *ModifyVerifiedAccessGroupOutput) SetVerifiedAccessGroup(v *VerifiedAccessGroup) *ModifyVerifiedAccessGroupOutput { + s.VerifiedAccessGroup = v + return s +} + +type ModifyVerifiedAccessGroupPolicyInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `type:"string"` + + // The status of the Verified Access policy. + // + // PolicyEnabled is a required field + PolicyEnabled *bool `type:"boolean" required:"true"` + + // The ID of the Amazon Web Services Verified Access group. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessGroupPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessGroupPolicyInput"} + if s.PolicyEnabled == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyEnabled")) + } + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetClientToken(v string) *ModifyVerifiedAccessGroupPolicyInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetDryRun(v bool) *ModifyVerifiedAccessGroupPolicyInput { + s.DryRun = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetPolicyDocument(v string) *ModifyVerifiedAccessGroupPolicyInput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetPolicyEnabled(v bool) *ModifyVerifiedAccessGroupPolicyInput { + s.PolicyEnabled = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string) *ModifyVerifiedAccessGroupPolicyInput { + s.VerifiedAccessGroupId = &v + return s +} + +type ModifyVerifiedAccessGroupPolicyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The status of the Verified Access policy. + PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ModifyVerifiedAccessGroupPolicyOutput) SetPolicyDocument(v string) *ModifyVerifiedAccessGroupPolicyOutput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *ModifyVerifiedAccessGroupPolicyOutput) SetPolicyEnabled(v bool) *ModifyVerifiedAccessGroupPolicyOutput { + s.PolicyEnabled = &v + return s +} + +type ModifyVerifiedAccessInstanceInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access instance. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessInstanceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessInstanceInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessInstanceInput) SetClientToken(v string) *ModifyVerifiedAccessInstanceInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyVerifiedAccessInstanceInput) SetDescription(v string) *ModifyVerifiedAccessInstanceInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessInstanceInput) SetDryRun(v bool) *ModifyVerifiedAccessInstanceInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *ModifyVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string) *ModifyVerifiedAccessInstanceInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type ModifyVerifiedAccessInstanceLoggingConfigurationInput struct { + _ struct{} `type:"structure"` + + // The configuration options for Amazon Web Services Verified Access instances. + // + // AccessLogs is a required field + AccessLogs *VerifiedAccessLogOptions `type:"structure" required:"true"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceLoggingConfigurationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceLoggingConfigurationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessInstanceLoggingConfigurationInput"} + if s.AccessLogs == nil { + invalidParams.Add(request.NewErrParamRequired("AccessLogs")) + } + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + if s.AccessLogs != nil { + if err := s.AccessLogs.Validate(); err != nil { + invalidParams.AddNested("AccessLogs", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessLogs sets the AccessLogs field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetAccessLogs(v *VerifiedAccessLogOptions) *ModifyVerifiedAccessInstanceLoggingConfigurationInput { + s.AccessLogs = v + return s +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetClientToken(v string) *ModifyVerifiedAccessInstanceLoggingConfigurationInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetDryRun(v bool) *ModifyVerifiedAccessInstanceLoggingConfigurationInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetVerifiedAccessInstanceId(v string) *ModifyVerifiedAccessInstanceLoggingConfigurationInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type ModifyVerifiedAccessInstanceLoggingConfigurationOutput struct { + _ struct{} `type:"structure"` + + // The logging configuration for Amazon Web Services Verified Access instance. + LoggingConfiguration *VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfiguration" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceLoggingConfigurationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceLoggingConfigurationOutput) GoString() string { + return s.String() +} + +// SetLoggingConfiguration sets the LoggingConfiguration field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationOutput) SetLoggingConfiguration(v *VerifiedAccessInstanceLoggingConfiguration) *ModifyVerifiedAccessInstanceLoggingConfigurationOutput { + s.LoggingConfiguration = v + return s +} + +type ModifyVerifiedAccessInstanceOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *ModifyVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *ModifyVerifiedAccessInstanceOutput { + s.VerifiedAccessInstance = v + return s +} + +type ModifyVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access trust provider. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The OpenID Connect details for an oidc-type, user-identity based trust provider. + OidcOptions *ModifyVerifiedAccessTrustProviderOidcOptions `type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + // + // VerifiedAccessTrustProviderId is a required field + VerifiedAccessTrustProviderId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessTrustProviderInput"} + if s.VerifiedAccessTrustProviderId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessTrustProviderId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetClientToken(v string) *ModifyVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetDescription(v string) *ModifyVerifiedAccessTrustProviderInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetDryRun(v bool) *ModifyVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetOidcOptions sets the OidcOptions field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetOidcOptions(v *ModifyVerifiedAccessTrustProviderOidcOptions) *ModifyVerifiedAccessTrustProviderInput { + s.OidcOptions = v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *ModifyVerifiedAccessTrustProviderInput { + s.VerifiedAccessTrustProviderId = &v + return s +} + +// OpenID Connect options for an oidc-type, user-identity based trust provider. +type ModifyVerifiedAccessTrustProviderOidcOptions struct { + _ struct{} `type:"structure"` + + // OpenID Connect (OIDC) scopes are used by an application during authentication + // to authorize access to a user's details. Each scope returns a specific set + // of user attributes. + Scope *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderOidcOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderOidcOptions) GoString() string { + return s.String() +} + +// SetScope sets the Scope field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetScope(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.Scope = &v + return s +} + +type ModifyVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *ModifyVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *ModifyVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type ModifyVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -136518,7 +143515,7 @@ func (s *ModifyVpnConnectionOptionsInput) SetVpnConnectionId(v string) *ModifyVp type ModifyVpnConnectionOptionsOutput struct { _ struct{} `type:"structure"` - // Describes a VPN connection. + // Information about the VPN connection. VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` } @@ -136549,7 +143546,7 @@ func (s *ModifyVpnConnectionOptionsOutput) SetVpnConnection(v *VpnConnection) *M type ModifyVpnConnectionOutput struct { _ struct{} `type:"structure"` - // Describes a VPN connection. + // Information about the VPN connection. VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` } @@ -136652,7 +143649,7 @@ func (s *ModifyVpnTunnelCertificateInput) SetVpnTunnelOutsideIpAddress(v string) type ModifyVpnTunnelCertificateOutput struct { _ struct{} `type:"structure"` - // Describes a VPN connection. + // Information about the VPN connection. VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` } @@ -136769,7 +143766,7 @@ func (s *ModifyVpnTunnelOptionsInput) SetVpnTunnelOutsideIpAddress(v string) *Mo type ModifyVpnTunnelOptionsOutput struct { _ struct{} `type:"structure"` - // Describes a VPN connection. + // Information about the VPN connection. VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` } @@ -138092,6 +145089,12 @@ type NetworkInfo struct { // Indicates whether Elastic Fabric Adapter (EFA) is supported. EfaSupported *bool `locationName:"efaSupported" type:"boolean"` + // Indicates whether the instance type supports ENA Express. ENA Express uses + // Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase + // the maximum bandwidth used per stream and minimize tail latency of network + // traffic between EC2 instances. + EnaSrdSupported *bool `locationName:"enaSrdSupported" type:"boolean"` + // Indicates whether Elastic Network Adapter (ENA) is supported. EnaSupport *string `locationName:"enaSupport" type:"string" enum:"EnaSupport"` @@ -138158,6 +145161,12 @@ func (s *NetworkInfo) SetEfaSupported(v bool) *NetworkInfo { return s } +// SetEnaSrdSupported sets the EnaSrdSupported field's value. +func (s *NetworkInfo) SetEnaSrdSupported(v bool) *NetworkInfo { + s.EnaSrdSupported = &v + return s +} + // SetEnaSupport sets the EnaSupport field's value. func (s *NetworkInfo) SetEnaSupport(v string) *NetworkInfo { s.EnaSupport = &v @@ -138456,6 +145465,9 @@ func (s *NetworkInsightsAccessScopeContent) SetNetworkInsightsAccessScopeId(v st type NetworkInsightsAnalysis struct { _ struct{} `type:"structure"` + // The member accounts that contain resources that the path can traverse. + AdditionalAccounts []*string `locationName:"additionalAccountSet" locationNameList:"item" type:"list"` + // Potential intermediate components. AlternatePathHints []*AlternatePathHint `locationName:"alternatePathHintSet" locationNameList:"item" type:"list"` @@ -138494,6 +145506,9 @@ type NetworkInsightsAnalysis struct { // The status message, if the status is failed. StatusMessage *string `locationName:"statusMessage" type:"string"` + // Potential intermediate accounts. + SuggestedAccounts []*string `locationName:"suggestedAccountSet" locationNameList:"item" type:"list"` + // The tags. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` @@ -138519,6 +145534,12 @@ func (s NetworkInsightsAnalysis) GoString() string { return s.String() } +// SetAdditionalAccounts sets the AdditionalAccounts field's value. +func (s *NetworkInsightsAnalysis) SetAdditionalAccounts(v []*string) *NetworkInsightsAnalysis { + s.AdditionalAccounts = v + return s +} + // SetAlternatePathHints sets the AlternatePathHints field's value. func (s *NetworkInsightsAnalysis) SetAlternatePathHints(v []*AlternatePathHint) *NetworkInsightsAnalysis { s.AlternatePathHints = v @@ -138591,6 +145612,12 @@ func (s *NetworkInsightsAnalysis) SetStatusMessage(v string) *NetworkInsightsAna return s } +// SetSuggestedAccounts sets the SuggestedAccounts field's value. +func (s *NetworkInsightsAnalysis) SetSuggestedAccounts(v []*string) *NetworkInsightsAnalysis { + s.SuggestedAccounts = v + return s +} + // SetTags sets the Tags field's value. func (s *NetworkInsightsAnalysis) SetTags(v []*Tag) *NetworkInsightsAnalysis { s.Tags = v @@ -138613,6 +145640,9 @@ type NetworkInsightsPath struct { // The Amazon Web Services resource that is the destination of the path. Destination *string `locationName:"destination" type:"string"` + // The Amazon Resource Name (ARN) of the destination. + DestinationArn *string `locationName:"destinationArn" min:"1" type:"string"` + // The IP address of the Amazon Web Services resource that is the destination // of the path. DestinationIp *string `locationName:"destinationIp" type:"string"` @@ -138632,6 +145662,9 @@ type NetworkInsightsPath struct { // The Amazon Web Services resource that is the source of the path. Source *string `locationName:"source" type:"string"` + // The Amazon Resource Name (ARN) of the source. + SourceArn *string `locationName:"sourceArn" min:"1" type:"string"` + // The IP address of the Amazon Web Services resource that is the source of // the path. SourceIp *string `locationName:"sourceIp" type:"string"` @@ -138670,6 +145703,12 @@ func (s *NetworkInsightsPath) SetDestination(v string) *NetworkInsightsPath { return s } +// SetDestinationArn sets the DestinationArn field's value. +func (s *NetworkInsightsPath) SetDestinationArn(v string) *NetworkInsightsPath { + s.DestinationArn = &v + return s +} + // SetDestinationIp sets the DestinationIp field's value. func (s *NetworkInsightsPath) SetDestinationIp(v string) *NetworkInsightsPath { s.DestinationIp = &v @@ -138706,6 +145745,12 @@ func (s *NetworkInsightsPath) SetSource(v string) *NetworkInsightsPath { return s } +// SetSourceArn sets the SourceArn field's value. +func (s *NetworkInsightsPath) SetSourceArn(v string) *NetworkInsightsPath { + s.SourceArn = &v + return s +} + // SetSourceIp sets the SourceIp field's value. func (s *NetworkInsightsPath) SetSourceIp(v string) *NetworkInsightsPath { s.SourceIp = &v @@ -139088,6 +146133,10 @@ type NetworkInterfaceAttachment struct { // The device index of the network interface attachment on the instance. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` + // Configures ENA Express for the network interface that this action attaches + // to the instance. + EnaSrdSpecification *AttachmentEnaSrdSpecification `locationName:"enaSrdSpecification" type:"structure"` + // The ID of the instance. InstanceId *string `locationName:"instanceId" type:"string"` @@ -139143,6 +146192,12 @@ func (s *NetworkInterfaceAttachment) SetDeviceIndex(v int64) *NetworkInterfaceAt return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *NetworkInterfaceAttachment) SetEnaSrdSpecification(v *AttachmentEnaSrdSpecification) *NetworkInterfaceAttachment { + s.EnaSrdSpecification = v + return s +} + // SetInstanceId sets the InstanceId field's value. func (s *NetworkInterfaceAttachment) SetInstanceId(v string) *NetworkInterfaceAttachment { s.InstanceId = &v @@ -139543,6 +146598,92 @@ func (s *NewDhcpConfiguration) SetValues(v []*string) *NewDhcpConfiguration { return s } +// Options for OIDC-based, user-identity type trust provider. +type OidcOptions struct { + _ struct{} `type:"structure"` + + // The OIDC authorization endpoint. + AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` + + // The client identifier. + ClientId *string `locationName:"clientId" type:"string"` + + // The client secret. + ClientSecret *string `locationName:"clientSecret" type:"string"` + + // The OIDC issuer. + Issuer *string `locationName:"issuer" type:"string"` + + // The OpenID Connect (OIDC) scope specified. + Scope *string `locationName:"scope" type:"string"` + + // The OIDC token endpoint. + TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` + + // The OIDC user info endpoint. + UserInfoEndpoint *string `locationName:"userInfoEndpoint" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OidcOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OidcOptions) GoString() string { + return s.String() +} + +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *OidcOptions) SetAuthorizationEndpoint(v string) *OidcOptions { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *OidcOptions) SetClientId(v string) *OidcOptions { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *OidcOptions) SetClientSecret(v string) *OidcOptions { + s.ClientSecret = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *OidcOptions) SetIssuer(v string) *OidcOptions { + s.Issuer = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *OidcOptions) SetScope(v string) *OidcOptions { + s.Scope = &v + return s +} + +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *OidcOptions) SetTokenEndpoint(v string) *OidcOptions { + s.TokenEndpoint = &v + return s +} + +// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. +func (s *OidcOptions) SetUserInfoEndpoint(v string) *OidcOptions { + s.UserInfoEndpoint = &v + return s +} + // Describes the configuration of On-Demand Instances in an EC2 Fleet. type OnDemandOptions struct { _ struct{} `type:"structure"` @@ -140841,11 +147982,10 @@ func (s *Phase2IntegrityAlgorithmsRequestListValue) SetValue(v string) *Phase2In type Placement struct { _ struct{} `type:"structure"` - // The affinity setting for the instance on the Dedicated Host. This parameter - // is not supported for the ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) - // command. + // The affinity setting for the instance on the Dedicated Host. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet) + // or ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html). Affinity *string `locationName:"affinity" type:"string"` // The Availability Zone of the instance. @@ -140853,49 +147993,46 @@ type Placement struct { // If not specified, an Availability Zone will be automatically chosen for you // based on the load balancing criteria for the Region. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). AvailabilityZone *string `locationName:"availabilityZone" type:"string"` - // The Group Id of the placement group. + // The ID of the placement group that the instance is in. If you specify GroupId, + // you can't specify GroupName. GroupId *string `locationName:"groupId" type:"string"` - // The name of the placement group the instance is in. + // The name of the placement group that the instance is in. If you specify GroupName, + // you can't specify GroupId. GroupName *string `locationName:"groupName" type:"string"` - // The ID of the Dedicated Host on which the instance resides. This parameter - // is not supported for the ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) - // command. + // The ID of the Dedicated Host on which the instance resides. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet) + // or ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html). HostId *string `locationName:"hostId" type:"string"` - // The ARN of the host resource group in which to launch the instances. If you - // specify a host resource group ARN, omit the Tenancy parameter or set it to - // host. + // The ARN of the host resource group in which to launch the instances. + // + // If you specify this parameter, either omit the Tenancy parameter or set it + // to host. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). HostResourceGroupArn *string `locationName:"hostResourceGroupArn" type:"string"` // The number of the partition that the instance is in. Valid only if the placement // group strategy is set to partition. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). PartitionNumber *int64 `locationName:"partitionNumber" type:"integer"` // Reserved for future use. - // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). SpreadDomain *string `locationName:"spreadDomain" type:"string"` // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. The host tenancy - // is not supported for the ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) - // command. - // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // with a tenancy of dedicated runs on single-tenant hardware. // - // T3 instances that use the unlimited CPU credit option do not support host - // tenancy. + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // The host tenancy is not supported for ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) + // or for T3 instances that are configured for the unlimited CPU credit option. Tenancy *string `locationName:"tenancy" type:"string" enum:"Tenancy"` } @@ -143484,8 +150621,15 @@ type RegisterImageInput struct { Architecture *string `locationName:"architecture" type:"string" enum:"ArchitectureValues"` // The billing product codes. Your account must be authorized to specify billing - // product codes. Otherwise, you can use the Amazon Web Services Marketplace - // to bill for the use of an AMI. + // product codes. + // + // If your account is not authorized to specify billing product codes, you can + // publish AMIs that include billable software and list them on the Amazon Web + // Services Marketplace. You must first register as a seller on the Amazon Web + // Services Marketplace. For more information, see Getting started as a seller + // (https://docs.aws.amazon.com/marketplace/latest/userguide/user-guide-for-sellers.html) + // and AMI-based products (https://docs.aws.amazon.com/marketplace/latest/userguide/ami-products.html) + // in the Amazon Web Services Marketplace Seller Guide. BillingProducts []*string `locationName:"BillingProduct" locationNameList:"item" type:"list"` // The block device mapping entries. @@ -143497,11 +150641,11 @@ type RegisterImageInput struct { // the same Outpost or in the Region of that Outpost. AMIs on an Outpost that // include local snapshots can be used to launch instances on the same Outpost // only. For more information, Amazon EBS local snapshots on Outposts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html#ami) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. BlockDeviceMappings []*BlockDeviceMapping `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // The boot mode of the AMI. For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. BootMode *string `type:"string" enum:"BootModeValues"` // A description for your AMI. @@ -143531,7 +150675,7 @@ type RegisterImageInput struct { // by default, the instance requires that IMDSv2 is used when requesting instance // metadata. In addition, HttpPutResponseHopLimit is set to 2. For more information, // see Configure the AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-IMDS-new-instances.html#configure-IMDS-new-instances-ami-configuration) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. // // If you set the value to v2.0, make sure that your AMI software can support // IMDSv2. @@ -143567,7 +150711,7 @@ type RegisterImageInput struct { // Set to v2.0 to enable Trusted Platform Module (TPM) support. For more information, // see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. TpmSupport *string `type:"string" enum:"TpmSupportValues"` // Base64 representation of the non-volatile UEFI variable store. To retrieve @@ -143575,7 +150719,7 @@ type RegisterImageInput struct { // command. You can inspect and modify the UEFI data by using the python-uefivars // tool (https://github.com/awslabs/python-uefivars) on GitHub. For more information, // see UEFI Secure Boot (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/uefi-secure-boot.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. UefiData *string `type:"string"` // The type of virtualization (hvm | paravirtual). @@ -144118,7 +151262,7 @@ func (s *RejectTransitGatewayMulticastDomainAssociationsInput) SetTransitGateway type RejectTransitGatewayMulticastDomainAssociationsOutput struct { _ struct{} `type:"structure"` - // Describes the multicast domain associations. + // Information about the multicast domain associations. Associations *TransitGatewayMulticastDomainAssociations `locationName:"associations" type:"structure"` } @@ -155445,27 +162589,44 @@ type SpotFleetRequestConfigData struct { // For more information, see Allocation strategies for Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-allocation-strategy.html) // in the Amazon EC2 User Guide. // - // lowestPrice - Spot Fleet launches instances from the lowest-price Spot Instance - // pool that has available capacity. If the cheapest pool doesn't have available - // capacity, the Spot Instances come from the next cheapest pool that has available - // capacity. If a pool runs out of capacity before fulfilling your desired capacity, - // Spot Fleet will continue to fulfill your request by drawing from the next - // cheapest pool. To ensure that your desired capacity is met, you might receive - // Spot Instances from several pools. - // - // diversified - Spot Fleet launches instances from all of the Spot Instance - // pools that you specify. - // - // capacityOptimized (recommended) - Spot Fleet launches instances from Spot - // Instance pools with optimal capacity for the number of instances that are - // launching. To give certain instance types a higher chance of launching first, - // use capacityOptimizedPrioritized. Set a priority for each instance type by - // using the Priority parameter for LaunchTemplateOverrides. You can assign - // the same priority to different LaunchTemplateOverrides. EC2 implements the - // priorities on a best-effort basis, but optimizes for capacity first. capacityOptimizedPrioritized - // is supported only if your Spot Fleet uses a launch template. Note that if - // the OnDemandAllocationStrategy is set to prioritized, the same priority is - // applied when fulfilling On-Demand capacity. + // priceCapacityOptimized (recommended) + // + // Spot Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. Spot Fleet then requests Spot Instances from the lowest + // priced of these pools. + // + // capacityOptimized + // + // Spot Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. To give certain instance types a higher chance of launching + // first, use capacityOptimizedPrioritized. Set a priority for each instance + // type by using the Priority parameter for LaunchTemplateOverrides. You can + // assign the same priority to different LaunchTemplateOverrides. EC2 implements + // the priorities on a best-effort basis, but optimizes for capacity first. + // capacityOptimizedPrioritized is supported only if your Spot Fleet uses a + // launch template. Note that if the OnDemandAllocationStrategy is set to prioritized, + // the same priority is applied when fulfilling On-Demand capacity. + // + // diversified + // + // Spot Fleet requests instances from all of the Spot Instance pools that you + // specify. + // + // lowestPrice + // + // Spot Fleet requests instances from the lowest priced Spot Instance pool that + // has available capacity. If the lowest priced pool doesn't have available + // capacity, the Spot Instances come from the next lowest priced pool that has + // available capacity. If a pool runs out of capacity before fulfilling your + // desired capacity, Spot Fleet will continue to fulfill your request by drawing + // from the next lowest priced pool. To ensure that your desired capacity is + // met, you might receive Spot Instances from several pools. Because this strategy + // only considers instance price and not capacity availability, it might lead + // to high interruption rates. // // Default: lowestPrice AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"AllocationStrategy"` @@ -156329,27 +163490,44 @@ type SpotOptions struct { // For more information, see Allocation strategies for Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html) // in the Amazon EC2 User Guide. // - // lowest-price - EC2 Fleet launches instances from the lowest-price Spot Instance - // pool that has available capacity. If the cheapest pool doesn't have available - // capacity, the Spot Instances come from the next cheapest pool that has available - // capacity. If a pool runs out of capacity before fulfilling your desired capacity, - // EC2 Fleet will continue to fulfill your request by drawing from the next - // cheapest pool. To ensure that your desired capacity is met, you might receive - // Spot Instances from several pools. - // - // diversified - EC2 Fleet launches instances from all of the Spot Instance - // pools that you specify. - // - // capacity-optimized (recommended) - EC2 Fleet launches instances from Spot - // Instance pools with optimal capacity for the number of instances that are - // launching. To give certain instance types a higher chance of launching first, - // use capacity-optimized-prioritized. Set a priority for each instance type - // by using the Priority parameter for LaunchTemplateOverrides. You can assign - // the same priority to different LaunchTemplateOverrides. EC2 implements the - // priorities on a best-effort basis, but optimizes for capacity first. capacity-optimized-prioritized - // is supported only if your fleet uses a launch template. Note that if the - // On-Demand AllocationStrategy is set to prioritized, the same priority is - // applied when fulfilling On-Demand capacity. + // price-capacity-optimized (recommended) + // + // EC2 Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. EC2 Fleet then requests Spot Instances from the lowest + // priced of these pools. + // + // capacity-optimized + // + // EC2 Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. To give certain instance types a higher chance of launching + // first, use capacity-optimized-prioritized. Set a priority for each instance + // type by using the Priority parameter for LaunchTemplateOverrides. You can + // assign the same priority to different LaunchTemplateOverrides. EC2 implements + // the priorities on a best-effort basis, but optimizes for capacity first. + // capacity-optimized-prioritized is supported only if your EC2 Fleet uses a + // launch template. Note that if the On-Demand AllocationStrategy is set to + // prioritized, the same priority is applied when fulfilling On-Demand capacity. + // + // diversified + // + // EC2 Fleet requests instances from all of the Spot Instance pools that you + // specify. + // + // lowest-price + // + // EC2 Fleet requests instances from the lowest priced Spot Instance pool that + // has available capacity. If the lowest priced pool doesn't have available + // capacity, the Spot Instances come from the next lowest priced pool that has + // available capacity. If a pool runs out of capacity before fulfilling your + // desired capacity, EC2 Fleet will continue to fulfill your request by drawing + // from the next lowest priced pool. To ensure that your desired capacity is + // met, you might receive Spot Instances from several pools. Because this strategy + // only considers instance price and not capacity availability, it might lead + // to high interruption rates. // // Default: lowest-price AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"SpotAllocationStrategy"` @@ -156484,27 +163662,44 @@ type SpotOptionsRequest struct { // For more information, see Allocation strategies for Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html) // in the Amazon EC2 User Guide. // - // lowest-price - EC2 Fleet launches instances from the lowest-price Spot Instance - // pool that has available capacity. If the cheapest pool doesn't have available - // capacity, the Spot Instances come from the next cheapest pool that has available - // capacity. If a pool runs out of capacity before fulfilling your desired capacity, - // EC2 Fleet will continue to fulfill your request by drawing from the next - // cheapest pool. To ensure that your desired capacity is met, you might receive - // Spot Instances from several pools. - // - // diversified - EC2 Fleet launches instances from all of the Spot Instance - // pools that you specify. - // - // capacity-optimized (recommended) - EC2 Fleet launches instances from Spot - // Instance pools with optimal capacity for the number of instances that are - // launching. To give certain instance types a higher chance of launching first, - // use capacity-optimized-prioritized. Set a priority for each instance type - // by using the Priority parameter for LaunchTemplateOverrides. You can assign - // the same priority to different LaunchTemplateOverrides. EC2 implements the - // priorities on a best-effort basis, but optimizes for capacity first. capacity-optimized-prioritized - // is supported only if your fleet uses a launch template. Note that if the - // On-Demand AllocationStrategy is set to prioritized, the same priority is - // applied when fulfilling On-Demand capacity. + // price-capacity-optimized (recommended) + // + // EC2 Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. EC2 Fleet then requests Spot Instances from the lowest + // priced of these pools. + // + // capacity-optimized + // + // EC2 Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. To give certain instance types a higher chance of launching + // first, use capacity-optimized-prioritized. Set a priority for each instance + // type by using the Priority parameter for LaunchTemplateOverrides. You can + // assign the same priority to different LaunchTemplateOverrides. EC2 implements + // the priorities on a best-effort basis, but optimizes for capacity first. + // capacity-optimized-prioritized is supported only if your EC2 Fleet uses a + // launch template. Note that if the On-Demand AllocationStrategy is set to + // prioritized, the same priority is applied when fulfilling On-Demand capacity. + // + // diversified + // + // EC2 Fleet requests instances from all of the Spot Instance pools that you + // specify. + // + // lowest-price + // + // EC2 Fleet requests instances from the lowest priced Spot Instance pool that + // has available capacity. If the lowest priced pool doesn't have available + // capacity, the Spot Instances come from the next lowest priced pool that has + // available capacity. If a pool runs out of capacity before fulfilling your + // desired capacity, EC2 Fleet will continue to fulfill your request by drawing + // from the next lowest priced pool. To ensure that your desired capacity is + // met, you might receive Spot Instances from several pools. Because this strategy + // only considers instance price and not capacity availability, it might lead + // to high interruption rates. // // Default: lowest-price AllocationStrategy *string `type:"string" enum:"SpotAllocationStrategy"` @@ -157187,6 +164382,9 @@ func (s *StartNetworkInsightsAccessScopeAnalysisOutput) SetNetworkInsightsAccess type StartNetworkInsightsAnalysisInput struct { _ struct{} `type:"structure"` + // The member accounts that contain resources that the path can traverse. + AdditionalAccounts []*string `locationName:"AdditionalAccount" locationNameList:"item" type:"list"` + // Unique, case-sensitive identifier that you provide to ensure the idempotency // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` @@ -157240,6 +164438,12 @@ func (s *StartNetworkInsightsAnalysisInput) Validate() error { return nil } +// SetAdditionalAccounts sets the AdditionalAccounts field's value. +func (s *StartNetworkInsightsAnalysisInput) SetAdditionalAccounts(v []*string) *StartNetworkInsightsAnalysisInput { + s.AdditionalAccounts = v + return s +} + // SetClientToken sets the ClientToken field's value. func (s *StartNetworkInsightsAnalysisInput) SetClientToken(v string) *StartNetworkInsightsAnalysisInput { s.ClientToken = &v @@ -158185,6 +165389,76 @@ func (s *SubnetIpv6CidrBlockAssociation) SetIpv6CidrBlockState(v *SubnetCidrBloc return s } +// Describes an Infrastructure Performance subscription. +type Subscription struct { + _ struct{} `type:"structure"` + + // The Region or Availability Zone that's the target for the subscription. For + // example, eu-west-1. + Destination *string `locationName:"destination" type:"string"` + + // The metric used for the subscription. + Metric *string `locationName:"metric" type:"string" enum:"MetricType"` + + // The data aggregation time for the subscription. + Period *string `locationName:"period" type:"string" enum:"PeriodType"` + + // The Region or Availability Zone that's the source for the subscription. For + // example, us-east-1. + Source *string `locationName:"source" type:"string"` + + // The statistic used for the subscription. + Statistic *string `locationName:"statistic" type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Subscription) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Subscription) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *Subscription) SetDestination(v string) *Subscription { + s.Destination = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *Subscription) SetMetric(v string) *Subscription { + s.Metric = &v + return s +} + +// SetPeriod sets the Period field's value. +func (s *Subscription) SetPeriod(v string) *Subscription { + s.Period = &v + return s +} + +// SetSource sets the Source field's value. +func (s *Subscription) SetSource(v string) *Subscription { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *Subscription) SetStatistic(v string) *Subscription { + s.Statistic = &v + return s +} + // Describes the burstable performance instance whose credit option for CPU // usage was successfully modified. type SuccessfulInstanceCreditSpecificationItem struct { @@ -164164,6 +171438,1282 @@ func (s *ValidationWarning) SetErrors(v []*ValidationError) *ValidationWarning { return s } +// An Amazon Web Services Verified Access endpoint specifies the application +// that Amazon Web Services Verified Access provides access to. It must be attached +// to an Amazon Web Services Verified Access group. An Amazon Web Services Verified +// Access endpoint must also have an attached access policy before you attached +// it to a group. +type VerifiedAccessEndpoint struct { + _ struct{} `type:"structure"` + + // The DNS name for users to reach your application. + ApplicationDomain *string `locationName:"applicationDomain" type:"string"` + + // The type of attachment used to provide connectivity between the Amazon Web + // Services Verified Access endpoint and the application. + AttachmentType *string `locationName:"attachmentType" type:"string" enum:"VerifiedAccessEndpointAttachmentType"` + + // The creation time. + CreationTime *string `locationName:"creationTime" type:"string"` + + // The deletion time. + DeletionTime *string `locationName:"deletionTime" type:"string"` + + // A description for the Amazon Web Services Verified Access endpoint. + Description *string `locationName:"description" type:"string"` + + // Returned if endpoint has a device trust provider attached. + DeviceValidationDomain *string `locationName:"deviceValidationDomain" type:"string"` + + // The ARN of a public TLS/SSL certificate imported into or created with ACM. + DomainCertificateArn *string `locationName:"domainCertificateArn" type:"string"` + + // A DNS name that is generated for the endpoint. + EndpointDomain *string `locationName:"endpointDomain" type:"string"` + + // The type of Amazon Web Services Verified Access endpoint. Incoming application + // requests will be sent to an IP address, load balancer or a network interface + // depending on the endpoint type specified. + EndpointType *string `locationName:"endpointType" type:"string" enum:"VerifiedAccessEndpointType"` + + // The last updated time. + LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` + + // The load balancer details if creating the Amazon Web Services Verified Access + // endpoint as load-balancertype. + LoadBalancerOptions *VerifiedAccessEndpointLoadBalancerOptions `locationName:"loadBalancerOptions" type:"structure"` + + // The options for network-interface type endpoint. + NetworkInterfaceOptions *VerifiedAccessEndpointEniOptions `locationName:"networkInterfaceOptions" type:"structure"` + + // The IDs of the security groups for the endpoint. + SecurityGroupIds []*string `locationName:"securityGroupIdSet" locationNameList:"item" type:"list"` + + // The endpoint status. + Status *VerifiedAccessEndpointStatus `locationName:"status" type:"structure"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpointId *string `locationName:"verifiedAccessEndpointId" type:"string"` + + // The ID of the Amazon Web Services Verified Access group. + VerifiedAccessGroupId *string `locationName:"verifiedAccessGroupId" type:"string"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `locationName:"verifiedAccessInstanceId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpoint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpoint) GoString() string { + return s.String() +} + +// SetApplicationDomain sets the ApplicationDomain field's value. +func (s *VerifiedAccessEndpoint) SetApplicationDomain(v string) *VerifiedAccessEndpoint { + s.ApplicationDomain = &v + return s +} + +// SetAttachmentType sets the AttachmentType field's value. +func (s *VerifiedAccessEndpoint) SetAttachmentType(v string) *VerifiedAccessEndpoint { + s.AttachmentType = &v + return s +} + +// SetCreationTime sets the CreationTime field's value. +func (s *VerifiedAccessEndpoint) SetCreationTime(v string) *VerifiedAccessEndpoint { + s.CreationTime = &v + return s +} + +// SetDeletionTime sets the DeletionTime field's value. +func (s *VerifiedAccessEndpoint) SetDeletionTime(v string) *VerifiedAccessEndpoint { + s.DeletionTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessEndpoint) SetDescription(v string) *VerifiedAccessEndpoint { + s.Description = &v + return s +} + +// SetDeviceValidationDomain sets the DeviceValidationDomain field's value. +func (s *VerifiedAccessEndpoint) SetDeviceValidationDomain(v string) *VerifiedAccessEndpoint { + s.DeviceValidationDomain = &v + return s +} + +// SetDomainCertificateArn sets the DomainCertificateArn field's value. +func (s *VerifiedAccessEndpoint) SetDomainCertificateArn(v string) *VerifiedAccessEndpoint { + s.DomainCertificateArn = &v + return s +} + +// SetEndpointDomain sets the EndpointDomain field's value. +func (s *VerifiedAccessEndpoint) SetEndpointDomain(v string) *VerifiedAccessEndpoint { + s.EndpointDomain = &v + return s +} + +// SetEndpointType sets the EndpointType field's value. +func (s *VerifiedAccessEndpoint) SetEndpointType(v string) *VerifiedAccessEndpoint { + s.EndpointType = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *VerifiedAccessEndpoint) SetLastUpdatedTime(v string) *VerifiedAccessEndpoint { + s.LastUpdatedTime = &v + return s +} + +// SetLoadBalancerOptions sets the LoadBalancerOptions field's value. +func (s *VerifiedAccessEndpoint) SetLoadBalancerOptions(v *VerifiedAccessEndpointLoadBalancerOptions) *VerifiedAccessEndpoint { + s.LoadBalancerOptions = v + return s +} + +// SetNetworkInterfaceOptions sets the NetworkInterfaceOptions field's value. +func (s *VerifiedAccessEndpoint) SetNetworkInterfaceOptions(v *VerifiedAccessEndpointEniOptions) *VerifiedAccessEndpoint { + s.NetworkInterfaceOptions = v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *VerifiedAccessEndpoint) SetSecurityGroupIds(v []*string) *VerifiedAccessEndpoint { + s.SecurityGroupIds = v + return s +} + +// SetStatus sets the Status field's value. +func (s *VerifiedAccessEndpoint) SetStatus(v *VerifiedAccessEndpointStatus) *VerifiedAccessEndpoint { + s.Status = v + return s +} + +// SetTags sets the Tags field's value. +func (s *VerifiedAccessEndpoint) SetTags(v []*Tag) *VerifiedAccessEndpoint { + s.Tags = v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *VerifiedAccessEndpoint) SetVerifiedAccessEndpointId(v string) *VerifiedAccessEndpoint { + s.VerifiedAccessEndpointId = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *VerifiedAccessEndpoint) SetVerifiedAccessGroupId(v string) *VerifiedAccessEndpoint { + s.VerifiedAccessGroupId = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *VerifiedAccessEndpoint) SetVerifiedAccessInstanceId(v string) *VerifiedAccessEndpoint { + s.VerifiedAccessInstanceId = &v + return s +} + +// Options for a network-interface type endpoint. +type VerifiedAccessEndpointEniOptions struct { + _ struct{} `type:"structure"` + + // The ID of the network interface. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + + // The IP port number. + Port *int64 `locationName:"port" min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `locationName:"protocol" type:"string" enum:"VerifiedAccessEndpointProtocol"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointEniOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointEniOptions) GoString() string { + return s.String() +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *VerifiedAccessEndpointEniOptions) SetNetworkInterfaceId(v string) *VerifiedAccessEndpointEniOptions { + s.NetworkInterfaceId = &v + return s +} + +// SetPort sets the Port field's value. +func (s *VerifiedAccessEndpointEniOptions) SetPort(v int64) *VerifiedAccessEndpointEniOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *VerifiedAccessEndpointEniOptions) SetProtocol(v string) *VerifiedAccessEndpointEniOptions { + s.Protocol = &v + return s +} + +// Describes a load balancer when creating an Amazon Web Services Verified Access +// endpoint using the load-balancer type. +type VerifiedAccessEndpointLoadBalancerOptions struct { + _ struct{} `type:"structure"` + + // The ARN of the load balancer. + LoadBalancerArn *string `locationName:"loadBalancerArn" type:"string"` + + // The IP port number. + Port *int64 `locationName:"port" min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `locationName:"protocol" type:"string" enum:"VerifiedAccessEndpointProtocol"` + + // The IDs of the subnets. + SubnetIds []*string `locationName:"subnetIdSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointLoadBalancerOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointLoadBalancerOptions) GoString() string { + return s.String() +} + +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *VerifiedAccessEndpointLoadBalancerOptions) SetLoadBalancerArn(v string) *VerifiedAccessEndpointLoadBalancerOptions { + s.LoadBalancerArn = &v + return s +} + +// SetPort sets the Port field's value. +func (s *VerifiedAccessEndpointLoadBalancerOptions) SetPort(v int64) *VerifiedAccessEndpointLoadBalancerOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *VerifiedAccessEndpointLoadBalancerOptions) SetProtocol(v string) *VerifiedAccessEndpointLoadBalancerOptions { + s.Protocol = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *VerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*string) *VerifiedAccessEndpointLoadBalancerOptions { + s.SubnetIds = v + return s +} + +// Describes the status of a Verified Access endpoint. +type VerifiedAccessEndpointStatus struct { + _ struct{} `type:"structure"` + + // The status code of the Verified Access endpoint. + Code *string `locationName:"code" type:"string" enum:"VerifiedAccessEndpointStatusCode"` + + // The status message of the Verified Access endpoint. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointStatus) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *VerifiedAccessEndpointStatus) SetCode(v string) *VerifiedAccessEndpointStatus { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *VerifiedAccessEndpointStatus) SetMessage(v string) *VerifiedAccessEndpointStatus { + s.Message = &v + return s +} + +// Describes a Verified Access group. +type VerifiedAccessGroup struct { + _ struct{} `type:"structure"` + + // The creation time. + CreationTime *string `locationName:"creationTime" type:"string"` + + // The deletion time. + DeletionTime *string `locationName:"deletionTime" type:"string"` + + // A description for the Amazon Web Services Verified Access group. + Description *string `locationName:"description" type:"string"` + + // The last updated time. + LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` + + // The Amazon Web Services account number that owns the group. + Owner *string `locationName:"owner" type:"string"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ARN of the Verified Access group. + VerifiedAccessGroupArn *string `locationName:"verifiedAccessGroupArn" type:"string"` + + // The ID of the Verified Access group. + VerifiedAccessGroupId *string `locationName:"verifiedAccessGroupId" type:"string"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `locationName:"verifiedAccessInstanceId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessGroup) GoString() string { + return s.String() +} + +// SetCreationTime sets the CreationTime field's value. +func (s *VerifiedAccessGroup) SetCreationTime(v string) *VerifiedAccessGroup { + s.CreationTime = &v + return s +} + +// SetDeletionTime sets the DeletionTime field's value. +func (s *VerifiedAccessGroup) SetDeletionTime(v string) *VerifiedAccessGroup { + s.DeletionTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessGroup) SetDescription(v string) *VerifiedAccessGroup { + s.Description = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *VerifiedAccessGroup) SetLastUpdatedTime(v string) *VerifiedAccessGroup { + s.LastUpdatedTime = &v + return s +} + +// SetOwner sets the Owner field's value. +func (s *VerifiedAccessGroup) SetOwner(v string) *VerifiedAccessGroup { + s.Owner = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *VerifiedAccessGroup) SetTags(v []*Tag) *VerifiedAccessGroup { + s.Tags = v + return s +} + +// SetVerifiedAccessGroupArn sets the VerifiedAccessGroupArn field's value. +func (s *VerifiedAccessGroup) SetVerifiedAccessGroupArn(v string) *VerifiedAccessGroup { + s.VerifiedAccessGroupArn = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *VerifiedAccessGroup) SetVerifiedAccessGroupId(v string) *VerifiedAccessGroup { + s.VerifiedAccessGroupId = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *VerifiedAccessGroup) SetVerifiedAccessInstanceId(v string) *VerifiedAccessGroup { + s.VerifiedAccessInstanceId = &v + return s +} + +// Describes a Verified Access instance. +type VerifiedAccessInstance struct { + _ struct{} `type:"structure"` + + // The creation time. + CreationTime *string `locationName:"creationTime" type:"string"` + + // A description for the Amazon Web Services Verified Access instance. + Description *string `locationName:"description" type:"string"` + + // The last updated time. + LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `locationName:"verifiedAccessInstanceId" type:"string"` + + // The IDs of the Amazon Web Services Verified Access trust providers. + VerifiedAccessTrustProviders []*VerifiedAccessTrustProviderCondensed `locationName:"verifiedAccessTrustProviderSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessInstance) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessInstance) GoString() string { + return s.String() +} + +// SetCreationTime sets the CreationTime field's value. +func (s *VerifiedAccessInstance) SetCreationTime(v string) *VerifiedAccessInstance { + s.CreationTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessInstance) SetDescription(v string) *VerifiedAccessInstance { + s.Description = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *VerifiedAccessInstance) SetLastUpdatedTime(v string) *VerifiedAccessInstance { + s.LastUpdatedTime = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *VerifiedAccessInstance) SetTags(v []*Tag) *VerifiedAccessInstance { + s.Tags = v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *VerifiedAccessInstance) SetVerifiedAccessInstanceId(v string) *VerifiedAccessInstance { + s.VerifiedAccessInstanceId = &v + return s +} + +// SetVerifiedAccessTrustProviders sets the VerifiedAccessTrustProviders field's value. +func (s *VerifiedAccessInstance) SetVerifiedAccessTrustProviders(v []*VerifiedAccessTrustProviderCondensed) *VerifiedAccessInstance { + s.VerifiedAccessTrustProviders = v + return s +} + +// Describes logging options for an Amazon Web Services Verified Access instance. +type VerifiedAccessInstanceLoggingConfiguration struct { + _ struct{} `type:"structure"` + + // Details about the logging options. + AccessLogs *VerifiedAccessLogs `locationName:"accessLogs" type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `locationName:"verifiedAccessInstanceId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessInstanceLoggingConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessInstanceLoggingConfiguration) GoString() string { + return s.String() +} + +// SetAccessLogs sets the AccessLogs field's value. +func (s *VerifiedAccessInstanceLoggingConfiguration) SetAccessLogs(v *VerifiedAccessLogs) *VerifiedAccessInstanceLoggingConfiguration { + s.AccessLogs = v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *VerifiedAccessInstanceLoggingConfiguration) SetVerifiedAccessInstanceId(v string) *VerifiedAccessInstanceLoggingConfiguration { + s.VerifiedAccessInstanceId = &v + return s +} + +// Options for CloudWatch Logs as a logging destination. +type VerifiedAccessLogCloudWatchLogsDestination struct { + _ struct{} `type:"structure"` + + // The delivery status for access logs. + DeliveryStatus *VerifiedAccessLogDeliveryStatus `locationName:"deliveryStatus" type:"structure"` + + // Indicates whether logging is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The ID of the CloudWatch Logs log group. + LogGroup *string `locationName:"logGroup" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogCloudWatchLogsDestination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogCloudWatchLogsDestination) GoString() string { + return s.String() +} + +// SetDeliveryStatus sets the DeliveryStatus field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestination) SetDeliveryStatus(v *VerifiedAccessLogDeliveryStatus) *VerifiedAccessLogCloudWatchLogsDestination { + s.DeliveryStatus = v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestination) SetEnabled(v bool) *VerifiedAccessLogCloudWatchLogsDestination { + s.Enabled = &v + return s +} + +// SetLogGroup sets the LogGroup field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestination) SetLogGroup(v string) *VerifiedAccessLogCloudWatchLogsDestination { + s.LogGroup = &v + return s +} + +// Options for CloudWatch Logs as a logging destination. +type VerifiedAccessLogCloudWatchLogsDestinationOptions struct { + _ struct{} `type:"structure"` + + // Indicates whether logging is enabled. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` + + // The ID of the CloudWatch Logs log group. + LogGroup *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogCloudWatchLogsDestinationOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogCloudWatchLogsDestinationOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifiedAccessLogCloudWatchLogsDestinationOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifiedAccessLogCloudWatchLogsDestinationOptions"} + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestinationOptions) SetEnabled(v bool) *VerifiedAccessLogCloudWatchLogsDestinationOptions { + s.Enabled = &v + return s +} + +// SetLogGroup sets the LogGroup field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestinationOptions) SetLogGroup(v string) *VerifiedAccessLogCloudWatchLogsDestinationOptions { + s.LogGroup = &v + return s +} + +// Describes a log delivery status. +type VerifiedAccessLogDeliveryStatus struct { + _ struct{} `type:"structure"` + + // The status code. + Code *string `locationName:"code" type:"string" enum:"VerifiedAccessLogDeliveryStatusCode"` + + // The status message. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogDeliveryStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogDeliveryStatus) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *VerifiedAccessLogDeliveryStatus) SetCode(v string) *VerifiedAccessLogDeliveryStatus { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *VerifiedAccessLogDeliveryStatus) SetMessage(v string) *VerifiedAccessLogDeliveryStatus { + s.Message = &v + return s +} + +// Options for Kinesis as a logging destination. +type VerifiedAccessLogKinesisDataFirehoseDestination struct { + _ struct{} `type:"structure"` + + // The delivery status. + DeliveryStatus *VerifiedAccessLogDeliveryStatus `locationName:"deliveryStatus" type:"structure"` + + // The ID of the delivery stream. + DeliveryStream *string `locationName:"deliveryStream" type:"string"` + + // Indicates whether logging is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogKinesisDataFirehoseDestination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogKinesisDataFirehoseDestination) GoString() string { + return s.String() +} + +// SetDeliveryStatus sets the DeliveryStatus field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestination) SetDeliveryStatus(v *VerifiedAccessLogDeliveryStatus) *VerifiedAccessLogKinesisDataFirehoseDestination { + s.DeliveryStatus = v + return s +} + +// SetDeliveryStream sets the DeliveryStream field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestination) SetDeliveryStream(v string) *VerifiedAccessLogKinesisDataFirehoseDestination { + s.DeliveryStream = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestination) SetEnabled(v bool) *VerifiedAccessLogKinesisDataFirehoseDestination { + s.Enabled = &v + return s +} + +// Describes Amazon Kinesis Data Firehose logging options. +type VerifiedAccessLogKinesisDataFirehoseDestinationOptions struct { + _ struct{} `type:"structure"` + + // The ID of the delivery stream. + DeliveryStream *string `type:"string"` + + // Indicates whether logging is enabled. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogKinesisDataFirehoseDestinationOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogKinesisDataFirehoseDestinationOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifiedAccessLogKinesisDataFirehoseDestinationOptions"} + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDeliveryStream sets the DeliveryStream field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) SetDeliveryStream(v string) *VerifiedAccessLogKinesisDataFirehoseDestinationOptions { + s.DeliveryStream = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) SetEnabled(v bool) *VerifiedAccessLogKinesisDataFirehoseDestinationOptions { + s.Enabled = &v + return s +} + +// Describes the destinations for Verified Access logs. +type VerifiedAccessLogOptions struct { + _ struct{} `type:"structure"` + + // Sends Verified Access logs to CloudWatch Logs. + CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestinationOptions `type:"structure"` + + // Sends Verified Access logs to Kinesis. + KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestinationOptions `type:"structure"` + + // Sends Verified Access logs to Amazon S3. + S3 *VerifiedAccessLogS3DestinationOptions `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifiedAccessLogOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifiedAccessLogOptions"} + if s.CloudWatchLogs != nil { + if err := s.CloudWatchLogs.Validate(); err != nil { + invalidParams.AddNested("CloudWatchLogs", err.(request.ErrInvalidParams)) + } + } + if s.KinesisDataFirehose != nil { + if err := s.KinesisDataFirehose.Validate(); err != nil { + invalidParams.AddNested("KinesisDataFirehose", err.(request.ErrInvalidParams)) + } + } + if s.S3 != nil { + if err := s.S3.Validate(); err != nil { + invalidParams.AddNested("S3", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCloudWatchLogs sets the CloudWatchLogs field's value. +func (s *VerifiedAccessLogOptions) SetCloudWatchLogs(v *VerifiedAccessLogCloudWatchLogsDestinationOptions) *VerifiedAccessLogOptions { + s.CloudWatchLogs = v + return s +} + +// SetKinesisDataFirehose sets the KinesisDataFirehose field's value. +func (s *VerifiedAccessLogOptions) SetKinesisDataFirehose(v *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) *VerifiedAccessLogOptions { + s.KinesisDataFirehose = v + return s +} + +// SetS3 sets the S3 field's value. +func (s *VerifiedAccessLogOptions) SetS3(v *VerifiedAccessLogS3DestinationOptions) *VerifiedAccessLogOptions { + s.S3 = v + return s +} + +// Options for Amazon S3 as a logging destination. +type VerifiedAccessLogS3Destination struct { + _ struct{} `type:"structure"` + + // The bucket name. + BucketName *string `locationName:"bucketName" type:"string"` + + // The Amazon Web Services account number that owns the bucket. + BucketOwner *string `locationName:"bucketOwner" type:"string"` + + // The delivery status. + DeliveryStatus *VerifiedAccessLogDeliveryStatus `locationName:"deliveryStatus" type:"structure"` + + // Indicates whether logging is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The bucket prefix. + Prefix *string `locationName:"prefix" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogS3Destination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogS3Destination) GoString() string { + return s.String() +} + +// SetBucketName sets the BucketName field's value. +func (s *VerifiedAccessLogS3Destination) SetBucketName(v string) *VerifiedAccessLogS3Destination { + s.BucketName = &v + return s +} + +// SetBucketOwner sets the BucketOwner field's value. +func (s *VerifiedAccessLogS3Destination) SetBucketOwner(v string) *VerifiedAccessLogS3Destination { + s.BucketOwner = &v + return s +} + +// SetDeliveryStatus sets the DeliveryStatus field's value. +func (s *VerifiedAccessLogS3Destination) SetDeliveryStatus(v *VerifiedAccessLogDeliveryStatus) *VerifiedAccessLogS3Destination { + s.DeliveryStatus = v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogS3Destination) SetEnabled(v bool) *VerifiedAccessLogS3Destination { + s.Enabled = &v + return s +} + +// SetPrefix sets the Prefix field's value. +func (s *VerifiedAccessLogS3Destination) SetPrefix(v string) *VerifiedAccessLogS3Destination { + s.Prefix = &v + return s +} + +// Options for Amazon S3 as a logging destination. +type VerifiedAccessLogS3DestinationOptions struct { + _ struct{} `type:"structure"` + + // The bucket name. + BucketName *string `type:"string"` + + // The ID of the Amazon Web Services account that owns the Amazon S3 bucket. + BucketOwner *string `type:"string"` + + // Indicates whether logging is enabled. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` + + // The bucket prefix. + Prefix *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogS3DestinationOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogS3DestinationOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifiedAccessLogS3DestinationOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifiedAccessLogS3DestinationOptions"} + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBucketName sets the BucketName field's value. +func (s *VerifiedAccessLogS3DestinationOptions) SetBucketName(v string) *VerifiedAccessLogS3DestinationOptions { + s.BucketName = &v + return s +} + +// SetBucketOwner sets the BucketOwner field's value. +func (s *VerifiedAccessLogS3DestinationOptions) SetBucketOwner(v string) *VerifiedAccessLogS3DestinationOptions { + s.BucketOwner = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogS3DestinationOptions) SetEnabled(v bool) *VerifiedAccessLogS3DestinationOptions { + s.Enabled = &v + return s +} + +// SetPrefix sets the Prefix field's value. +func (s *VerifiedAccessLogS3DestinationOptions) SetPrefix(v string) *VerifiedAccessLogS3DestinationOptions { + s.Prefix = &v + return s +} + +// Describes the destinations for Verified Access logs. +type VerifiedAccessLogs struct { + _ struct{} `type:"structure"` + + // CloudWatch Logs logging destination. + CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestination `locationName:"cloudWatchLogs" type:"structure"` + + // Kinesis logging destination. + KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestination `locationName:"kinesisDataFirehose" type:"structure"` + + // Amazon S3 logging options. + S3 *VerifiedAccessLogS3Destination `locationName:"s3" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogs) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogs) GoString() string { + return s.String() +} + +// SetCloudWatchLogs sets the CloudWatchLogs field's value. +func (s *VerifiedAccessLogs) SetCloudWatchLogs(v *VerifiedAccessLogCloudWatchLogsDestination) *VerifiedAccessLogs { + s.CloudWatchLogs = v + return s +} + +// SetKinesisDataFirehose sets the KinesisDataFirehose field's value. +func (s *VerifiedAccessLogs) SetKinesisDataFirehose(v *VerifiedAccessLogKinesisDataFirehoseDestination) *VerifiedAccessLogs { + s.KinesisDataFirehose = v + return s +} + +// SetS3 sets the S3 field's value. +func (s *VerifiedAccessLogs) SetS3(v *VerifiedAccessLogS3Destination) *VerifiedAccessLogs { + s.S3 = v + return s +} + +// Describes a Verified Access trust provider. +type VerifiedAccessTrustProvider struct { + _ struct{} `type:"structure"` + + // The creation time. + CreationTime *string `locationName:"creationTime" type:"string"` + + // A description for the Amazon Web Services Verified Access trust provider. + Description *string `locationName:"description" type:"string"` + + // The options for device-identity type trust provider. + DeviceOptions *DeviceOptions `locationName:"deviceOptions" type:"structure"` + + // The type of device-based trust provider. + DeviceTrustProviderType *string `locationName:"deviceTrustProviderType" type:"string" enum:"DeviceTrustProviderType"` + + // The last updated time. + LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` + + // The OpenID Connect details for an oidc-type, user-identity based trust provider. + OidcOptions *OidcOptions `locationName:"oidcOptions" type:"structure"` + + // The identifier to be used when working with policy rules. + PolicyReferenceName *string `locationName:"policyReferenceName" type:"string"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The type of Verified Access trust provider. + TrustProviderType *string `locationName:"trustProviderType" type:"string" enum:"TrustProviderType"` + + // The type of user-based trust provider. + UserTrustProviderType *string `locationName:"userTrustProviderType" type:"string" enum:"UserTrustProviderType"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProviderId *string `locationName:"verifiedAccessTrustProviderId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessTrustProvider) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessTrustProvider) GoString() string { + return s.String() +} + +// SetCreationTime sets the CreationTime field's value. +func (s *VerifiedAccessTrustProvider) SetCreationTime(v string) *VerifiedAccessTrustProvider { + s.CreationTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessTrustProvider) SetDescription(v string) *VerifiedAccessTrustProvider { + s.Description = &v + return s +} + +// SetDeviceOptions sets the DeviceOptions field's value. +func (s *VerifiedAccessTrustProvider) SetDeviceOptions(v *DeviceOptions) *VerifiedAccessTrustProvider { + s.DeviceOptions = v + return s +} + +// SetDeviceTrustProviderType sets the DeviceTrustProviderType field's value. +func (s *VerifiedAccessTrustProvider) SetDeviceTrustProviderType(v string) *VerifiedAccessTrustProvider { + s.DeviceTrustProviderType = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *VerifiedAccessTrustProvider) SetLastUpdatedTime(v string) *VerifiedAccessTrustProvider { + s.LastUpdatedTime = &v + return s +} + +// SetOidcOptions sets the OidcOptions field's value. +func (s *VerifiedAccessTrustProvider) SetOidcOptions(v *OidcOptions) *VerifiedAccessTrustProvider { + s.OidcOptions = v + return s +} + +// SetPolicyReferenceName sets the PolicyReferenceName field's value. +func (s *VerifiedAccessTrustProvider) SetPolicyReferenceName(v string) *VerifiedAccessTrustProvider { + s.PolicyReferenceName = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *VerifiedAccessTrustProvider) SetTags(v []*Tag) *VerifiedAccessTrustProvider { + s.Tags = v + return s +} + +// SetTrustProviderType sets the TrustProviderType field's value. +func (s *VerifiedAccessTrustProvider) SetTrustProviderType(v string) *VerifiedAccessTrustProvider { + s.TrustProviderType = &v + return s +} + +// SetUserTrustProviderType sets the UserTrustProviderType field's value. +func (s *VerifiedAccessTrustProvider) SetUserTrustProviderType(v string) *VerifiedAccessTrustProvider { + s.UserTrustProviderType = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *VerifiedAccessTrustProvider) SetVerifiedAccessTrustProviderId(v string) *VerifiedAccessTrustProvider { + s.VerifiedAccessTrustProviderId = &v + return s +} + +// Condensed information about a trust provider. +type VerifiedAccessTrustProviderCondensed struct { + _ struct{} `type:"structure"` + + // The description of trust provider. + Description *string `locationName:"description" type:"string"` + + // The type of device-based trust provider. + DeviceTrustProviderType *string `locationName:"deviceTrustProviderType" type:"string" enum:"DeviceTrustProviderType"` + + // The type of trust provider (user- or device-based). + TrustProviderType *string `locationName:"trustProviderType" type:"string" enum:"TrustProviderType"` + + // The type of user-based trust provider. + UserTrustProviderType *string `locationName:"userTrustProviderType" type:"string" enum:"UserTrustProviderType"` + + // The ID of the trust provider. + VerifiedAccessTrustProviderId *string `locationName:"verifiedAccessTrustProviderId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessTrustProviderCondensed) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessTrustProviderCondensed) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetDescription(v string) *VerifiedAccessTrustProviderCondensed { + s.Description = &v + return s +} + +// SetDeviceTrustProviderType sets the DeviceTrustProviderType field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetDeviceTrustProviderType(v string) *VerifiedAccessTrustProviderCondensed { + s.DeviceTrustProviderType = &v + return s +} + +// SetTrustProviderType sets the TrustProviderType field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetTrustProviderType(v string) *VerifiedAccessTrustProviderCondensed { + s.TrustProviderType = &v + return s +} + +// SetUserTrustProviderType sets the UserTrustProviderType field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetUserTrustProviderType(v string) *VerifiedAccessTrustProviderCondensed { + s.UserTrustProviderType = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetVerifiedAccessTrustProviderId(v string) *VerifiedAccessTrustProviderCondensed { + s.VerifiedAccessTrustProviderId = &v + return s +} + // Describes telemetry for a VPN tunnel. type VgwTelemetry struct { _ struct{} `type:"structure"` @@ -168436,6 +176986,22 @@ func DestinationFileFormat_Values() []string { } } +const ( + // DeviceTrustProviderTypeJamf is a DeviceTrustProviderType enum value + DeviceTrustProviderTypeJamf = "jamf" + + // DeviceTrustProviderTypeCrowdstrike is a DeviceTrustProviderType enum value + DeviceTrustProviderTypeCrowdstrike = "crowdstrike" +) + +// DeviceTrustProviderType_Values returns all elements of the DeviceTrustProviderType enum +func DeviceTrustProviderType_Values() []string { + return []string{ + DeviceTrustProviderTypeJamf, + DeviceTrustProviderTypeCrowdstrike, + } +} + const ( // DeviceTypeEbs is a DeviceType enum value DeviceTypeEbs = "ebs" @@ -171507,6 +180073,9 @@ const ( // InstanceTypeTrn132xlarge is a InstanceType enum value InstanceTypeTrn132xlarge = "trn1.32xlarge" + + // InstanceTypeHpc6id32xlarge is a InstanceType enum value + InstanceTypeHpc6id32xlarge = "hpc6id.32xlarge" ) // InstanceType_Values returns all elements of the InstanceType enum @@ -172085,6 +180654,7 @@ func InstanceType_Values() []string { InstanceTypeU24tb1112xlarge, InstanceTypeTrn12xlarge, InstanceTypeTrn132xlarge, + InstanceTypeHpc6id32xlarge, } } @@ -172936,6 +181506,18 @@ func MembershipType_Values() []string { } } +const ( + // MetricTypeAggregateLatency is a MetricType enum value + MetricTypeAggregateLatency = "aggregate-latency" +) + +// MetricType_Values returns all elements of the MetricType enum +func MetricType_Values() []string { + return []string{ + MetricTypeAggregateLatency, + } +} + const ( // ModifyAvailabilityZoneOptInStatusOptedIn is a ModifyAvailabilityZoneOptInStatus enum value ModifyAvailabilityZoneOptInStatusOptedIn = "opted-in" @@ -173344,6 +181926,38 @@ func PaymentOption_Values() []string { } } +const ( + // PeriodTypeFiveMinutes is a PeriodType enum value + PeriodTypeFiveMinutes = "five-minutes" + + // PeriodTypeFifteenMinutes is a PeriodType enum value + PeriodTypeFifteenMinutes = "fifteen-minutes" + + // PeriodTypeOneHour is a PeriodType enum value + PeriodTypeOneHour = "one-hour" + + // PeriodTypeThreeHours is a PeriodType enum value + PeriodTypeThreeHours = "three-hours" + + // PeriodTypeOneDay is a PeriodType enum value + PeriodTypeOneDay = "one-day" + + // PeriodTypeOneWeek is a PeriodType enum value + PeriodTypeOneWeek = "one-week" +) + +// PeriodType_Values returns all elements of the PeriodType enum +func PeriodType_Values() []string { + return []string{ + PeriodTypeFiveMinutes, + PeriodTypeFifteenMinutes, + PeriodTypeOneHour, + PeriodTypeThreeHours, + PeriodTypeOneDay, + PeriodTypeOneWeek, + } +} + const ( // PermissionGroupAll is a PermissionGroup enum value PermissionGroupAll = "all" @@ -174017,8 +182631,26 @@ const ( // ResourceTypeVpcEndpointConnectionDeviceType is a ResourceType enum value ResourceTypeVpcEndpointConnectionDeviceType = "vpc-endpoint-connection-device-type" + // ResourceTypeVerifiedAccessInstance is a ResourceType enum value + ResourceTypeVerifiedAccessInstance = "verified-access-instance" + + // ResourceTypeVerifiedAccessGroup is a ResourceType enum value + ResourceTypeVerifiedAccessGroup = "verified-access-group" + + // ResourceTypeVerifiedAccessEndpoint is a ResourceType enum value + ResourceTypeVerifiedAccessEndpoint = "verified-access-endpoint" + + // ResourceTypeVerifiedAccessPolicy is a ResourceType enum value + ResourceTypeVerifiedAccessPolicy = "verified-access-policy" + + // ResourceTypeVerifiedAccessTrustProvider is a ResourceType enum value + ResourceTypeVerifiedAccessTrustProvider = "verified-access-trust-provider" + // ResourceTypeVpnConnectionDeviceType is a ResourceType enum value ResourceTypeVpnConnectionDeviceType = "vpn-connection-device-type" + + // ResourceTypeVpcBlockPublicAccessExclusion is a ResourceType enum value + ResourceTypeVpcBlockPublicAccessExclusion = "vpc-block-public-access-exclusion" ) // ResourceType_Values returns all elements of the ResourceType enum @@ -174100,7 +182732,13 @@ func ResourceType_Values() []string { ResourceTypeCapacityReservationFleet, ResourceTypeTrafficMirrorFilterRule, ResourceTypeVpcEndpointConnectionDeviceType, + ResourceTypeVerifiedAccessInstance, + ResourceTypeVerifiedAccessGroup, + ResourceTypeVerifiedAccessEndpoint, + ResourceTypeVerifiedAccessPolicy, + ResourceTypeVerifiedAccessTrustProvider, ResourceTypeVpnConnectionDeviceType, + ResourceTypeVpcBlockPublicAccessExclusion, } } @@ -174520,6 +183158,18 @@ func StaticSourcesSupportValue_Values() []string { } } +const ( + // StatisticTypeP50 is a StatisticType enum value + StatisticTypeP50 = "p50" +) + +// StatisticType_Values returns all elements of the StatisticType enum +func StatisticType_Values() []string { + return []string{ + StatisticTypeP50, + } +} + const ( // StatusMoveInProgress is a Status enum value StatusMoveInProgress = "MoveInProgress" @@ -175368,6 +184018,22 @@ func TransportProtocol_Values() []string { } } +const ( + // TrustProviderTypeUser is a TrustProviderType enum value + TrustProviderTypeUser = "user" + + // TrustProviderTypeDevice is a TrustProviderType enum value + TrustProviderTypeDevice = "device" +) + +// TrustProviderType_Values returns all elements of the TrustProviderType enum +func TrustProviderType_Values() []string { + return []string{ + TrustProviderTypeUser, + TrustProviderTypeDevice, + } +} + const ( // TunnelInsideIpVersionIpv4 is a TunnelInsideIpVersion enum value TunnelInsideIpVersionIpv4 = "ipv4" @@ -175448,6 +184114,110 @@ func UsageClassType_Values() []string { } } +const ( + // UserTrustProviderTypeIamIdentityCenter is a UserTrustProviderType enum value + UserTrustProviderTypeIamIdentityCenter = "iam-identity-center" + + // UserTrustProviderTypeOidc is a UserTrustProviderType enum value + UserTrustProviderTypeOidc = "oidc" +) + +// UserTrustProviderType_Values returns all elements of the UserTrustProviderType enum +func UserTrustProviderType_Values() []string { + return []string{ + UserTrustProviderTypeIamIdentityCenter, + UserTrustProviderTypeOidc, + } +} + +const ( + // VerifiedAccessEndpointAttachmentTypeVpc is a VerifiedAccessEndpointAttachmentType enum value + VerifiedAccessEndpointAttachmentTypeVpc = "vpc" +) + +// VerifiedAccessEndpointAttachmentType_Values returns all elements of the VerifiedAccessEndpointAttachmentType enum +func VerifiedAccessEndpointAttachmentType_Values() []string { + return []string{ + VerifiedAccessEndpointAttachmentTypeVpc, + } +} + +const ( + // VerifiedAccessEndpointProtocolHttp is a VerifiedAccessEndpointProtocol enum value + VerifiedAccessEndpointProtocolHttp = "http" + + // VerifiedAccessEndpointProtocolHttps is a VerifiedAccessEndpointProtocol enum value + VerifiedAccessEndpointProtocolHttps = "https" +) + +// VerifiedAccessEndpointProtocol_Values returns all elements of the VerifiedAccessEndpointProtocol enum +func VerifiedAccessEndpointProtocol_Values() []string { + return []string{ + VerifiedAccessEndpointProtocolHttp, + VerifiedAccessEndpointProtocolHttps, + } +} + +const ( + // VerifiedAccessEndpointStatusCodePending is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodePending = "pending" + + // VerifiedAccessEndpointStatusCodeActive is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodeActive = "active" + + // VerifiedAccessEndpointStatusCodeUpdating is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodeUpdating = "updating" + + // VerifiedAccessEndpointStatusCodeDeleting is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodeDeleting = "deleting" + + // VerifiedAccessEndpointStatusCodeDeleted is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodeDeleted = "deleted" +) + +// VerifiedAccessEndpointStatusCode_Values returns all elements of the VerifiedAccessEndpointStatusCode enum +func VerifiedAccessEndpointStatusCode_Values() []string { + return []string{ + VerifiedAccessEndpointStatusCodePending, + VerifiedAccessEndpointStatusCodeActive, + VerifiedAccessEndpointStatusCodeUpdating, + VerifiedAccessEndpointStatusCodeDeleting, + VerifiedAccessEndpointStatusCodeDeleted, + } +} + +const ( + // VerifiedAccessEndpointTypeLoadBalancer is a VerifiedAccessEndpointType enum value + VerifiedAccessEndpointTypeLoadBalancer = "load-balancer" + + // VerifiedAccessEndpointTypeNetworkInterface is a VerifiedAccessEndpointType enum value + VerifiedAccessEndpointTypeNetworkInterface = "network-interface" +) + +// VerifiedAccessEndpointType_Values returns all elements of the VerifiedAccessEndpointType enum +func VerifiedAccessEndpointType_Values() []string { + return []string{ + VerifiedAccessEndpointTypeLoadBalancer, + VerifiedAccessEndpointTypeNetworkInterface, + } +} + +const ( + // VerifiedAccessLogDeliveryStatusCodeSuccess is a VerifiedAccessLogDeliveryStatusCode enum value + VerifiedAccessLogDeliveryStatusCodeSuccess = "success" + + // VerifiedAccessLogDeliveryStatusCodeFailed is a VerifiedAccessLogDeliveryStatusCode enum value + VerifiedAccessLogDeliveryStatusCodeFailed = "failed" +) + +// VerifiedAccessLogDeliveryStatusCode_Values returns all elements of the VerifiedAccessLogDeliveryStatusCode enum +func VerifiedAccessLogDeliveryStatusCode_Values() []string { + return []string{ + VerifiedAccessLogDeliveryStatusCodeSuccess, + VerifiedAccessLogDeliveryStatusCodeFailed, + } +} + const ( // VirtualizationTypeHvm is a VirtualizationType enum value VirtualizationTypeHvm = "hvm" diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 2ac8aa1be1d..dc0252cd087 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -93,8 +93,8 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -104,10 +104,18 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { req, out := c.CancelKeyDeletionRequest(input) @@ -175,32 +183,26 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // ConnectCustomKeyStore API operation for AWS Key Management Service. // // Connects or reconnects a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// to its associated CloudHSM cluster. +// to its backing key store. For an CloudHSM key store, ConnectCustomKeyStore +// connects the key store to its associated CloudHSM cluster. For an external +// key store, ConnectCustomKeyStore connects the key store to the external key +// store proxy that communicates with your external key manager. // // The custom key store must be connected before you can create KMS keys in // the key store or use the KMS keys it contains. You can disconnect and reconnect // a custom key store at any time. // -// To connect a custom key store, its associated CloudHSM cluster must have -// at least one active HSM. To get the number of active HSMs in a cluster, use -// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) -// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// (CU) must not be logged into the cluster. This prevents KMS from using this -// account to log in. -// -// The connection process can take an extended amount of time to complete; up -// to 20 minutes. This operation starts the connection process, but it does -// not wait for it to complete. When it succeeds, this operation quickly returns -// an HTTP 200 response and a JSON object with no properties. However, this -// response does not indicate that the custom key store is connected. To get -// the connection state of the custom key store, use the DescribeCustomKeyStores +// The connection process for a custom key store can take an extended amount +// of time to complete. This operation starts the connection process, but it +// does not wait for it to complete. When it succeeds, this operation quickly +// returns an HTTP 200 response and a JSON object with no properties. However, +// this response does not indicate that the custom key store is connected. To +// get the connection state of the custom key store, use the DescribeCustomKeyStores // operation. // -// During the connection process, KMS finds the CloudHSM cluster that is associated -// with the custom key store, creates the connection infrastructure, connects -// to the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates -// its password. +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. // // The ConnectCustomKeyStore operation might fail for various reasons. To find // the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode @@ -210,8 +212,44 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // the custom key store, correct the error, use the UpdateCustomKeyStore operation // if necessary, and then use ConnectCustomKeyStore again. // -// If you are having trouble connecting or disconnecting a custom key store, -// see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// # CloudHSM key store +// +// During the connection process for an CloudHSM key store, KMS finds the CloudHSM +// cluster that is associated with the custom key store, creates the connection +// infrastructure, connects to the cluster, logs into the CloudHSM client as +// the kmsuser CU, and rotates its password. +// +// To connect an CloudHSM key store, its associated CloudHSM cluster must have +// at least one active HSM. To get the number of active HSMs in a cluster, use +// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) +// (CU) must not be logged into the cluster. This prevents KMS from using this +// account to log in. +// +// If you are having trouble connecting or disconnecting a CloudHSM key store, +// see Troubleshooting an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// in the Key Management Service Developer Guide. +// +// # External key store +// +// When you connect an external key store that uses public endpoint connectivity, +// KMS tests its ability to communicate with your external key manager by sending +// a request via the external key store proxy. +// +// When you connect to an external key store that uses VPC endpoint service +// connectivity, KMS establishes the networking elements that it needs to communicate +// with your external key manager via the external key store proxy. This includes +// creating an interface endpoint to the VPC endpoint service and a private +// hosted zone for traffic between KMS and the VPC endpoint service. +// +// To connect an external key store, KMS must be able to connect to the external +// key store proxy, the external key store proxy must be able to communicate +// with your external key manager, and the external key manager must be available +// for cryptographic operations. +// +// If you are having trouble connecting or disconnecting an external key store, +// see Troubleshooting an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html) // in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key @@ -242,10 +280,9 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // Returned Error Types: // // - CloudHsmClusterNotActiveException -// The request was rejected because the CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. // // - CustomKeyStoreInvalidStateException @@ -255,17 +292,27 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - CustomKeyStoreNotFoundException // The request was rejected because KMS cannot find a custom key store with @@ -277,29 +324,29 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // - CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, @@ -375,7 +422,7 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // Creates a friendly name for a KMS key. // // Adding, deleting, or updating an alias can allow or deny permission to the -// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // You can use an alias to identify a KMS key in the KMS console, in the DescribeKey @@ -433,8 +480,8 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - AlreadyExistsException // The request was rejected because it attempted to create a resource that already @@ -460,10 +507,18 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { req, out := c.CreateAliasRequest(input) @@ -530,27 +585,65 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // CreateCustomKeyStore API operation for AWS Key Management Service. // // Creates a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// that is associated with an CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) -// that you own and manage. -// -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// backed by a key store that you own and manage. When you use a KMS key in +// a custom key store for a cryptographic operation, the cryptographic operation +// is actually performed in your key store using your keys. KMS supports CloudHSM +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html) +// backed by an CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) +// and external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html) +// backed by an external key store proxy and external key manager outside of +// Amazon Web Services. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. -// -// Before you create the custom key store, you must assemble the required elements, -// including an CloudHSM cluster that fulfills the requirements for a custom -// key store. For details about the required elements, see Assemble the Prerequisites -// (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// of KMS with the isolation and control of a key store that you own and manage. +// +// Before you create the custom key store, the required elements must be in +// place and operational. We recommend that you use the test tools that KMS +// provides to verify the configuration your external key store proxy. For details +// about the required elements and verification tests, see Assemble the prerequisites +// (for CloudHSM key stores) (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// or Assemble the prerequisites (for external key stores) (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements) // in the Key Management Service Developer Guide. // +// To create a custom key store, use the following parameters. +// +// - To create an CloudHSM key store, specify the CustomKeyStoreName, CloudHsmClusterId, +// KeyStorePassword, and TrustAnchorCertificate. The CustomKeyStoreType parameter +// is optional for CloudHSM key stores. If you include it, set it to the +// default value, AWS_CLOUDHSM. For help with failures, see Troubleshooting +// an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// in the Key Management Service Developer Guide. +// +// - To create an external key store, specify the CustomKeyStoreName and +// a CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values for XksProxyConnectivity, +// XksProxyAuthenticationCredential, XksProxyUriEndpoint, and XksProxyUriPath. +// If your XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify the +// XksProxyVpcEndpointServiceName parameter. For help with failures, see +// Troubleshooting an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html) +// in the Key Management Service Developer Guide. +// +// For external key stores: +// +// Some external key managers provide a simpler method for creating an external +// key store. For details, see your external key manager documentation. +// +// When creating an external key store in the KMS console, you can upload a +// JSON-based proxy configuration file with the desired values. You cannot use +// a proxy configuration with the CreateCustomKeyStore operation. However, you +// can use the values in the file to help you determine the correct values for +// the CreateCustomKeyStore parameters. +// // When the operation completes successfully, it returns the ID of the new custom // key store. Before you can use your new custom key store, you need to use -// the ConnectCustomKeyStore operation to connect the new key store to its CloudHSM -// cluster. Even if you are not going to use your custom key store immediately, -// you might want to connect it to verify that all settings are correct and -// then disconnect it until you are ready to use it. -// -// For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// the ConnectCustomKeyStore operation to connect a new CloudHSM key store to +// its CloudHSM cluster, or to connect a new external key store to the external +// key store proxy for your external key manager. Even if you are not going +// to use your custom key store immediately, you might want to connect it to +// verify that all settings are correct and then disconnect it until you are +// ready to use it. +// +// For help with failures, see Troubleshooting a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key @@ -582,12 +675,13 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // // - CloudHsmClusterInUseException // The request was rejected because the specified CloudHSM cluster is already -// associated with a custom key store or it shares a backup history with a cluster -// that is associated with a custom key store. Each custom key store must be -// associated with a different CloudHSM cluster. +// associated with an CloudHSM key store in the account, or it shares a backup +// history with an CloudHSM key store in the account. Each CloudHSM key store +// in the account must be associated with a different CloudHSM cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // - CustomKeyStoreNameInUseException @@ -604,51 +698,113 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // can be retried. // // - CloudHsmClusterNotActiveException -// The request was rejected because the CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. // // - IncorrectTrustAnchorException // The request was rejected because the trust anchor certificate in the request -// is not the trust anchor certificate for the specified CloudHSM cluster. +// to create an CloudHSM key store is not the trust anchor certificate for the +// specified CloudHSM cluster. // -// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), +// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. // // - CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the CloudHSM User Guide . // +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. +// +// - XksProxyUriInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with an external key store in the +// Amazon Web Services account and Region. Each external key store in an account +// and Region must use a unique external key store proxy API address. +// +// - XksProxyUriEndpointInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an account and Region must +// use a unique external key store proxy address. +// +// - XksProxyUriUnreachableException +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +// +// - XksProxyIncorrectAuthenticationCredentialException +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +// +// - XksProxyVpcEndpointServiceInUseException +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an Amazon Web Services account +// and Region must use a different Amazon VPC endpoint service. +// +// - XksProxyVpcEndpointServiceNotFoundException +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +// +// - XksProxyVpcEndpointServiceInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +// +// - XksProxyInvalidResponseException +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +// +// - XksProxyInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) { req, out := c.CreateCustomKeyStoreRequest(input) @@ -783,8 +939,8 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // The request was rejected because the specified KMS key is not enabled. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -806,10 +962,18 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { req, out := c.CreateGrantRequest(input) @@ -876,13 +1040,21 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // CreateKey API operation for AWS Key Management Service. // // Creates a unique customer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys) -// in your Amazon Web Services account and Region. +// in your Amazon Web Services account and Region. You can use a KMS key in +// cryptographic operations, such as encryption and signing. Some Amazon Web +// Services services let you use KMS keys that you create and manage to protect +// your service resources. // -// In addition to the required parameters, you can use the optional parameters -// to specify a key policy, description, tags, and other useful elements for -// any key type. +// A KMS key is a logical representation of a cryptographic key. In addition +// to the key material used in cryptographic operations, a KMS key includes +// metadata, such as the key ID, key policy, creation date, description, and +// key state. For details, see Managing keys (https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html) +// in the Key Management Service Developer Guide // -// KMS is replacing the term customer master key (CMK) with KMS key and KMS +// Use the parameters of CreateKey to specify the type of KMS key, the source +// of its key material, its key policy, description, tags, and other properties. +// +// KMS has replaced the term customer master key (CMK) with KMS key and KMS // key. The concept has not changed. To prevent breaking changes, KMS is keeping // some variations of this term. // @@ -890,11 +1062,14 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // // # Symmetric encryption KMS key // -// To create a symmetric encryption KMS key, you aren't required to specify -// any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, and the -// default value for KeyUsage, ENCRYPT_DECRYPT, create a symmetric encryption -// KMS key. For technical details, see SYMMETRIC_DEFAULT key spec (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-symmetric-default) -// in the Key Management Service Developer Guide. +// By default, CreateKey creates a symmetric encryption KMS key with key material +// that KMS generates. This is the basic and most widely used type of KMS key, +// and provides the best performance. +// +// To create a symmetric encryption KMS key, you don't need to specify any parameters. +// The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, +// ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric +// encryption KMS key with KMS key material. // // If you need a key for basic encryption and decryption or you are creating // a KMS key to protect your resources in an Amazon Web Services service, create @@ -965,12 +1140,13 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) // in the Key Management Service Developer Guide. // -// To import your own key material, begin by creating a symmetric encryption -// KMS key with no key material. To do this, use the Origin parameter of CreateKey -// with a value of EXTERNAL. Next, use GetParametersForImport operation to get -// a public key and import token, and use the public key to encrypt your key -// material. Then, use ImportKeyMaterial with your import token to import the -// key material. For step-by-step instructions, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// To import your own key material into a KMS key, begin by creating a symmetric +// encryption KMS key with no key material. To do this, use the Origin parameter +// of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation +// to get a public key and import token, and use the public key to encrypt your +// key material. Then, use ImportKeyMaterial with your import token to import +// the key material. For step-by-step instructions, see Importing Key Material +// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the Key Management Service Developer Guide . // // This feature supports only symmetric encryption KMS keys, including multi-Region @@ -980,22 +1156,52 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // To create a multi-Region primary key with imported key material, use the // Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion // parameter with a value of True. To create replicas of the multi-Region primary -// key, use the ReplicateKey operation. For more information about multi-Region -// keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// key, use the ReplicateKey operation. For instructions, see Importing key +// material into multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html). +// For more information about multi-Region keys, see Multi-Region keys in KMS +// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) // in the Key Management Service Developer Guide. // // # Custom key store // -// To create a symmetric encryption KMS key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// use the CustomKeyStoreId parameter to specify the custom key store. You must -// also use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM -// cluster that is associated with the custom key store must have at least two -// active HSMs in different Availability Zones in the Amazon Web Services Region. +// A custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// lets you protect your Amazon Web Services resources using keys in a backing +// key store that you own and manage. When you request a cryptographic operation +// with a KMS key in a custom key store, the operation is performed in the backing +// key store using its cryptographic keys. +// +// KMS supports CloudHSM key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html) +// backed by an CloudHSM cluster and external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html) +// backed by an external key manager outside of Amazon Web Services. When you +// create a KMS key in an CloudHSM key store, KMS generates an encryption key +// in the CloudHSM cluster and associates it with the KMS key. When you create +// a KMS key in an external key store, you specify an existing encryption key +// in the external key manager. +// +// Some external key managers provide a simpler method for creating a KMS key +// in an external key store. For details, see your external key manager documentation. +// +// Before you create a KMS key in a custom key store, the ConnectionState of +// the key store must be CONNECTED. To connect the custom key store, use the +// ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores +// operation. // -// Custom key stores support only symmetric encryption KMS keys. You cannot -// create an HMAC KMS key or an asymmetric KMS key in a custom key store. For -// information about custom key stores in KMS see Custom key stores in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// in the Key Management Service Developer Guide . +// To create a KMS key in a custom key store, use the CustomKeyStoreId. Use +// the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value, +// ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is +// supported in a custom key store. +// +// To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html), +// use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster +// that is associated with the custom key store must have at least two active +// HSMs in different Availability Zones in the Amazon Web Services Region. +// +// To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html), +// use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId +// parameter that identifies an existing external key. +// +// Some external key managers provide a simpler method for creating a KMS key +// in an external key store. For details, see your external key manager documentation. // // Cross-account use: No. You cannot use this operation to create a KMS key // in a different Amazon Web Services account. @@ -1028,8 +1234,8 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // or semantically correct. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -1062,49 +1268,83 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the CloudHSM User Guide . // +// - XksKeyInvalidConfigurationException +// The request was rejected because the external key specified by the XksKeyId +// parameter did not meet the configuration requirements for an external key +// store. +// +// The external key must be an AES-256 symmetric key that is enabled and performs +// encryption and decryption. +// +// - XksKeyAlreadyInUseException +// The request was rejected because the (XksKeyId) is already associated with +// a KMS key in this external key store. Each KMS key in an external key store +// must be associated with a different external key. +// +// - XksKeyNotFoundException +// The request was rejected because the external key store proxy could not find +// the external key. This exception is thrown when the value of the XksKeyId +// parameter doesn't identify a key in the external key manager associated with +// the external key proxy. +// +// Verify that the XksKeyId represents an existing key in the external key manager. +// Use the key identifier that the external key store proxy uses to identify +// the key. For details, see the documentation provided with your external key +// store proxy or key manager. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { req, out := c.CreateKeyRequest(input) @@ -1192,8 +1432,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // // The Decrypt operation also decrypts ciphertext that was encrypted outside // of KMS by the public key in an KMS asymmetric KMS key. However, it cannot -// decrypt ciphertext produced by other libraries, such as the Amazon Web Services -// Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// decrypt symmetric ciphertext produced by other libraries, such as the Amazon +// Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). // These libraries return a ciphertext format that is incompatible with KMS. // @@ -1297,8 +1537,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // key, use the DescribeKey operation. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -1311,10 +1551,18 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { req, out := c.DecryptRequest(input) @@ -1384,7 +1632,7 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // Deletes the specified alias. // // Adding, deleting, or updating an alias can allow or deny permission to the -// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // Because an alias is not a property of a KMS key, you can delete and change @@ -1428,8 +1676,8 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -1443,10 +1691,18 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { req, out := c.DeleteAliasRequest(input) @@ -1514,33 +1770,39 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // DeleteCustomKeyStore API operation for AWS Key Management Service. // // Deletes a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// This operation does not delete the CloudHSM cluster that is associated with -// the custom key store, or affect any users or keys in the cluster. +// This operation does not affect any backing elements of the custom key store. +// It does not delete the CloudHSM cluster that is associated with an CloudHSM +// key store, or affect any users or keys in the cluster. For an external key +// store, it does not affect the external key store proxy, external key manager, +// or any external keys. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. // // The custom key store that you delete cannot contain any KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). // Before deleting the key store, verify that you will never need to use any // of the KMS keys in the key store for any cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). // Then, use ScheduleKeyDeletion to delete the KMS keys from the key store. -// When the scheduled waiting period expires, the ScheduleKeyDeletion operation -// deletes the KMS keys. Then it makes a best effort to delete the key material -// from the associated cluster. However, you might need to manually delete the -// orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) -// from the cluster and its backups. -// -// After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore to -// disconnect the key store from KMS. Then, you can delete the custom key store. -// -// Instead of deleting the custom key store, consider using DisconnectCustomKeyStore -// to disconnect it from KMS. While the key store is disconnected, you cannot -// create or use the KMS keys in the key store. But, you do not need to delete -// KMS keys and you can reconnect a disconnected custom key store at any time. +// After the required waiting period expires and all KMS keys are deleted from +// the custom key store, use DisconnectCustomKeyStore to disconnect the key +// store from KMS. Then, you can delete the custom key store. +// +// For keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes +// a best effort to delete the key material from the associated cluster. However, +// you might need to manually delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// from the cluster and its backups. KMS never creates, manages, or deletes +// cryptographic keys in the external key manager associated with an external +// key store. You must manage them using your external key manager tools. +// +// Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore +// operation to disconnect the custom key store from its backing key store. +// While the key store is disconnected, you cannot create or use the KMS keys +// in the key store. But, you do not need to delete KMS keys and you can reconnect +// a disconnected custom key store at any time. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. -// // Cross-account use: No. You cannot perform this operation on a custom key // store in a different Amazon Web Services account. // @@ -1581,17 +1843,27 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - CustomKeyStoreNotFoundException // The request was rejected because KMS cannot find a custom key store with @@ -1713,8 +1985,8 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // a specified resource is not valid for this operation. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -1728,10 +2000,18 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) { req, out := c.DeleteImportedKeyMaterialRequest(input) @@ -1788,7 +2068,7 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -1806,30 +2086,37 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // in the account and Region. // -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. +// of KMS with the isolation and control of a key store that you own and manage. // // By default, this operation returns information about all custom key stores // in the account and Region. To get only information about a particular custom // key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter // (but not both). // -// To determine whether the custom key store is connected to its CloudHSM cluster, -// use the ConnectionState element in the response. If an attempt to connect -// the custom key store failed, the ConnectionState value is FAILED and the -// ConnectionErrorCode element in the response indicates the cause of the failure. -// For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. +// To determine whether the custom key store is connected to its CloudHSM cluster +// or external key store proxy, use the ConnectionState element in the response. +// If an attempt to connect the custom key store failed, the ConnectionState +// value is FAILED and the ConnectionErrorCode element in the response indicates +// the cause of the failure. For help interpreting the ConnectionErrorCode, +// see CustomKeyStoresListEntry. // // Custom key stores have a DISCONNECTED connection state if the key store has -// never been connected or you use the DisconnectCustomKeyStore operation to -// disconnect it. If your custom key store state is CONNECTED but you are having -// trouble using it, make sure that its associated CloudHSM cluster is active -// and contains the minimum number of HSMs required for the operation, if any. -// -// For help repairing your custom key store, see the Troubleshooting Custom -// Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// topic in the Key Management Service Developer Guide. +// never been connected or you used the DisconnectCustomKeyStore operation to +// disconnect it. Otherwise, the connection state is CONNECTED. If your custom +// key store connection state is CONNECTED but you are having trouble using +// it, verify that the backing store is active and available. For an CloudHSM +// key store, verify that the associated CloudHSM cluster is active and contains +// the minimum number of HSMs required for the operation, if any. For an external +// key store, verify that the external key store proxy and its associated external +// key manager are reachable and enabled. +// +// For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html). +// For help repairing your external key store, see the Troubleshooting external +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html). +// Both topics are in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key // store in a different Amazon Web Services account. @@ -1995,10 +2282,14 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // any) of the key material. It includes fields, like KeySpec, that help you // distinguish different types of KMS keys. It also displays the key usage (encryption, // signing, or generating and verifying MACs) and the algorithms that the KMS -// key supports. For KMS keys in custom key stores, it includes information -// about the custom key store, such as the key store ID and the CloudHSM cluster -// ID. For multi-Region keys, it displays the primary key and all related replica -// keys. +// key supports. +// +// For multi-Region keys (kms/latest/developerguide/multi-region-keys-overview.html), +// DescribeKey displays the primary key and all related replica keys. For KMS +// keys in CloudHSM key stores (kms/latest/developerguide/keystore-cloudhsm.html), +// it includes information about the key store, such as the key store ID and +// the CloudHSM cluster ID. For KMS keys in external key stores (kms/latest/developerguide/keystore-external.html), +// it includes the custom key store ID and the ID of the external key. // // DescribeKey does not return the following information: // @@ -2061,8 +2352,8 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2171,8 +2462,8 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2182,10 +2473,18 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { req, out := c.DisableKeyRequest(input) @@ -2256,12 +2555,12 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // of the specified symmetric encryption KMS key. // // Automatic key rotation is supported only on symmetric encryption KMS keys. -// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// The key rotation status of these KMS keys is always false. To enable or disable -// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // // You can enable (EnableKeyRotation) and disable automatic rotation of the @@ -2311,8 +2610,8 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2322,10 +2621,18 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -2397,10 +2704,18 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // DisconnectCustomKeyStore API operation for AWS Key Management Service. // // Disconnects the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// from its associated CloudHSM cluster. While a custom key store is disconnected, -// you can manage the custom key store and its KMS keys, but you cannot create -// or use KMS keys in the custom key store. You can reconnect the custom key -// store at any time. +// from its backing key store. This operation disconnects an CloudHSM key store +// from its associated CloudHSM cluster or disconnects an external key store +// from the external key store proxy that communicates with your external key +// manager. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. +// +// While a custom key store is disconnected, you can manage the custom key store +// and its KMS keys, but you cannot create or use its KMS keys. You can reconnect +// the custom key store at any time. // // While a custom key store is disconnected, all attempts to create KMS keys // in the custom key store or to use existing KMS keys in cryptographic operations @@ -2408,16 +2723,13 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // will fail. This action can prevent users from storing and accessing sensitive // data. // +// When you disconnect a custom key store, its ConnectionState changes to Disconnected. // To find the connection state of a custom key store, use the DescribeCustomKeyStores // operation. To reconnect a custom key store, use the ConnectCustomKeyStore // operation. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. -// // Cross-account use: No. You cannot perform this operation on a custom key // store in a different Amazon Web Services account. // @@ -2452,17 +2764,27 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - CustomKeyStoreNotFoundException // The request was rejected because KMS cannot find a custom key store with @@ -2571,8 +2893,8 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2587,10 +2909,18 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { req, out := c.EnableKeyRequest(input) @@ -2669,12 +2999,12 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // // Automatic key rotation is supported only on symmetric encryption KMS keys // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). -// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// The key rotation status of these KMS keys is always false. To enable or disable -// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // // You cannot enable or disable automatic rotation Amazon Web Services managed @@ -2730,8 +3060,8 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2741,10 +3071,18 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -2899,8 +3237,8 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -2930,10 +3268,18 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { req, out := c.EncryptRequest(input) @@ -3106,8 +3452,8 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -3137,10 +3483,18 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { req, out := c.GenerateDataKeyRequest(input) @@ -3296,8 +3650,8 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -3327,10 +3681,18 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -3479,8 +3841,8 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -3510,10 +3872,18 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -3612,6 +3982,14 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // or a key in a custom key store to generate a data key. To get the type of // your KMS key, use the DescribeKey operation. // +// You must also specify the length of the data key. Use either the KeySpec +// or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data +// keys, use the KeySpec parameter. +// +// To generate an SM4 data key (China Regions only), specify a KeySpec value +// of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used +// in China Regions to encrypt your data key is an SM4 encryption key. +// // If the operation succeeds, you will find the encrypted copy of the data key // in the CiphertextBlob field. // @@ -3666,8 +4044,8 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -3697,10 +4075,18 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) @@ -3767,15 +4153,18 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request, // GenerateMac API operation for AWS Key Management Service. // // Generates a hash-based message authentication code (HMAC) for a message using -// an HMAC KMS key and a MAC algorithm that the key supports. The MAC algorithm -// computes the HMAC for the message and the key as described in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). -// -// You can use the HMAC that this operation generates with the VerifyMac operation -// to demonstrate that the original message has not changed. Also, because a -// secret key is used to create the hash, you can verify that the party that -// generated the hash has the required secret key. This operation is part of -// KMS support for HMAC KMS keys. For details, see HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) -// in the Key Management Service Developer Guide . +// an HMAC KMS key and a MAC algorithm that the key supports. HMAC KMS keys +// and the HMAC algorithms that KMS uses conform to industry standards defined +// in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). +// +// You can use value that GenerateMac returns in the VerifyMac operation to +// demonstrate that the original message has not changed. Also, because a secret +// key is used to create the hash, you can verify that the party that generated +// the hash has the required secret key. You can also use the raw result to +// implement HMAC-based algorithms such as key derivation functions. This operation +// is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS +// (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the +// Key Management Service Developer Guide . // // Best practices recommend that you limit the time during which any signing // mechanism, including an HMAC, is effective. This deters an attack where the @@ -3845,10 +4234,18 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateMac func (c *KMS) GenerateMac(input *GenerateMacInput) (*GenerateMacOutput, error) { req, out := c.GenerateMacRequest(input) @@ -3920,9 +4317,8 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // byte string. There is no default value for string length. // // By default, the random byte string is generated in KMS. To generate the byte -// string in the CloudHSM cluster that is associated with a custom key store -// (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// specify the custom key store ID. +// string in the CloudHSM cluster associated with an CloudHSM key store, use +// the CustomKeyStoreId parameter. // // Applications in Amazon Web Services Nitro Enclaves can call this operation // by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). @@ -3949,13 +4345,17 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// // - CustomKeyStoreNotFoundException // The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. @@ -3967,17 +4367,27 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) { @@ -4072,8 +4482,8 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -4083,10 +4493,18 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { req, out := c.GetKeyPolicyRequest(input) @@ -4163,12 +4581,12 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // // Automatic key rotation is supported only on symmetric encryption KMS keys // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). -// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// The key rotation status of these KMS keys is always false. To enable or disable -// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key.. // // You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) @@ -4228,8 +4646,8 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -4239,10 +4657,18 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -4322,11 +4748,11 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // a subsequent ImportKeyMaterial request. // // You must specify the key ID of the symmetric encryption KMS key into which -// you will import key material. This KMS key's Origin must be EXTERNAL. You -// must also specify the wrapping algorithm and type of wrapping key (public -// key) that you will use to encrypt the key material. You cannot perform this -// operation on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in -// a different Amazon Web Services account. +// you will import key material. The KMS key Origin must be EXTERNAL. You must +// also specify the wrapping algorithm and type of wrapping key (public key) +// that you will use to encrypt the key material. You cannot perform this operation +// on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different +// Amazon Web Services account. // // To import key material, you must use the public key and import token from // the same response. These items are valid for 24 hours. The expiration date @@ -4368,8 +4794,8 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // a specified resource is not valid for this operation. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -4383,10 +4809,18 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { req, out := c.GetParametersForImportRequest(input) @@ -4467,11 +4901,6 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // are part of every KMS operation. You also reduce of risk of encrypting data // that cannot be decrypted. These features are not effective outside of KMS. // -// To verify a signature outside of KMS with an SM2 public key (China Regions -// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 -// as the distinguishing ID. For more information, see Offline verification -// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). -// // To help you use the public key safely outside of KMS, GetPublicKey returns // important information about the public key in the response, including: // @@ -4493,6 +4922,11 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // algorithm that is not supported by KMS. You can also avoid errors, such as // using the wrong signing algorithm in a verification operation. // +// To verify a signature outside of KMS with an SM2 public key (China Regions +// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 +// as the distinguishing ID. For more information, see Offline verification +// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). +// // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide. @@ -4527,8 +4961,8 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -4566,10 +5000,18 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey func (c *KMS) GetPublicKey(input *GetPublicKeyInput) (*GetPublicKeyOutput, error) { req, out := c.GetPublicKeyRequest(input) @@ -4664,11 +5106,13 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // - The import token that GetParametersForImport returned. You must use // a public key and token from the same GetParametersForImport response. // -// - Whether the key material expires and if so, when. If you set an expiration -// date, KMS deletes the key material from the KMS key on the specified date, -// and the KMS key becomes unusable. To use the KMS key again, you must reimport -// the same key material. The only way to change an expiration date is by -// reimporting the same key material and specifying a new expiration date. +// - Whether the key material expires (ExpirationModel) and, if so, when +// (ValidTo). If you set an expiration date, on the specified date, KMS deletes +// the key material from the KMS key, making the KMS key unusable. To use +// the KMS key in cryptographic operations again, you must reimport the same +// key material. The only way to change the expiration model or expiration +// date is by reimporting the same key material and specifying a new expiration +// date. // // When this operation is successful, the key state of the KMS key changes from // PendingImport to Enabled, and you can use the KMS key. @@ -4714,8 +5158,8 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // a specified resource is not valid for this operation. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -4729,10 +5173,18 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - InvalidCiphertextException // From the Decrypt or ReEncrypt operation, the request was rejected because // the specified ciphertext, or additional authenticated data incorporated into @@ -4812,7 +5264,7 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -4873,8 +5325,8 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidMarkerException // The request was rejected because the marker that specifies where pagination @@ -4999,7 +5451,7 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5061,8 +5513,8 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // be found. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidMarkerException // The request was rejected because the marker that specifies where pagination @@ -5083,10 +5535,18 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { req, out := c.ListGrantsRequest(input) @@ -5194,7 +5654,7 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5243,8 +5703,8 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -5254,10 +5714,18 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { req, out := c.ListKeyPoliciesRequest(input) @@ -5365,7 +5833,7 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5409,8 +5877,8 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -5527,7 +5995,7 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5697,7 +6165,7 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5755,8 +6223,8 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidMarkerException // The request was rejected because the marker that specifies where pagination @@ -5931,8 +6399,8 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // or semantically correct. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -5951,10 +6419,18 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { req, out := c.PutKeyPolicyRequest(input) @@ -6056,20 +6532,20 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // was encrypted under a different KMS key, the ReEncrypt operation fails. // This practice ensures that you use the KMS key that you intend. // -// - To reencrypt the data, you must use the DestinationKeyId parameter specify -// the KMS key that re-encrypts the data after it is decrypted. If the destination -// KMS key is an asymmetric KMS key, you must also provide the encryption -// algorithm. The algorithm that you choose must be compatible with the KMS -// key. When you use an asymmetric KMS key to encrypt or reencrypt data, -// be sure to record the KMS key and encryption algorithm that you choose. -// You will be required to provide the same KMS key and encryption algorithm -// when you decrypt the data. If the KMS key and algorithm do not match the -// values used to encrypt the data, the decrypt operation fails. You are -// not required to supply the key ID and encryption algorithm when you decrypt -// with symmetric encryption KMS keys because KMS stores this information -// in the ciphertext blob. KMS cannot store metadata in ciphertext generated -// with asymmetric keys. The standard format for asymmetric key ciphertext -// does not include configurable fields. +// - To reencrypt the data, you must use the DestinationKeyId parameter to +// specify the KMS key that re-encrypts the data after it is decrypted. If +// the destination KMS key is an asymmetric KMS key, you must also provide +// the encryption algorithm. The algorithm that you choose must be compatible +// with the KMS key. When you use an asymmetric KMS key to encrypt or reencrypt +// data, be sure to record the KMS key and encryption algorithm that you +// choose. You will be required to provide the same KMS key and encryption +// algorithm when you decrypt the data. If the KMS key and algorithm do not +// match the values used to encrypt the data, the decrypt operation fails. +// You are not required to supply the key ID and encryption algorithm when +// you decrypt with symmetric encryption KMS keys because KMS stores this +// information in the ciphertext blob. KMS cannot store metadata in ciphertext +// generated with asymmetric keys. The standard format for asymmetric key +// ciphertext does not include configurable fields. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -6140,8 +6616,8 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // must identify the same KMS key that was used to encrypt the ciphertext. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -6171,10 +6647,18 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { req, out := c.ReEncryptRequest(input) @@ -6348,10 +6832,18 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - InternalException // The request was rejected because an internal exception occurred. The request // can be retried. @@ -6500,8 +6992,8 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // be found. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -6511,10 +7003,18 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { req, out := c.RetireGrantRequest(input) @@ -6628,8 +7128,8 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // be found. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -6646,10 +7146,18 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { req, out := c.RevokeGrantRequest(input) @@ -6730,13 +7238,6 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // is unrecoverable. (The only exception is a multi-Region replica key.) To // prevent the use of a KMS key without deleting it, use DisableKey. // -// If you schedule deletion of a KMS key from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// when the waiting period expires, ScheduleKeyDeletion deletes the KMS key -// from KMS. Then KMS makes a best effort to delete the key material from the -// associated CloudHSM cluster. However, you might need to manually delete the -// orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) -// from the cluster and its backups. -// // You can schedule the deletion of a multi-Region primary key and its replica // keys at any time. However, KMS will not delete a multi-Region primary key // with existing replica keys. If you schedule the deletion of a primary key @@ -6748,6 +7249,18 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) // in the Key Management Service Developer Guide. // +// When KMS deletes a KMS key from an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/delete-cmk-keystore.html), +// it makes a best effort to delete the associated key material from the associated +// CloudHSM cluster. However, you might need to manually delete the orphaned +// key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// from the cluster and its backups. Deleting a KMS key from an external key +// store (https://docs.aws.amazon.com/kms/latest/developerguide/delete-xks-key.html) +// has no effect on the associated external key. However, for both types of +// custom key stores, deleting a KMS key is destructive and irreversible. You +// cannot decrypt ciphertext encrypted under the KMS key by using only its associated +// external key or CloudHSM key. Also, you cannot recreate a KMS key in an external +// key store by creating a new KMS key with the same key material. +// // For more information about scheduling a KMS key for deletion, see Deleting // KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the Key Management Service Developer Guide. @@ -6785,8 +7298,8 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -6796,10 +7309,18 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { req, out := c.ScheduleKeyDeletionRequest(input) @@ -6940,8 +7461,8 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -6971,10 +7492,18 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Sign func (c *KMS) Sign(input *SignInput) (*SignOutput, error) { req, out := c.SignRequest(input) @@ -7044,7 +7573,7 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // Adds or edits tags on a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. -// For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // Each tag consists of a tag key and a tag value, both of which are case-sensitive @@ -7111,10 +7640,18 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) @@ -7193,7 +7730,7 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // To delete a tag, specify the tag key and the KMS key. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. -// For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // When it succeeds, the UntagResource operation doesn't return any output. @@ -7251,10 +7788,18 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - TagException // The request was rejected because one or more tags are not valid. // @@ -7330,14 +7875,14 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // account and Region. // // Adding, deleting, or updating an alias can allow or deny permission to the -// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // The current and new KMS key must be the same type (both symmetric or both -// asymmetric), and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). -// This restriction prevents errors in code that uses aliases. If you must assign -// an alias to a different type of KMS key, use DeleteAlias to delete the old -// alias and CreateAlias to create a new alias. +// asymmetric or both HMAC), and they must have the same key usage. This restriction +// prevents errors in code that uses aliases. If you must assign an alias to +// a different type of KMS key, use DeleteAlias to delete the old alias and +// CreateAlias to create a new alias. // // You cannot use UpdateAlias to change an alias name. To change an alias name, // use DeleteAlias to delete the old alias and CreateAlias to create a new alias. @@ -7386,8 +7931,8 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -7406,10 +7951,18 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { req, out := c.UpdateAliasRequest(input) @@ -7476,42 +8029,70 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // UpdateCustomKeyStore API operation for AWS Key Management Service. // -// Changes the properties of a custom key store. Use the CustomKeyStoreId parameter -// to identify the custom key store you want to edit. Use the remaining parameters -// to change the properties of the custom key store. -// -// You can only update a custom key store that is disconnected. To disconnect -// the custom key store, use DisconnectCustomKeyStore. To reconnect the custom -// key store after the update completes, use ConnectCustomKeyStore. To find -// the connection state of a custom key store, use the DescribeCustomKeyStores -// operation. -// -// The CustomKeyStoreId parameter is required in all commands. Use the other -// parameters of UpdateCustomKeyStore to edit your key store settings. -// -// - Use the NewCustomKeyStoreName parameter to change the friendly name -// of the custom key store to the value that you specify. +// Changes the properties of a custom key store. You can use this operation +// to change the properties of an CloudHSM key store or an external key store. // -// - Use the KeyStorePassword parameter tell KMS the current password of -// the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// in the associated CloudHSM cluster. You can use this parameter to fix -// connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password) -// that occur when KMS cannot log into the associated cluster because the -// kmsuser password has changed. This value does not change the password -// in the CloudHSM cluster. +// Use the required CustomKeyStoreId parameter to identify the custom key store. +// Use the remaining optional parameters to change its properties. This operation +// does not return any property values. To verify the updated property values, +// use the DescribeCustomKeyStores operation. // -// - Use the CloudHsmClusterId parameter to associate the custom key store -// with a different, but related, CloudHSM cluster. You can use this parameter -// to repair a custom key store if its CloudHSM cluster becomes corrupted -// or is deleted, or when you need to create or restore a cluster from a -// backup. +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. +// +// When updating the properties of an external key store, verify that the updated +// settings connect your key store, via the external key store proxy, to the +// same external key manager as the previous settings, or to a backup or snapshot +// of the external key manager with the same cryptographic keys. If the updated +// connection settings fail, you can fix them and retry, although an extended +// delay might disrupt Amazon Web Services services. However, if KMS permanently +// loses its access to cryptographic keys, ciphertext encrypted under those +// keys is unrecoverable. +// +// For external key stores: +// +// Some external key managers provide a simpler method for updating an external +// key store. For details, see your external key manager documentation. +// +// When updating an external key store in the KMS console, you can upload a +// JSON-based proxy configuration file with the desired values. You cannot upload +// the proxy configuration file to the UpdateCustomKeyStore operation. However, +// you can use the file to help you determine the correct values for the UpdateCustomKeyStore +// parameters. +// +// For an CloudHSM key store, you can use this operation to change the custom +// key store friendly name (NewCustomKeyStoreName), to tell KMS about a change +// to the kmsuser crypto user password (KeyStorePassword), or to associate the +// custom key store with a different, but related, CloudHSM cluster (CloudHsmClusterId). +// To update any property of an CloudHSM key store, the ConnectionState of the +// CloudHSM key store must be DISCONNECTED. +// +// For an external key store, you can use this operation to change the custom +// key store friendly name (NewCustomKeyStoreName), or to tell KMS about a change +// to the external key store proxy authentication credentials (XksProxyAuthenticationCredential), +// connection method (XksProxyConnectivity), external proxy endpoint (XksProxyUriEndpoint) +// and path (XksProxyUriPath). For external key stores with an XksProxyConnectivity +// of VPC_ENDPOINT_SERVICE, you can also update the Amazon VPC endpoint service +// name (XksProxyVpcEndpointServiceName). To update most properties of an external +// key store, the ConnectionState of the external key store must be DISCONNECTED. +// However, you can update the CustomKeyStoreName, XksProxyAuthenticationCredential, +// and XksProxyUriPath of an external key store when it is in the CONNECTED +// or DISCONNECTED state. +// +// If your update requires a DISCONNECTED state, before using UpdateCustomKeyStore, +// use the DisconnectCustomKeyStore operation to disconnect the custom key store. +// After the UpdateCustomKeyStore operation completes, use the ConnectCustomKeyStore +// to reconnect the custom key store. To find the ConnectionState of the custom +// key store, use the DescribeCustomKeyStores operation. +// +// Before updating the custom key store, verify that the new values allow KMS +// to connect the custom key store to its backing key store. For example, before +// you change the XksProxyUriPath value, verify that the external key store +// proxy is reachable at the new path. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. -// // Cross-account use: No. You cannot perform this operation on a custom key // store in a different Amazon Web Services account. // @@ -7555,15 +8136,16 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // - CloudHsmClusterNotRelatedException // The request was rejected because the specified CloudHSM cluster has a different // cluster certificate than the original cluster. You cannot use the operation -// to specify an unrelated cluster. +// to specify an unrelated cluster for an CloudHSM key store. // -// Specify a cluster that shares a backup history with the original cluster. -// This includes clusters that were created from a backup of the current cluster, -// and clusters that were created from the same backup that produced the current -// cluster. +// Specify an CloudHSM cluster that shares a backup history with the original +// cluster. This includes clusters that were created from a backup of the current +// cluster, and clusters that were created from the same backup that produced +// the current cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // - CustomKeyStoreInvalidStateException @@ -7573,60 +8155,126 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // // - CloudHsmClusterNotActiveException -// The request was rejected because the CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. // // - CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the CloudHSM User Guide . // +// - XksProxyUriInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with an external key store in the +// Amazon Web Services account and Region. Each external key store in an account +// and Region must use a unique external key store proxy API address. +// +// - XksProxyUriEndpointInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an account and Region must +// use a unique external key store proxy address. +// +// - XksProxyUriUnreachableException +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +// +// - XksProxyIncorrectAuthenticationCredentialException +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +// +// - XksProxyVpcEndpointServiceInUseException +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an Amazon Web Services account +// and Region must use a different Amazon VPC endpoint service. +// +// - XksProxyVpcEndpointServiceNotFoundException +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +// +// - XksProxyVpcEndpointServiceInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +// +// - XksProxyInvalidResponseException +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +// +// - XksProxyInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) { req, out := c.UpdateCustomKeyStoreRequest(input) @@ -7730,8 +8378,8 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -7741,10 +8389,18 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { req, out := c.UpdateKeyDescriptionRequest(input) @@ -7902,10 +8558,18 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - InternalException // The request was rejected because an internal exception occurred. The request // can be retried. @@ -8004,15 +8668,16 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // You can also verify the digital signature by using the public key of the // KMS key outside of KMS. Use the GetPublicKey operation to download the public // key in the asymmetric KMS key and then use the public key to verify the signature -// outside of KMS. To verify a signature outside of KMS with an SM2 public key, -// you must specify the distinguishing ID. By default, KMS uses 1234567812345678 +// outside of KMS. The advantage of using the Verify operation is that it is +// performed within KMS. As a result, it's easy to call, the operation is performed +// within the FIPS boundary, it is logged in CloudTrail, and you can use key +// policy and IAM policy to determine who is authorized to use the KMS key to +// verify signatures. +// +// To verify a signature outside of KMS with an SM2 public key (China Regions +// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 // as the distinguishing ID. For more information, see Offline verification -// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification) -// in Key Management Service Developer Guide. The advantage of using the Verify -// operation is that it is performed within KMS. As a result, it's easy to call, -// the operation is performed within the FIPS boundary, it is logged in CloudTrail, -// and you can use key policy and IAM policy to determine who is authorized -// to use the KMS key to verify signatures. +// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -8048,8 +8713,8 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -8079,10 +8744,18 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - KMSInvalidSignatureException // The request was rejected because the signature verification failed. Signature // verification fails when it cannot confirm that signature was produced by @@ -8157,10 +8830,12 @@ func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, out // message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes // an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify, // and compares the computed HMAC to the HMAC that you specify. If the HMACs -// are identical, the verification succeeds; otherwise, it fails. +// are identical, the verification succeeds; otherwise, it fails. Verification +// indicates that the message hasn't changed since the HMAC was calculated, +// and the specified key was used to generate and verify the HMAC. // -// Verification indicates that the message hasn't changed since the HMAC was -// calculated, and the specified key was used to generate and verify the HMAC. +// HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards +// defined in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). // // This operation is part of KMS support for HMAC KMS keys. For details, see // HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) @@ -8232,10 +8907,18 @@ func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, out // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/VerifyMac func (c *KMS) VerifyMac(input *VerifyMacInput) (*VerifyMacOutput, error) { req, out := c.VerifyMacRequest(input) @@ -8486,12 +9169,13 @@ func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput { } // The request was rejected because the specified CloudHSM cluster is already -// associated with a custom key store or it shares a backup history with a cluster -// that is associated with a custom key store. Each custom key store must be -// associated with a different CloudHSM cluster. +// associated with an CloudHSM key store in the account, or it shares a backup +// history with an CloudHSM key store in the account. Each CloudHSM key store +// in the account must be associated with a different CloudHSM cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. type CloudHsmClusterInUseException struct { _ struct{} `type:"structure"` @@ -8557,29 +9241,29 @@ func (s *CloudHsmClusterInUseException) RequestID() string { } // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, @@ -8648,10 +9332,9 @@ func (s *CloudHsmClusterInvalidConfigurationException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. type CloudHsmClusterNotActiveException struct { _ struct{} `type:"structure"` @@ -8783,15 +9466,16 @@ func (s *CloudHsmClusterNotFoundException) RequestID() string { // The request was rejected because the specified CloudHSM cluster has a different // cluster certificate than the original cluster. You cannot use the operation -// to specify an unrelated cluster. +// to specify an unrelated cluster for an CloudHSM key store. // -// Specify a cluster that shares a backup history with the original cluster. -// This includes clusters that were created from a backup of the current cluster, -// and clusters that were created from the same backup that produced the current -// cluster. +// Specify an CloudHSM cluster that shares a backup history with the original +// cluster. This includes clusters that were created from a backup of the current +// cluster, and clusters that were created from the same backup that produced +// the current cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. type CloudHsmClusterNotRelatedException struct { _ struct{} `type:"structure"` @@ -9042,18 +9726,33 @@ func (s CreateAliasOutput) GoString() string { type CreateCustomKeyStoreInput struct { _ struct{} `type:"structure"` - // Identifies the CloudHSM cluster for the custom key store. Enter the cluster - // ID of any active CloudHSM cluster that is not already associated with a custom - // key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // Identifies the CloudHSM cluster for an CloudHSM key store. This parameter + // is required for custom key stores with CustomKeyStoreType of AWS_CLOUDHSM. + // + // Enter the cluster ID of any active CloudHSM cluster that is not already associated + // with a custom key store. To find the cluster ID, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. CloudHsmClusterId *string `min:"19" type:"string"` // Specifies a friendly name for the custom key store. The name must be unique - // in your Amazon Web Services account. + // in your Amazon Web Services account and Region. This parameter is required + // for all custom key stores. // // CustomKeyStoreName is a required field CustomKeyStoreName *string `min:"1" type:"string" required:"true"` + // Specifies the type of custom key store. The default value is AWS_CLOUDHSM. + // + // For a custom key store backed by an CloudHSM cluster, omit the parameter + // or enter AWS_CLOUDHSM. For a custom key store backed by an external key manager + // outside of Amazon Web Services, enter EXTERNAL_KEY_STORE. You cannot change + // this property after the key store is created. + CustomKeyStoreType *string `type:"string" enum:"CustomKeyStoreType"` + + // Specifies the kmsuser password for an CloudHSM key store. This parameter + // is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. + // // Enter the password of the kmsuser crypto user (CU) account (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) // in the specified CloudHSM cluster. KMS logs into the cluster as this user // to manage key material on your behalf. @@ -9068,10 +9767,118 @@ type CreateCustomKeyStoreInput struct { // String and GoString methods. KeyStorePassword *string `min:"7" type:"string" sensitive:"true"` - // Enter the content of the trust anchor certificate for the cluster. This is - // the content of the customerCA.crt file that you created when you initialized - // the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). + // Specifies the certificate for an CloudHSM key store. This parameter is required + // for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. + // + // Enter the content of the trust anchor certificate for the CloudHSM cluster. + // This is the content of the customerCA.crt file that you created when you + // initialized the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). TrustAnchorCertificate *string `min:"1" type:"string"` + + // Specifies an authentication credential for the external key store proxy (XKS + // proxy). This parameter is required for all custom key stores with a CustomKeyStoreType + // of EXTERNAL_KEY_STORE. + // + // The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, + // a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. + // For character requirements, see XksProxyAuthenticationCredentialType (kms/latest/APIReference/API_XksProxyAuthenticationCredentialType.html). + // + // KMS uses this authentication credential to sign requests to the external + // key store proxy on your behalf. This credential is unrelated to Identity + // and Access Management (IAM) and Amazon Web Services credentials. + // + // This parameter doesn't set or change the authentication credentials on the + // XKS proxy. It just tells KMS the credential that you established on your + // external key store proxy. If you rotate your proxy authentication credential, + // use the UpdateCustomKeyStore operation to provide the new credential to KMS. + XksProxyAuthenticationCredential *XksProxyAuthenticationCredentialType `type:"structure"` + + // Indicates how KMS communicates with the external key store proxy. This parameter + // is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. + // If the external key store proxy uses a Amazon VPC endpoint service for communication + // with KMS, specify VPC_ENDPOINT_SERVICE. For help making this choice, see + // Choosing a connectivity option (https://docs.aws.amazon.com/kms/latest/developerguide/plan-xks-keystore.html#choose-xks-connectivity) + // in the Key Management Service Developer Guide. + // + // An Amazon VPC endpoint service keeps your communication with KMS in a private + // address space entirely within Amazon Web Services, but it requires more configuration, + // including establishing a Amazon VPC with multiple subnets, a VPC endpoint + // service, a network load balancer, and a verified private DNS name. A public + // endpoint is simpler to set up, but it might be slower and might not fulfill + // your security requirements. You might consider testing with a public endpoint, + // and then establishing a VPC endpoint service for production tasks. Note that + // this choice does not determine the location of the external key store proxy. + // Even if you choose a VPC endpoint service, the proxy can be hosted within + // the VPC or outside of Amazon Web Services such as in your corporate data + // center. + XksProxyConnectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // Specifies the endpoint that KMS uses to send requests to the external key + // store proxy (XKS proxy). This parameter is required for custom key stores + // with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // The protocol must be HTTPS. KMS communicates on port 443. Do not specify + // the port in the XksProxyUriEndpoint value. + // + // For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, + // specify https:// followed by the private DNS name of the VPC endpoint service. + // + // For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint + // must be reachable before you create the custom key store. KMS connects to + // the external key store proxy while creating the custom key store. For external + // key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you + // call the ConnectCustomKeyStore operation. + // + // The value of this parameter must begin with https://. The remainder can contain + // upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.), and + // hyphens (-). Additional slashes (/ and \) are not permitted. + // + // Uniqueness requirements: + // + // * The combined XksProxyUriEndpoint and XksProxyUriPath values must be + // unique in the Amazon Web Services account and Region. + // + // * An external key store with PUBLIC_ENDPOINT connectivity cannot use the + // same XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE + // connectivity in the same Amazon Web Services Region. + // + // * Each external key store with VPC_ENDPOINT_SERVICE connectivity must + // have its own private DNS name. The XksProxyUriEndpoint value for external + // key stores with VPC_ENDPOINT_SERVICE connectivity (private DNS name) must + // be unique in the Amazon Web Services account and Region. + XksProxyUriEndpoint *string `min:"10" type:"string"` + + // Specifies the base path to the proxy APIs for this external key store. To + // find this value, see the documentation for your external key store proxy. + // This parameter is required for all custom key stores with a CustomKeyStoreType + // of EXTERNAL_KEY_STORE. + // + // The value must start with / and must end with /kms/xks/v1 where v1 represents + // the version of the KMS external key store proxy API. This path can include + // an optional prefix between the required elements such as /prefix/kms/xks/v1. + // + // Uniqueness requirements: + // + // * The combined XksProxyUriEndpoint and XksProxyUriPath values must be + // unique in the Amazon Web Services account and Region. + XksProxyUriPath *string `min:"10" type:"string"` + + // Specifies the name of the Amazon VPC endpoint service for interface endpoints + // that is used to communicate with your external key store proxy (XKS proxy). + // This parameter is required when the value of CustomKeyStoreType is EXTERNAL_KEY_STORE + // and the value of XksProxyConnectivity is VPC_ENDPOINT_SERVICE. + // + // The Amazon VPC endpoint service must fulfill all requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements) + // for use with an external key store. + // + // Uniqueness requirements: + // + // * External key stores with VPC_ENDPOINT_SERVICE connectivity can share + // an Amazon VPC, but each external key store must have its own VPC endpoint + // service and private DNS name. + XksProxyVpcEndpointServiceName *string `min:"20" type:"string"` } // String returns the string representation. @@ -9110,6 +9917,20 @@ func (s *CreateCustomKeyStoreInput) Validate() error { if s.TrustAnchorCertificate != nil && len(*s.TrustAnchorCertificate) < 1 { invalidParams.Add(request.NewErrParamMinLen("TrustAnchorCertificate", 1)) } + if s.XksProxyUriEndpoint != nil && len(*s.XksProxyUriEndpoint) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriEndpoint", 10)) + } + if s.XksProxyUriPath != nil && len(*s.XksProxyUriPath) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriPath", 10)) + } + if s.XksProxyVpcEndpointServiceName != nil && len(*s.XksProxyVpcEndpointServiceName) < 20 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyVpcEndpointServiceName", 20)) + } + if s.XksProxyAuthenticationCredential != nil { + if err := s.XksProxyAuthenticationCredential.Validate(); err != nil { + invalidParams.AddNested("XksProxyAuthenticationCredential", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -9129,6 +9950,12 @@ func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreName(v string) *CreateCusto return s } +// SetCustomKeyStoreType sets the CustomKeyStoreType field's value. +func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreType(v string) *CreateCustomKeyStoreInput { + s.CustomKeyStoreType = &v + return s +} + // SetKeyStorePassword sets the KeyStorePassword field's value. func (s *CreateCustomKeyStoreInput) SetKeyStorePassword(v string) *CreateCustomKeyStoreInput { s.KeyStorePassword = &v @@ -9141,8 +9968,38 @@ func (s *CreateCustomKeyStoreInput) SetTrustAnchorCertificate(v string) *CreateC return s } -type CreateCustomKeyStoreOutput struct { - _ struct{} `type:"structure"` +// SetXksProxyAuthenticationCredential sets the XksProxyAuthenticationCredential field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyAuthenticationCredential(v *XksProxyAuthenticationCredentialType) *CreateCustomKeyStoreInput { + s.XksProxyAuthenticationCredential = v + return s +} + +// SetXksProxyConnectivity sets the XksProxyConnectivity field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyConnectivity(v string) *CreateCustomKeyStoreInput { + s.XksProxyConnectivity = &v + return s +} + +// SetXksProxyUriEndpoint sets the XksProxyUriEndpoint field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyUriEndpoint(v string) *CreateCustomKeyStoreInput { + s.XksProxyUriEndpoint = &v + return s +} + +// SetXksProxyUriPath sets the XksProxyUriPath field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyUriPath(v string) *CreateCustomKeyStoreInput { + s.XksProxyUriPath = &v + return s +} + +// SetXksProxyVpcEndpointServiceName sets the XksProxyVpcEndpointServiceName field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyVpcEndpointServiceName(v string) *CreateCustomKeyStoreInput { + s.XksProxyVpcEndpointServiceName = &v + return s +} + +type CreateCustomKeyStoreOutput struct { + _ struct{} `type:"structure"` // A unique identifier for the new custom key store. CustomKeyStoreId *string `min:"1" type:"string"` @@ -9446,31 +10303,25 @@ type CreateKeyInput struct { // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // and the key material in its associated CloudHSM cluster. To create a KMS - // key in a custom key store, you must also specify the Origin parameter with - // a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the - // custom key store must have at least two active HSMs, each in a different - // Availability Zone in the Region. + // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // The ConnectionState of the custom key store must be CONNECTED. To find the + // CustomKeyStoreID and ConnectionState use the DescribeCustomKeyStores operation. // // This parameter is valid only for symmetric encryption KMS keys in a single // Region. You cannot create any other type of KMS key in a custom key store. // - // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. - // - // The response includes the custom key store ID and the ID of the CloudHSM - // cluster. - // - // This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // feature in KMS, which combines the convenience and extensive integration - // of KMS with the isolation and control of a single-tenant key store. + // When you create a KMS key in an CloudHSM key store, KMS generates a non-exportable + // 256-bit symmetric key in its associated CloudHSM cluster and associates it + // with the KMS key. When you create a KMS key in an external key store, you + // must use the XksKeyId parameter to specify an external key that serves as + // key material for the KMS key. CustomKeyStoreId *string `min:"1" type:"string"` // Instead, use the KeySpec parameter. // // The KeySpec and CustomerMasterKeySpec parameters work the same way. Only // the names differ. We recommend that you use KeySpec parameter in your code. - // However, to avoid breaking changes, KMS will support both parameters. + // However, to avoid breaking changes, KMS supports both parameters. // // Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter. CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` @@ -9491,11 +10342,11 @@ type CreateKeyInput struct { // in the Key Management Service Developer Guide . // // The KeySpec determines whether the KMS key contains a symmetric key or an - // asymmetric key pair. It also determines the cryptographic algorithms that - // the KMS key supports. You can't change the KeySpec after the KMS key is created. - // To further restrict the algorithms that can be used with the KMS key, use - // a condition key in its key policy or IAM policy. For more information, see - // kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm), + // asymmetric key pair. It also determines the algorithms that the KMS key supports. + // You can't change the KeySpec after the KMS key is created. To further restrict + // the algorithms that can be used with the KMS key, use a condition key in + // its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm + // (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm), // kms:MacAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm) // or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) // in the Key Management Service Developer Guide . @@ -9561,36 +10412,37 @@ type CreateKeyInput struct { // This value creates a primary key, not a replica. To create a replica key, // use the ReplicateKey operation. // - // You can create a multi-Region version of a symmetric encryption KMS key, - // an HMAC KMS key, an asymmetric KMS key, or a KMS key with imported key material. - // However, you cannot create a multi-Region key in a custom key store. + // You can create a symmetric or asymmetric multi-Region key, and you can create + // a multi-Region key with imported key material. However, you cannot create + // a multi-Region key in a custom key store. MultiRegion *bool `type:"boolean"` // The source of the key material for the KMS key. You cannot change the origin // after you create the KMS key. The default is AWS_KMS, which means that KMS // creates the key material. // - // To create a KMS key with no key material (for imported key material), set - // the value to EXTERNAL. For more information about importing key material - // into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) - // in the Key Management Service Developer Guide. This value is valid only for - // symmetric encryption KMS keys. + // To create a KMS key with no key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) + // (for imported key material), set this value to EXTERNAL. For more information + // about importing key material into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) + // in the Key Management Service Developer Guide. The EXTERNAL origin value + // is valid only for symmetric KMS keys. // - // To create a KMS key in an KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) + // To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) // and create its key material in the associated CloudHSM cluster, set this // value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to - // identify the custom key store. This value is valid only for symmetric encryption - // KMS keys. + // identify the CloudHSM key store. The KeySpec value must be SYMMETRIC_DEFAULT. + // + // To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html), + // set this value to EXTERNAL_KEY_STORE. You must also use the CustomKeyStoreId + // parameter to identify the external key store and the XksKeyId parameter to + // identify the associated external key. The KeySpec value must be SYMMETRIC_DEFAULT. Origin *string `type:"string" enum:"OriginType"` - // The key policy to attach to the KMS key. If you do not specify a key policy, - // KMS attaches a default key policy to the KMS key. For more information, see - // Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) - // in the Key Management Service Developer Guide. + // The key policy to attach to the KMS key. // // If you provide a key policy, it must meet the following criteria: // - // * If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy + // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy // must allow the principal that is making the CreateKey request to make // a subsequent PutKeyPolicy request on the KMS key. This reduces the risk // that the KMS key becomes unmanageable. For more information, refer to @@ -9606,20 +10458,14 @@ type CreateKeyInput struct { // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the Amazon Web Services Identity and Access Management User Guide. // - // A key policy document can include only the following characters: - // - // * Printable ASCII characters from the space character (\u0020) through - // the end of the ASCII character range. - // - // * Printable characters in the Basic Latin and Latin-1 Supplement character - // set (through \u00FF). + // If you do not provide a key policy, KMS attaches a default key policy to + // the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // in the Key Management Service Developer Guide. // - // * The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special - // characters + // The key policy size quota is 32 kilobytes (32768 bytes). // - // For information about key policies, see Key policies in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) - // in the Key Management Service Developer Guide. For help writing and formatting - // a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) + // For help writing and formatting a JSON policy document, see the IAM JSON + // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) // in the Identity and Access Management User Guide . Policy *string `min:"1" type:"string"` @@ -9627,7 +10473,7 @@ type CreateKeyInput struct { // key when it is created. To tag an existing KMS key, use the TagResource operation. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. - // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) @@ -9644,6 +10490,33 @@ type CreateKeyInput struct { // Tags can also be used to control access to a KMS key. For details, see Tagging // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). Tags []*Tag `type:"list"` + + // Identifies the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) + // that serves as key material for the KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html). + // Specify the ID that the external key store proxy (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy) + // uses to refer to the external key. For help, see the documentation for your + // external key store proxy. + // + // This parameter is required for a KMS key with an Origin value of EXTERNAL_KEY_STORE. + // It is not valid for KMS keys with any other Origin value. + // + // The external key must be an existing 256-bit AES symmetric encryption key + // hosted outside of Amazon Web Services in an external key manager associated + // with the external key store specified by the CustomKeyStoreId parameter. + // This key must be enabled and configured to perform encryption and decryption. + // Each KMS key in an external key store must use a different external key. + // For details, see Requirements for a KMS key in an external key store (https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements) + // in the Key Management Service Developer Guide. + // + // Each KMS key in an external key store is associated two backing keys. One + // is key material that KMS generates. The other is the external key specified + // by this parameter. When you use the KMS key in an external key store to encrypt + // data, the encryption operation is performed first by KMS using the KMS key + // material, and then by the external key manager using the specified external + // key, a process known as double encryption. For details, see Double encryption + // (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption) + // in the Key Management Service Developer Guide. + XksKeyId *string `min:"1" type:"string"` } // String returns the string representation. @@ -9673,6 +10546,9 @@ func (s *CreateKeyInput) Validate() error { if s.Policy != nil && len(*s.Policy) < 1 { invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) } + if s.XksKeyId != nil && len(*s.XksKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("XksKeyId", 1)) + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -9750,6 +10626,12 @@ func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput { return s } +// SetXksKeyId sets the XksKeyId field's value. +func (s *CreateKeyInput) SetXksKeyId(v string) *CreateKeyInput { + s.XksKeyId = &v + return s +} + type CreateKeyOutput struct { _ struct{} `type:"structure"` @@ -9854,17 +10736,27 @@ func (s *CustomKeyStoreHasCMKsException) RequestID() string { // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. type CustomKeyStoreInvalidStateException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -10064,39 +10956,53 @@ func (s *CustomKeyStoreNotFoundException) RequestID() string { type CustomKeyStoresListEntry struct { _ struct{} `type:"structure"` - // A unique identifier for the CloudHSM cluster that is associated with the - // custom key store. + // A unique identifier for the CloudHSM cluster that is associated with an CloudHSM + // key store. This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM. CloudHsmClusterId *string `min:"19" type:"string"` // Describes the connection error. This field appears in the response only when - // the ConnectionState is FAILED. For help resolving these errors, see How to - // Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) - // in Key Management Service Developer Guide. - // - // Valid values are: + // the ConnectionState is FAILED. // - // * CLUSTER_NOT_FOUND - KMS cannot find the CloudHSM cluster with the specified - // cluster ID. + // Many failures can be resolved by updating the properties of the custom key + // store. To update a custom key store, disconnect it (DisconnectCustomKeyStore), + // correct the errors (UpdateCustomKeyStore), and try to connect again (ConnectCustomKeyStore). + // For additional help resolving these errors, see How to Fix a Connection Failure + // (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in Key Management Service Developer Guide. // - // * INSUFFICIENT_CLOUDHSM_HSMS - The associated CloudHSM cluster does not - // contain any active HSMs. To connect a custom key store to its CloudHSM - // cluster, the cluster must contain at least one active HSM. + // All custom key stores: // - // * INTERNAL_ERROR - KMS could not complete the request due to an internal + // * INTERNAL_ERROR — KMS could not complete the request due to an internal // error. Retry the request. For ConnectCustomKeyStore requests, disconnect // the custom key store before trying to connect again. // - // * INVALID_CREDENTIALS - KMS does not have the correct password for the - // kmsuser crypto user in the CloudHSM cluster. Before you can connect your - // custom key store to its CloudHSM cluster, you must change the kmsuser - // account password and update the key store password value for the custom - // key store. + // * NETWORK_ERRORS — Network errors are preventing KMS from connecting + // the custom key store to its backing key store. // - // * NETWORK_ERRORS - Network errors are preventing KMS from connecting to - // the custom key store. + // CloudHSM key stores: + // + // * CLUSTER_NOT_FOUND — KMS cannot find the CloudHSM cluster with the + // specified cluster ID. + // + // * INSUFFICIENT_CLOUDHSM_HSMS — The associated CloudHSM cluster does + // not contain any active HSMs. To connect a custom key store to its CloudHSM + // cluster, the cluster must contain at least one active HSM. // - // * SUBNET_NOT_FOUND - A subnet in the CloudHSM cluster configuration was - // deleted. If KMS cannot find all of the subnets in the cluster configuration, + // * INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET — At least one private subnet + // associated with the CloudHSM cluster doesn't have any available IP addresses. + // A CloudHSM key store connection requires one free IP address in each of + // the associated private subnets, although two are preferable. For details, + // see How to Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in the Key Management Service Developer Guide. + // + // * INVALID_CREDENTIALS — The KeyStorePassword for the custom key store + // doesn't match the current password of the kmsuser crypto user in the CloudHSM + // cluster. Before you can connect your custom key store to its CloudHSM + // cluster, you must change the kmsuser account password and update the KeyStorePassword + // value for the custom key store. + // + // * SUBNET_NOT_FOUND — A subnet in the CloudHSM cluster configuration + // was deleted. If KMS cannot find all of the subnets in the cluster configuration, // attempts to connect the custom key store to the CloudHSM cluster fail. // To fix this error, create a cluster from a recent backup and associate // it with your custom key store. (This process creates a new cluster configuration @@ -10104,13 +11010,13 @@ type CustomKeyStoresListEntry struct { // Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) // in the Key Management Service Developer Guide. // - // * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated + // * USER_LOCKED_OUT — The kmsuser CU account is locked out of the associated // CloudHSM cluster due to too many failed password attempts. Before you // can connect your custom key store to its CloudHSM cluster, you must change // the kmsuser account password and update the key store password value for // the custom key store. // - // * USER_LOGGED_IN - The kmsuser CU account is logged into the the associated + // * USER_LOGGED_IN — The kmsuser CU account is logged into the associated // CloudHSM cluster. This prevents KMS from rotating the kmsuser account // password and logging into the cluster. Before you can connect your custom // key store to its CloudHSM cluster, you must log the kmsuser CU out of @@ -10119,27 +11025,94 @@ type CustomKeyStoresListEntry struct { // store. For help, see How to Log Out and Reconnect (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2) // in the Key Management Service Developer Guide. // - // * USER_NOT_FOUND - KMS cannot find a kmsuser CU account in the associated + // * USER_NOT_FOUND — KMS cannot find a kmsuser CU account in the associated // CloudHSM cluster. Before you can connect your custom key store to its // CloudHSM cluster, you must create a kmsuser CU account in the cluster, // and then update the key store password value for the custom key store. + // + // External key stores: + // + // * INVALID_CREDENTIALS — One or both of the XksProxyAuthenticationCredential + // values is not valid on the specified external key store proxy. + // + // * XKS_PROXY_ACCESS_DENIED — KMS requests are denied access to the external + // key store proxy. If the external key store proxy has authorization rules, + // verify that they permit KMS to communicate with the proxy on your behalf. + // + // * XKS_PROXY_INVALID_CONFIGURATION — A configuration error is preventing + // the external key store from connecting to its proxy. Verify the value + // of the XksProxyUriPath. + // + // * XKS_PROXY_INVALID_RESPONSE — KMS cannot interpret the response from + // the external key store proxy. If you see this connection error code repeatedly, + // notify your external key store proxy vendor. + // + // * XKS_PROXY_INVALID_TLS_CONFIGURATION — KMS cannot connect to the external + // key store proxy because the TLS configuration is invalid. Verify that + // the XKS proxy supports TLS 1.2 or 1.3. Also, verify that the TLS certificate + // is not expired, and that it matches the hostname in the XksProxyUriEndpoint + // value, and that it is signed by a certificate authority included in the + // Trusted Certificate Authorities (https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/TrustedCertificateAuthorities) + // list. + // + // * XKS_PROXY_NOT_REACHABLE — KMS can't communicate with your external + // key store proxy. Verify that the XksProxyUriEndpoint and XksProxyUriPath + // are correct. Use the tools for your external key store proxy to verify + // that the proxy is active and available on its network. Also, verify that + // your external key manager instances are operating properly. Connection + // attempts fail with this connection error code if the proxy reports that + // all external key manager instances are unavailable. + // + // * XKS_PROXY_TIMED_OUT — KMS can connect to the external key store proxy, + // but the proxy does not respond to KMS in the time allotted. If you see + // this connection error code repeatedly, notify your external key store + // proxy vendor. + // + // * XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION — The Amazon VPC endpoint + // service configuration doesn't conform to the requirements for an KMS external + // key store. The VPC endpoint service must be an endpoint service for interface + // endpoints in the caller's Amazon Web Services account. It must have a + // network load balancer (NLB) connected to at least two subnets, each in + // a different Availability Zone. The Allow principals list must include + // the KMS service principal for the Region, cks.kms..amazonaws.com, + // such as cks.kms.us-east-1.amazonaws.com. It must not require acceptance + // (https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html) + // of connection requests. It must have a private DNS name. The private DNS + // name for an external key store with VPC_ENDPOINT_SERVICE connectivity + // must be unique in its Amazon Web Services Region. The domain of the private + // DNS name must have a verification status (https://docs.aws.amazon.com/vpc/latest/privatelink/verify-domains.html) + // of verified. The TLS certificate (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html) + // specifies the private DNS hostname at which the endpoint is reachable. + // + // * XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND — KMS can't find the VPC endpoint + // service that it uses to communicate with the external key store proxy. + // Verify that the XksProxyVpcEndpointServiceName is correct and the KMS + // service principal has service consumer permissions on the Amazon VPC endpoint + // service. ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"` - // Indicates whether the custom key store is connected to its CloudHSM cluster. + // Indicates whether the custom key store is connected to its backing key store. + // For an CloudHSM key store, the ConnectionState indicates whether it is connected + // to its CloudHSM cluster. For an external key store, the ConnectionState indicates + // whether it is connected to the external key store proxy that communicates + // with your external key manager. // - // You can create and use KMS keys in your custom key stores only when its connection - // state is CONNECTED. + // You can create and use KMS keys in your custom key stores only when its ConnectionState + // is CONNECTED. // - // The value is DISCONNECTED if the key store has never been connected or you - // use the DisconnectCustomKeyStore operation to disconnect it. If the value - // is CONNECTED but you are having trouble using the custom key store, make - // sure that its associated CloudHSM cluster is active and contains at least - // one active HSM. + // The ConnectionState value is DISCONNECTED only if the key store has never + // been connected or you use the DisconnectCustomKeyStore operation to disconnect + // it. If the value is CONNECTED but you are having trouble using the custom + // key store, make sure that the backing key store is reachable and active. + // For an CloudHSM key store, verify that its associated CloudHSM cluster is + // active and contains at least one active HSM. For an external key store, verify + // that the external key store proxy and external key manager are connected + // and enabled. // // A value of FAILED indicates that an attempt to connect was unsuccessful. // The ConnectionErrorCode field in the response indicates the cause of the - // failure. For help resolving a connection failure, see Troubleshooting a Custom - // Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) + // failure. For help resolving a connection failure, see Troubleshooting a custom + // key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the Key Management Service Developer Guide. ConnectionState *string `type:"string" enum:"ConnectionStateType"` @@ -10152,10 +11125,26 @@ type CustomKeyStoresListEntry struct { // The user-specified friendly name for the custom key store. CustomKeyStoreName *string `min:"1" type:"string"` - // The trust anchor certificate of the associated CloudHSM cluster. When you - // initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // Indicates the type of the custom key store. AWS_CLOUDHSM indicates a custom + // key store backed by an CloudHSM cluster. EXTERNAL_KEY_STORE indicates a custom + // key store backed by an external key store proxy and external key manager + // outside of Amazon Web Services. + CustomKeyStoreType *string `type:"string" enum:"CustomKeyStoreType"` + + // The trust anchor certificate of the CloudHSM cluster associated with an CloudHSM + // key store. When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create this certificate and save it in the customerCA.crt file. + // + // This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM. TrustAnchorCertificate *string `min:"1" type:"string"` + + // Configuration settings for the external key store proxy (XKS proxy). The + // external key store proxy translates KMS requests into a format that your + // external key manager can understand. The proxy configuration includes connection + // information that KMS requires. + // + // This field appears only when the CustomKeyStoreType is EXTERNAL_KEY_STORE. + XksProxyConfiguration *XksProxyConfigurationType `type:"structure"` } // String returns the string representation. @@ -10212,12 +11201,24 @@ func (s *CustomKeyStoresListEntry) SetCustomKeyStoreName(v string) *CustomKeySto return s } +// SetCustomKeyStoreType sets the CustomKeyStoreType field's value. +func (s *CustomKeyStoresListEntry) SetCustomKeyStoreType(v string) *CustomKeyStoresListEntry { + s.CustomKeyStoreType = &v + return s +} + // SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value. func (s *CustomKeyStoresListEntry) SetTrustAnchorCertificate(v string) *CustomKeyStoresListEntry { s.TrustAnchorCertificate = &v return s } +// SetXksProxyConfiguration sets the XksProxyConfiguration field's value. +func (s *CustomKeyStoresListEntry) SetXksProxyConfiguration(v *XksProxyConfigurationType) *CustomKeyStoresListEntry { + s.XksProxyConfiguration = v + return s +} + type DecryptInput struct { _ struct{} `type:"structure"` @@ -10643,8 +11644,8 @@ func (s DeleteImportedKeyMaterialOutput) GoString() string { return s.String() } -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. type DependencyTimeoutException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -10716,8 +11717,8 @@ type DescribeCustomKeyStoresInput struct { // // By default, this operation gets information about all custom key stores in // the account and Region. To limit the output to a particular custom key store, - // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, - // but not both. + // provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but + // not both. CustomKeyStoreId *string `min:"1" type:"string"` // Gets only information about the specified custom key store. Enter the friendly @@ -10725,8 +11726,8 @@ type DescribeCustomKeyStoresInput struct { // // By default, this operation gets information about all custom key stores in // the account and Region. To limit the output to a particular custom key store, - // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, - // but not both. + // provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but + // not both. CustomKeyStoreName *string `min:"1" type:"string"` // Use this parameter to specify the maximum number of items to return. When @@ -11361,13 +12362,13 @@ func (s EnableKeyOutput) GoString() string { type EnableKeyRotationInput struct { _ struct{} `type:"structure"` - // Identifies a symmetric encryption KMS key. You cannot enable or disable automatic - // rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), + // Identifies a symmetric encryption KMS key. You cannot enable automatic rotation + // of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). - // The key rotation status of these KMS keys is always false. To enable or disable - // automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), + // To enable or disable automatic rotation of a set of related multi-Region + // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // // Specify the key ID or key ARN of the KMS key. @@ -11455,6 +12456,8 @@ type EncryptInput struct { // This parameter is required only for asymmetric KMS keys. The default value, // SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys. // If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256. + // + // The SM2PKE algorithm is only available in China Regions. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies the encryption context that will be used to encrypt the data. An @@ -11963,8 +12966,7 @@ type GenerateDataKeyPairInput struct { // encrypt and decrypt or to sign and verify (but not both), and the rule that // permits you to use ECC KMS keys only to sign and verify, are not effective // on data key pairs, which are used outside of KMS. The SM2 key spec is only - // available in China Regions. RSA and ECC asymmetric key pairs are also available - // in China Regions. + // available in China Regions. // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` @@ -12169,8 +13171,7 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // encrypt and decrypt or to sign and verify (but not both), and the rule that // permits you to use ECC KMS keys only to sign and verify, are not effective // on data key pairs, which are used outside of KMS. The SM2 key spec is only - // available in China Regions. RSA and ECC asymmetric key pairs are also available - // in China Regions. + // available in China Regions. // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` @@ -12592,8 +13593,10 @@ type GenerateMacOutput struct { // The HMAC KMS key used in the operation. KeyId *string `min:"1" type:"string"` - // The hash-based message authentication code (HMAC) for the given message, - // key, and MAC algorithm. + // The hash-based message authentication code (HMAC) that was generated for + // the specified message, HMAC KMS key, and MAC algorithm. + // + // This is the standard, raw HMAC defined in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). // Mac is automatically base64 encoded/decoded by the SDK. Mac []byte `min:"1" type:"blob"` @@ -12641,8 +13644,11 @@ type GenerateRandomInput struct { _ struct{} `type:"structure"` // Generates the random byte string in the CloudHSM cluster that is associated - // with the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). - // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. + // with the specified CloudHSM key store. To find the ID of a custom key store, + // use the DescribeCustomKeyStores operation. + // + // External key store IDs are not valid for this parameter. If you specify the + // ID of an external key store, GenerateRandom throws an UnsupportedOperationException. CustomKeyStoreId *string `min:"1" type:"string"` // The length of the random byte string. This parameter is required. @@ -13183,7 +14189,7 @@ type GetPublicKeyOutput struct { // // The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend // that you use the KeySpec field in your code. However, to avoid breaking changes, - // KMS will support both fields. + // KMS supports both fields. // // Deprecated: This field has been deprecated. Instead, use the KeySpec field. CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` @@ -13293,10 +14299,10 @@ func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutp // // KMS applies the grant constraints only to cryptographic operations that support // an encryption context, that is, all cryptographic operations with a symmetric -// encryption KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). +// KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). // Grant constraints are not applied to operations that do not support an encryption -// context, such as cryptographic operations with HMAC KMS keys or asymmetric -// KMS keys, and management operations, such as DescribeKey or RetireGrant. +// context, such as cryptographic operations with asymmetric KMS keys and management +// operations, such as DescribeKey or RetireGrant. // // In a cryptographic operation, the encryption context in the decryption operation // must be an exact, case-sensitive match for the keys and values in the encryption @@ -13481,9 +14487,15 @@ type ImportKeyMaterialInput struct { // EncryptedKeyMaterial is a required field EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"` - // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES, - // in which case you must include the ValidTo parameter. When this parameter - // is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter. + // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. + // + // When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify + // a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, + // you must omit the ValidTo parameter. + // + // You cannot change the ExpirationModel or ValidTo values for the current import + // after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) + // and reimport the key material. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` // The import token that you received in the response to a previous GetParametersForImport @@ -13514,10 +14526,20 @@ type ImportKeyMaterialInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The time at which the imported key material expires. When the key material - // expires, KMS deletes the key material and the KMS key becomes unusable. You - // must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE. - // Otherwise it is required. + // The date and time when the imported key material expires. This parameter + // is required when the value of the ExpirationModel parameter is KEY_MATERIAL_EXPIRES. + // Otherwise it is not valid. + // + // The value of this parameter must be a future date and time. The maximum value + // is 365 days from the request date. + // + // When the key material expires, KMS deletes the key material from the KMS + // key. Without its key material, the KMS key is unusable. To use the KMS key + // in cryptographic operations, you must reimport the same key material. + // + // You cannot change the ExpirationModel or ValidTo values for the current import + // after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) + // and reimport the key material. ValidTo *time.Time `type:"timestamp"` } @@ -13752,9 +14774,10 @@ func (s *IncorrectKeyMaterialException) RequestID() string { } // The request was rejected because the trust anchor certificate in the request -// is not the trust anchor certificate for the specified CloudHSM cluster. +// to create an CloudHSM key store is not the trust anchor certificate for the +// specified CloudHSM cluster. // -// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), +// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. type IncorrectTrustAnchorException struct { @@ -14423,9 +15446,17 @@ func (s *InvalidMarkerException) RequestID() string { // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the Key Management Service Developer Guide . +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. type InvalidStateException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -14664,8 +15695,8 @@ func (s *KeyListEntry) SetKeyId(v string) *KeyListEntry { // Contains metadata about a KMS key. // -// This data type is used as a response element for the CreateKey and DescribeKey -// operations. +// This data type is used as a response element for the CreateKey, DescribeKey, +// and ReplicateKey operations. type KeyMetadata struct { _ struct{} `type:"structure"` @@ -14679,16 +15710,17 @@ type KeyMetadata struct { Arn *string `min:"20" type:"string"` // The cluster ID of the CloudHSM cluster that contains the key material for - // the KMS key. When you create a KMS key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), + // the KMS key. When you create a KMS key in an CloudHSM custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // KMS creates the key material for the KMS key in the associated CloudHSM cluster. - // This value is present only when the KMS key is created in a custom key store. + // This field is present only when the KMS key is created in an CloudHSM key + // store. CloudHsmClusterId *string `min:"19" type:"string"` // The date and time when the KMS key was created. CreationDate *time.Time `type:"timestamp"` // A unique identifier for the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // that contains the KMS key. This value is present only when the KMS key is + // that contains the KMS key. This field is present only when the KMS key is // created in a custom key store. CustomKeyStoreId *string `min:"1" type:"string"` @@ -14696,7 +15728,7 @@ type KeyMetadata struct { // // The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend // that you use the KeySpec field in your code. However, to avoid breaking changes, - // KMS will support both fields. + // KMS supports both fields. // // Deprecated: This field has been deprecated. Instead, use the KeySpec field. CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` @@ -14814,6 +15846,13 @@ type KeyMetadata struct { // value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. ValidTo *time.Time `type:"timestamp"` + + // Information about the external key that is associated with a KMS key in an + // external key store. + // + // For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) + // in the Key Management Service Developer Guide. + XksKeyConfiguration *XksKeyConfigurationType `type:"structure"` } // String returns the string representation. @@ -14972,6 +16011,12 @@ func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata { return s } +// SetXksKeyConfiguration sets the XksKeyConfiguration field's value. +func (s *KeyMetadata) SetXksKeyConfiguration(v *XksKeyConfigurationType) *KeyMetadata { + s.XksKeyConfiguration = v + return s +} + // The request was rejected because the specified KMS key was not available. // You can retry the request. type KeyUnavailableException struct { @@ -15781,7 +16826,7 @@ type ListResourceTagsOutput struct { // A list of tags. Each tag consists of a tag key and a tag value. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. - // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. Tags []*Tag `type:"list"` @@ -16208,7 +17253,7 @@ type PutKeyPolicyInput struct { // characters // // For information about key policies, see Key policies in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) - // in the Key Management Service Developer Guide. For help writing and formatting + // in the Key Management Service Developer Guide.For help writing and formatting // a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) // in the Identity and Access Management User Guide . // @@ -16720,7 +17765,7 @@ type ReplicateKeyInput struct { // operation. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. - // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) @@ -17863,8 +18908,8 @@ type UpdateAliasInput struct { // // The KMS key must be in the same Amazon Web Services account and Region as // the alias. Also, the new target KMS key must be the same type as the current - // target KMS key (both symmetric or both asymmetric) and they must have the - // same key usage. + // target KMS key (both symmetric or both asymmetric or both HMAC) and they + // must have the same key usage. // // Specify the key ID or key ARN of the KMS key. // @@ -17959,7 +19004,8 @@ func (s UpdateAliasOutput) GoString() string { type UpdateCustomKeyStoreInput struct { _ struct{} `type:"structure"` - // Associates the custom key store with a related CloudHSM cluster. + // Associates the custom key store with a related CloudHSM cluster. This parameter + // is valid only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. // // Enter the cluster ID of the cluster that you used to create the custom key // store or a cluster that shares a backup history and has the same cluster @@ -17969,6 +19015,8 @@ type UpdateCustomKeyStoreInput struct { // for a cluster associated with a custom key store. To view the cluster certificate // of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. + // + // To change this value, the CloudHSM key store must be disconnected. CloudHsmClusterId *string `min:"19" type:"string"` // Identifies the custom key store that you want to update. Enter the ID of @@ -17979,12 +19027,15 @@ type UpdateCustomKeyStoreInput struct { CustomKeyStoreId *string `min:"1" type:"string" required:"true"` // Enter the current password of the kmsuser crypto user (CU) in the CloudHSM - // cluster that is associated with the custom key store. + // cluster that is associated with the custom key store. This parameter is valid + // only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. // // This parameter tells KMS the current password of the kmsuser crypto user // (CU). It does not set or change the password of any users in the CloudHSM // cluster. // + // To change this value, the CloudHSM key store must be disconnected. + // // KeyStorePassword is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateCustomKeyStoreInput's // String and GoString methods. @@ -17992,7 +19043,82 @@ type UpdateCustomKeyStoreInput struct { // Changes the friendly name of the custom key store to the value that you specify. // The custom key store name must be unique in the Amazon Web Services account. + // + // To change this value, an CloudHSM key store must be disconnected. An external + // key store can be connected or disconnected. NewCustomKeyStoreName *string `min:"1" type:"string"` + + // Changes the credentials that KMS uses to sign requests to the external key + // store proxy (XKS proxy). This parameter is valid only for custom key stores + // with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // You must specify both the AccessKeyId and SecretAccessKey value in the authentication + // credential, even if you are only updating one value. + // + // This parameter doesn't establish or change your authentication credentials + // on the proxy. It just tells KMS the credential that you established with + // your external key store proxy. For example, if you rotate the credential + // on your external key store proxy, you can use this parameter to update the + // credential in KMS. + // + // You can change this value when the external key store is connected or disconnected. + XksProxyAuthenticationCredential *XksProxyAuthenticationCredentialType `type:"structure"` + + // Changes the connectivity setting for the external key store. To indicate + // that the external key store proxy uses a Amazon VPC endpoint service to communicate + // with KMS, specify VPC_ENDPOINT_SERVICE. Otherwise, specify PUBLIC_ENDPOINT. + // + // If you change the XksProxyConnectivity to VPC_ENDPOINT_SERVICE, you must + // also change the XksProxyUriEndpoint and add an XksProxyVpcEndpointServiceName + // value. + // + // If you change the XksProxyConnectivity to PUBLIC_ENDPOINT, you must also + // change the XksProxyUriEndpoint and specify a null or empty string for the + // XksProxyVpcEndpointServiceName value. + // + // To change this value, the external key store must be disconnected. + XksProxyConnectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // Changes the URI endpoint that KMS uses to connect to your external key store + // proxy (XKS proxy). This parameter is valid only for custom key stores with + // a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // For external key stores with an XksProxyConnectivity value of PUBLIC_ENDPOINT, + // the protocol must be HTTPS. + // + // For external key stores with an XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, + // specify https:// followed by the private DNS name associated with the VPC + // endpoint service. Each external key store must use a different private DNS + // name. + // + // The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique + // in the Amazon Web Services account and Region. + // + // To change this value, the external key store must be disconnected. + XksProxyUriEndpoint *string `min:"10" type:"string"` + + // Changes the base path to the proxy APIs for this external key store. To find + // this value, see the documentation for your external key manager and external + // key store proxy (XKS proxy). This parameter is valid only for custom key + // stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // The value must start with / and must end with /kms/xks/v1, where v1 represents + // the version of the KMS external key store proxy API. You can include an optional + // prefix between the required elements such as /example/kms/xks/v1. + // + // The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique + // in the Amazon Web Services account and Region. + // + // You can change this value when the external key store is connected or disconnected. + XksProxyUriPath *string `min:"10" type:"string"` + + // Changes the name that KMS uses to identify the Amazon VPC endpoint service + // for your external key store proxy (XKS proxy). This parameter is valid when + // the CustomKeyStoreType is EXTERNAL_KEY_STORE and the XksProxyConnectivity + // is VPC_ENDPOINT_SERVICE. + // + // To change this value, the external key store must be disconnected. + XksProxyVpcEndpointServiceName *string `min:"20" type:"string"` } // String returns the string representation. @@ -18031,6 +19157,20 @@ func (s *UpdateCustomKeyStoreInput) Validate() error { if s.NewCustomKeyStoreName != nil && len(*s.NewCustomKeyStoreName) < 1 { invalidParams.Add(request.NewErrParamMinLen("NewCustomKeyStoreName", 1)) } + if s.XksProxyUriEndpoint != nil && len(*s.XksProxyUriEndpoint) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriEndpoint", 10)) + } + if s.XksProxyUriPath != nil && len(*s.XksProxyUriPath) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriPath", 10)) + } + if s.XksProxyVpcEndpointServiceName != nil && len(*s.XksProxyVpcEndpointServiceName) < 20 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyVpcEndpointServiceName", 20)) + } + if s.XksProxyAuthenticationCredential != nil { + if err := s.XksProxyAuthenticationCredential.Validate(); err != nil { + invalidParams.AddNested("XksProxyAuthenticationCredential", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -18062,6 +19202,36 @@ func (s *UpdateCustomKeyStoreInput) SetNewCustomKeyStoreName(v string) *UpdateCu return s } +// SetXksProxyAuthenticationCredential sets the XksProxyAuthenticationCredential field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyAuthenticationCredential(v *XksProxyAuthenticationCredentialType) *UpdateCustomKeyStoreInput { + s.XksProxyAuthenticationCredential = v + return s +} + +// SetXksProxyConnectivity sets the XksProxyConnectivity field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyConnectivity(v string) *UpdateCustomKeyStoreInput { + s.XksProxyConnectivity = &v + return s +} + +// SetXksProxyUriEndpoint sets the XksProxyUriEndpoint field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyUriEndpoint(v string) *UpdateCustomKeyStoreInput { + s.XksProxyUriEndpoint = &v + return s +} + +// SetXksProxyUriPath sets the XksProxyUriPath field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyUriPath(v string) *UpdateCustomKeyStoreInput { + s.XksProxyUriPath = &v + return s +} + +// SetXksProxyVpcEndpointServiceName sets the XksProxyVpcEndpointServiceName field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyVpcEndpointServiceName(v string) *UpdateCustomKeyStoreInput { + s.XksProxyVpcEndpointServiceName = &v + return s +} + type UpdateCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } @@ -18683,77 +19853,1131 @@ func (s *VerifyOutput) SetSigningAlgorithm(v string) *VerifyOutput { return s } -const ( - // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value - AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5" +// The request was rejected because the (XksKeyId) is already associated with +// a KMS key in this external key store. Each KMS key in an external key store +// must be associated with a different external key. +type XksKeyAlreadyInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value - AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1" + Message_ *string `locationName:"message" type:"string"` +} - // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value - AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" -) +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyAlreadyInUseException) String() string { + return awsutil.Prettify(s) +} -// AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum -func AlgorithmSpec_Values() []string { - return []string{ - AlgorithmSpecRsaesPkcs1V15, - AlgorithmSpecRsaesOaepSha1, - AlgorithmSpecRsaesOaepSha256, +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyAlreadyInUseException) GoString() string { + return s.String() +} + +func newErrorXksKeyAlreadyInUseException(v protocol.ResponseMetadata) error { + return &XksKeyAlreadyInUseException{ + RespMetadata: v, } } -const ( - // ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS" +// Code returns the exception type name. +func (s *XksKeyAlreadyInUseException) Code() string { + return "XksKeyAlreadyInUseException" +} - // ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND" +// Message returns the exception's message. +func (s *XksKeyAlreadyInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} - // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS" +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyAlreadyInUseException) OrigErr() error { + return nil +} - // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR" +func (s *XksKeyAlreadyInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} - // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS" +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyAlreadyInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} - // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT" +// RequestID returns the service's response RequestID for request. +func (s *XksKeyAlreadyInUseException) RequestID() string { + return s.RespMetadata.RequestID +} - // ConnectionErrorCodeTypeUserNotFound is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeUserNotFound = "USER_NOT_FOUND" +// Information about the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key)that +// is associated with a KMS key in an external key store. +// +// This element appears in a CreateKey or DescribeKey response only for a KMS +// key in an external key store. +// +// The external key is a symmetric encryption key that is hosted by an external +// key manager outside of Amazon Web Services. When you use the KMS key in an +// external key store in a cryptographic operation, the cryptographic operation +// is performed in the external key manager using the specified external key. +// For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) +// in the Key Management Service Developer Guide. +type XksKeyConfigurationType struct { + _ struct{} `type:"structure"` - // ConnectionErrorCodeTypeUserLoggedIn is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeUserLoggedIn = "USER_LOGGED_IN" + // The ID of the external key in its external key manager. This is the ID that + // the external key store proxy uses to identify the external key. + Id *string `min:"1" type:"string"` +} - // ConnectionErrorCodeTypeSubnetNotFound is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeSubnetNotFound = "SUBNET_NOT_FOUND" +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyConfigurationType) String() string { + return awsutil.Prettify(s) +} - // ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET" -) +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyConfigurationType) GoString() string { + return s.String() +} -// ConnectionErrorCodeType_Values returns all elements of the ConnectionErrorCodeType enum -func ConnectionErrorCodeType_Values() []string { - return []string{ - ConnectionErrorCodeTypeInvalidCredentials, - ConnectionErrorCodeTypeClusterNotFound, - ConnectionErrorCodeTypeNetworkErrors, - ConnectionErrorCodeTypeInternalError, - ConnectionErrorCodeTypeInsufficientCloudhsmHsms, - ConnectionErrorCodeTypeUserLockedOut, - ConnectionErrorCodeTypeUserNotFound, - ConnectionErrorCodeTypeUserLoggedIn, - ConnectionErrorCodeTypeSubnetNotFound, - ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet, - } +// SetId sets the Id field's value. +func (s *XksKeyConfigurationType) SetId(v string) *XksKeyConfigurationType { + s.Id = &v + return s } -const ( - // ConnectionStateTypeConnected is a ConnectionStateType enum value - ConnectionStateTypeConnected = "CONNECTED" +// The request was rejected because the external key specified by the XksKeyId +// parameter did not meet the configuration requirements for an external key +// store. +// +// The external key must be an AES-256 symmetric key that is enabled and performs +// encryption and decryption. +type XksKeyInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorXksKeyInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksKeyInvalidConfigurationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksKeyInvalidConfigurationException) Code() string { + return "XksKeyInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s *XksKeyInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s *XksKeyInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksKeyInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the external key store proxy could not find +// the external key. This exception is thrown when the value of the XksKeyId +// parameter doesn't identify a key in the external key manager associated with +// the external key proxy. +// +// Verify that the XksKeyId represents an existing key in the external key manager. +// Use the key identifier that the external key store proxy uses to identify +// the key. For details, see the documentation provided with your external key +// store proxy or key manager. +type XksKeyNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyNotFoundException) GoString() string { + return s.String() +} + +func newErrorXksKeyNotFoundException(v protocol.ResponseMetadata) error { + return &XksKeyNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksKeyNotFoundException) Code() string { + return "XksKeyNotFoundException" +} + +// Message returns the exception's message. +func (s *XksKeyNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyNotFoundException) OrigErr() error { + return nil +} + +func (s *XksKeyNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksKeyNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS uses the authentication credential to sign requests that it sends to +// the external key store proxy (XKS proxy) on your behalf. You establish these +// credentials on your external key store proxy and report them to KMS. +// +// The XksProxyAuthenticationCredential includes two required elements. +type XksProxyAuthenticationCredentialType struct { + _ struct{} `type:"structure"` + + // A unique identifier for the raw secret access key. + // + // AccessKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyAuthenticationCredentialType's + // String and GoString methods. + // + // AccessKeyId is a required field + AccessKeyId *string `min:"20" type:"string" required:"true" sensitive:"true"` + + // A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9, + // /, +, and =. + // + // RawSecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyAuthenticationCredentialType's + // String and GoString methods. + // + // RawSecretAccessKey is a required field + RawSecretAccessKey *string `min:"43" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyAuthenticationCredentialType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyAuthenticationCredentialType) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *XksProxyAuthenticationCredentialType) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "XksProxyAuthenticationCredentialType"} + if s.AccessKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("AccessKeyId")) + } + if s.AccessKeyId != nil && len(*s.AccessKeyId) < 20 { + invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 20)) + } + if s.RawSecretAccessKey == nil { + invalidParams.Add(request.NewErrParamRequired("RawSecretAccessKey")) + } + if s.RawSecretAccessKey != nil && len(*s.RawSecretAccessKey) < 43 { + invalidParams.Add(request.NewErrParamMinLen("RawSecretAccessKey", 43)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *XksProxyAuthenticationCredentialType) SetAccessKeyId(v string) *XksProxyAuthenticationCredentialType { + s.AccessKeyId = &v + return s +} + +// SetRawSecretAccessKey sets the RawSecretAccessKey field's value. +func (s *XksProxyAuthenticationCredentialType) SetRawSecretAccessKey(v string) *XksProxyAuthenticationCredentialType { + s.RawSecretAccessKey = &v + return s +} + +// Detailed information about the external key store proxy (XKS proxy). Your +// external key store proxy translates KMS requests into a format that your +// external key manager can understand. These fields appear in a DescribeCustomKeyStores +// response only when the CustomKeyStoreType is EXTERNAL_KEY_STORE. +type XksProxyConfigurationType struct { + _ struct{} `type:"structure"` + + // The part of the external key store proxy authentication credential (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential) + // that uniquely identifies the secret access key. + // + // AccessKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyConfigurationType's + // String and GoString methods. + AccessKeyId *string `min:"20" type:"string" sensitive:"true"` + + // Indicates whether the external key store proxy uses a public endpoint or + // an Amazon VPC endpoint service to communicate with KMS. + Connectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // The URI endpoint for the external key store proxy. + // + // If the external key store proxy has a public endpoint, it is displayed here. + // + // If the external key store proxy uses an Amazon VPC endpoint service name, + // this field displays the private DNS name associated with the VPC endpoint + // service. + UriEndpoint *string `min:"10" type:"string"` + + // The path to the external key store proxy APIs. + UriPath *string `min:"10" type:"string"` + + // The Amazon VPC endpoint service used to communicate with the external key + // store proxy. This field appears only when the external key store proxy uses + // an Amazon VPC endpoint service to communicate with KMS. + VpcEndpointServiceName *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyConfigurationType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyConfigurationType) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *XksProxyConfigurationType) SetAccessKeyId(v string) *XksProxyConfigurationType { + s.AccessKeyId = &v + return s +} + +// SetConnectivity sets the Connectivity field's value. +func (s *XksProxyConfigurationType) SetConnectivity(v string) *XksProxyConfigurationType { + s.Connectivity = &v + return s +} + +// SetUriEndpoint sets the UriEndpoint field's value. +func (s *XksProxyConfigurationType) SetUriEndpoint(v string) *XksProxyConfigurationType { + s.UriEndpoint = &v + return s +} + +// SetUriPath sets the UriPath field's value. +func (s *XksProxyConfigurationType) SetUriPath(v string) *XksProxyConfigurationType { + s.UriPath = &v + return s +} + +// SetVpcEndpointServiceName sets the VpcEndpointServiceName field's value. +func (s *XksProxyConfigurationType) SetVpcEndpointServiceName(v string) *XksProxyConfigurationType { + s.VpcEndpointServiceName = &v + return s +} + +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +type XksProxyIncorrectAuthenticationCredentialException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyIncorrectAuthenticationCredentialException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyIncorrectAuthenticationCredentialException) GoString() string { + return s.String() +} + +func newErrorXksProxyIncorrectAuthenticationCredentialException(v protocol.ResponseMetadata) error { + return &XksProxyIncorrectAuthenticationCredentialException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyIncorrectAuthenticationCredentialException) Code() string { + return "XksProxyIncorrectAuthenticationCredentialException" +} + +// Message returns the exception's message. +func (s *XksProxyIncorrectAuthenticationCredentialException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyIncorrectAuthenticationCredentialException) OrigErr() error { + return nil +} + +func (s *XksProxyIncorrectAuthenticationCredentialException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyIncorrectAuthenticationCredentialException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyIncorrectAuthenticationCredentialException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message. +type XksProxyInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorXksProxyInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksProxyInvalidConfigurationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyInvalidConfigurationException) Code() string { + return "XksProxyInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s *XksProxyInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s *XksProxyInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +type XksProxyInvalidResponseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidResponseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidResponseException) GoString() string { + return s.String() +} + +func newErrorXksProxyInvalidResponseException(v protocol.ResponseMetadata) error { + return &XksProxyInvalidResponseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyInvalidResponseException) Code() string { + return "XksProxyInvalidResponseException" +} + +// Message returns the exception's message. +func (s *XksProxyInvalidResponseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyInvalidResponseException) OrigErr() error { + return nil +} + +func (s *XksProxyInvalidResponseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyInvalidResponseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyInvalidResponseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an account and Region must +// use a unique external key store proxy address. +type XksProxyUriEndpointInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriEndpointInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriEndpointInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriEndpointInUseException(v protocol.ResponseMetadata) error { + return &XksProxyUriEndpointInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriEndpointInUseException) Code() string { + return "XksProxyUriEndpointInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyUriEndpointInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriEndpointInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyUriEndpointInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriEndpointInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriEndpointInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with an external key store in the +// Amazon Web Services account and Region. Each external key store in an account +// and Region must use a unique external key store proxy API address. +type XksProxyUriInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriInUseException(v protocol.ResponseMetadata) error { + return &XksProxyUriInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriInUseException) Code() string { + return "XksProxyUriInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyUriInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyUriInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +type XksProxyUriUnreachableException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriUnreachableException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriUnreachableException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriUnreachableException(v protocol.ResponseMetadata) error { + return &XksProxyUriUnreachableException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriUnreachableException) Code() string { + return "XksProxyUriUnreachableException" +} + +// Message returns the exception's message. +func (s *XksProxyUriUnreachableException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriUnreachableException) OrigErr() error { + return nil +} + +func (s *XksProxyUriUnreachableException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriUnreachableException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriUnreachableException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an Amazon Web Services account +// and Region must use a different Amazon VPC endpoint service. +type XksProxyVpcEndpointServiceInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyVpcEndpointServiceInUseException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceInUseException) Code() string { + return "XksProxyVpcEndpointServiceInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyVpcEndpointServiceInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +type XksProxyVpcEndpointServiceInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorXksProxyVpcEndpointServiceInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceInvalidConfigurationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Code() string { + return "XksProxyVpcEndpointServiceInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +type XksProxyVpcEndpointServiceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceNotFoundException) GoString() string { + return s.String() +} + +func newErrorXksProxyVpcEndpointServiceNotFoundException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceNotFoundException) Code() string { + return "XksProxyVpcEndpointServiceNotFoundException" +} + +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceNotFoundException) OrigErr() error { + return nil +} + +func (s *XksProxyVpcEndpointServiceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +const ( + // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value + AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5" + + // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value + AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1" + + // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value + AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" +) + +// AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum +func AlgorithmSpec_Values() []string { + return []string{ + AlgorithmSpecRsaesPkcs1V15, + AlgorithmSpecRsaesOaepSha1, + AlgorithmSpecRsaesOaepSha256, + } +} + +const ( + // ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS" + + // ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND" + + // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS" + + // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR" + + // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS" + + // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT" + + // ConnectionErrorCodeTypeUserNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeUserNotFound = "USER_NOT_FOUND" + + // ConnectionErrorCodeTypeUserLoggedIn is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeUserLoggedIn = "USER_LOGGED_IN" + + // ConnectionErrorCodeTypeSubnetNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeSubnetNotFound = "SUBNET_NOT_FOUND" + + // ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET" + + // ConnectionErrorCodeTypeXksProxyAccessDenied is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyAccessDenied = "XKS_PROXY_ACCESS_DENIED" + + // ConnectionErrorCodeTypeXksProxyNotReachable is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyNotReachable = "XKS_PROXY_NOT_REACHABLE" + + // ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound = "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND" + + // ConnectionErrorCodeTypeXksProxyInvalidResponse is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidResponse = "XKS_PROXY_INVALID_RESPONSE" + + // ConnectionErrorCodeTypeXksProxyInvalidConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidConfiguration = "XKS_PROXY_INVALID_CONFIGURATION" + + // ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration = "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION" + + // ConnectionErrorCodeTypeXksProxyTimedOut is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyTimedOut = "XKS_PROXY_TIMED_OUT" + + // ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration = "XKS_PROXY_INVALID_TLS_CONFIGURATION" +) + +// ConnectionErrorCodeType_Values returns all elements of the ConnectionErrorCodeType enum +func ConnectionErrorCodeType_Values() []string { + return []string{ + ConnectionErrorCodeTypeInvalidCredentials, + ConnectionErrorCodeTypeClusterNotFound, + ConnectionErrorCodeTypeNetworkErrors, + ConnectionErrorCodeTypeInternalError, + ConnectionErrorCodeTypeInsufficientCloudhsmHsms, + ConnectionErrorCodeTypeUserLockedOut, + ConnectionErrorCodeTypeUserNotFound, + ConnectionErrorCodeTypeUserLoggedIn, + ConnectionErrorCodeTypeSubnetNotFound, + ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet, + ConnectionErrorCodeTypeXksProxyAccessDenied, + ConnectionErrorCodeTypeXksProxyNotReachable, + ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound, + ConnectionErrorCodeTypeXksProxyInvalidResponse, + ConnectionErrorCodeTypeXksProxyInvalidConfiguration, + ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration, + ConnectionErrorCodeTypeXksProxyTimedOut, + ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration, + } +} + +const ( + // ConnectionStateTypeConnected is a ConnectionStateType enum value + ConnectionStateTypeConnected = "CONNECTED" // ConnectionStateTypeConnecting is a ConnectionStateType enum value ConnectionStateTypeConnecting = "CONNECTING" @@ -18779,6 +21003,22 @@ func ConnectionStateType_Values() []string { } } +const ( + // CustomKeyStoreTypeAwsCloudhsm is a CustomKeyStoreType enum value + CustomKeyStoreTypeAwsCloudhsm = "AWS_CLOUDHSM" + + // CustomKeyStoreTypeExternalKeyStore is a CustomKeyStoreType enum value + CustomKeyStoreTypeExternalKeyStore = "EXTERNAL_KEY_STORE" +) + +// CustomKeyStoreType_Values returns all elements of the CustomKeyStoreType enum +func CustomKeyStoreType_Values() []string { + return []string{ + CustomKeyStoreTypeAwsCloudhsm, + CustomKeyStoreTypeExternalKeyStore, + } +} + const ( // CustomerMasterKeySpecRsa2048 is a CustomerMasterKeySpec enum value CustomerMasterKeySpecRsa2048 = "RSA_2048" @@ -19208,6 +21448,9 @@ const ( // OriginTypeAwsCloudhsm is a OriginType enum value OriginTypeAwsCloudhsm = "AWS_CLOUDHSM" + + // OriginTypeExternalKeyStore is a OriginType enum value + OriginTypeExternalKeyStore = "EXTERNAL_KEY_STORE" ) // OriginType_Values returns all elements of the OriginType enum @@ -19216,6 +21459,7 @@ func OriginType_Values() []string { OriginTypeAwsKms, OriginTypeExternal, OriginTypeAwsCloudhsm, + OriginTypeExternalKeyStore, } } @@ -19278,3 +21522,19 @@ func WrappingKeySpec_Values() []string { WrappingKeySpecRsa2048, } } + +const ( + // XksProxyConnectivityTypePublicEndpoint is a XksProxyConnectivityType enum value + XksProxyConnectivityTypePublicEndpoint = "PUBLIC_ENDPOINT" + + // XksProxyConnectivityTypeVpcEndpointService is a XksProxyConnectivityType enum value + XksProxyConnectivityTypeVpcEndpointService = "VPC_ENDPOINT_SERVICE" +) + +// XksProxyConnectivityType_Values returns all elements of the XksProxyConnectivityType enum +func XksProxyConnectivityType_Values() []string { + return []string{ + XksProxyConnectivityTypePublicEndpoint, + XksProxyConnectivityTypeVpcEndpointService, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go index d926e08e685..7dc9bd44278 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go @@ -8,7 +8,7 @@ // For general information about KMS, see the Key Management Service Developer // Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). // -// KMS is replacing the term customer master key (CMK) with KMS key and KMS +// KMS has replaced the term customer master key (CMK) with KMS key and KMS // key. The concept has not changed. To prevent breaking changes, KMS is keeping // some variations of this term. // @@ -40,7 +40,7 @@ // // Requests must be signed by using an access key ID and a secret access key. // We strongly recommend that you do not use your Amazon Web Services account -// (root) access key ID and secret key for everyday work with KMS. Instead, +// (root) access key ID and secret access key for everyday work with KMS. Instead, // use the access key ID and secret access key for an IAM user. You can also // use the Amazon Web Services Security Token Service to generate temporary // security credentials that you can use to sign requests. diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go index 4f8fc210490..c897f638993 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go @@ -19,12 +19,13 @@ const ( // "CloudHsmClusterInUseException". // // The request was rejected because the specified CloudHSM cluster is already - // associated with a custom key store or it shares a backup history with a cluster - // that is associated with a custom key store. Each custom key store must be - // associated with a different CloudHSM cluster. + // associated with an CloudHSM key store in the account, or it shares a backup + // history with an CloudHSM key store in the account. Each CloudHSM key store + // in the account must be associated with a different CloudHSM cluster. // - // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // CloudHSM clusters that share a backup history have the same cluster certificate. + // To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. ErrCodeCloudHsmClusterInUseException = "CloudHsmClusterInUseException" @@ -32,29 +33,29 @@ const ( // "CloudHsmClusterInvalidConfigurationException". // // The request was rejected because the associated CloudHSM cluster did not - // meet the configuration requirements for a custom key store. + // meet the configuration requirements for an CloudHSM key store. // - // * The cluster must be configured with private subnets in at least two - // different Availability Zones in the Region. + // * The CloudHSM cluster must be configured with private subnets in at least + // two different Availability Zones in the Region. // // * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security - // group ID. These rules are set by default when you create the cluster. - // Do not delete or change them. To get information about a particular security - // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) + // group ID. These rules are set by default when you create the CloudHSM + // cluster. Do not delete or change them. To get information about a particular + // security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // - // * The cluster must contain at least as many HSMs as the operation requires. - // To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) + // * The CloudHSM cluster must contain at least as many HSMs as the operation + // requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated - // with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) + // with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, @@ -65,10 +66,9 @@ const ( // ErrCodeCloudHsmClusterNotActiveException for service response error code // "CloudHsmClusterNotActiveException". // - // The request was rejected because the CloudHSM cluster that is associated - // with the custom key store is not active. Initialize and activate the cluster - // and try the command again. For detailed instructions, see Getting Started - // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) + // The request was rejected because the CloudHSM cluster associated with the + // CloudHSM key store is not active. Initialize and activate the cluster and + // try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException" @@ -84,15 +84,16 @@ const ( // // The request was rejected because the specified CloudHSM cluster has a different // cluster certificate than the original cluster. You cannot use the operation - // to specify an unrelated cluster. + // to specify an unrelated cluster for an CloudHSM key store. // - // Specify a cluster that shares a backup history with the original cluster. - // This includes clusters that were created from a backup of the current cluster, - // and clusters that were created from the same backup that produced the current - // cluster. + // Specify an CloudHSM cluster that shares a backup history with the original + // cluster. This includes clusters that were created from a backup of the current + // cluster, and clusters that were created from the same backup that produced + // the current cluster. // - // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // CloudHSM clusters that share a backup history have the same cluster certificate. + // To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. ErrCodeCloudHsmClusterNotRelatedException = "CloudHsmClusterNotRelatedException" @@ -114,17 +115,27 @@ const ( // // This exception is thrown under the following conditions: // - // * You requested the CreateKey or GenerateRandom operation in a custom - // key store that is not connected. These operations are valid only when - // the custom key store ConnectionState is CONNECTED. + // * You requested the ConnectCustomKeyStore operation on a custom key store + // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid + // for all other ConnectionState values. To reconnect a custom key store + // in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect + // it (ConnectCustomKeyStore). + // + // * You requested the CreateKey operation in a custom key store that is + // not connected. This operations is valid only when the custom key store + // ConnectionState is CONNECTED. + // + // * You requested the DisconnectCustomKeyStore operation on a custom key + // store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation + // is valid for all other ConnectionState values. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // - // * You requested the ConnectCustomKeyStore operation on a custom key store - // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid - // for all other ConnectionState values. + // * You requested the GenerateRandom operation in an CloudHSM key store + // that is not connected. This operation is valid only when the CloudHSM + // key store ConnectionState is CONNECTED. ErrCodeCustomKeyStoreInvalidStateException = "CustomKeyStoreInvalidStateException" // ErrCodeCustomKeyStoreNameInUseException for service response error code @@ -145,8 +156,8 @@ const ( // ErrCodeDependencyTimeoutException for service response error code // "DependencyTimeoutException". // - // The system timed out while trying to fulfill the request. The request can - // be retried. + // The system timed out while trying to fulfill the request. You can retry the + // request. ErrCodeDependencyTimeoutException = "DependencyTimeoutException" // ErrCodeDisabledException for service response error code @@ -183,9 +194,10 @@ const ( // "IncorrectTrustAnchorException". // // The request was rejected because the trust anchor certificate in the request - // is not the trust anchor certificate for the specified CloudHSM cluster. + // to create an CloudHSM key store is not the trust anchor certificate for the + // specified CloudHSM cluster. // - // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. ErrCodeIncorrectTrustAnchorException = "IncorrectTrustAnchorException" @@ -274,9 +286,17 @@ const ( // The request was rejected because the state of the specified resource is not // valid for this request. // - // For more information about how key state affects the use of a KMS key, see - // Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) - // in the Key Management Service Developer Guide . + // This exceptions means one of the following: + // + // * The key state of the KMS key is not compatible with the operation. To + // find the key state, use the DescribeKey operation. For more information + // about which key states are compatible with each KMS operation, see Key + // states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the Key Management Service Developer Guide . + // + // * For cryptographic operations on KMS keys in custom key stores, this + // exception represents a general failure with many possible causes. To identify + // the cause, see the error message that accompanies the exception. ErrCodeInvalidStateException = "KMSInvalidStateException" // ErrCodeKMSInvalidMacException for service response error code @@ -336,41 +356,170 @@ const ( // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. ErrCodeUnsupportedOperationException = "UnsupportedOperationException" + + // ErrCodeXksKeyAlreadyInUseException for service response error code + // "XksKeyAlreadyInUseException". + // + // The request was rejected because the (XksKeyId) is already associated with + // a KMS key in this external key store. Each KMS key in an external key store + // must be associated with a different external key. + ErrCodeXksKeyAlreadyInUseException = "XksKeyAlreadyInUseException" + + // ErrCodeXksKeyInvalidConfigurationException for service response error code + // "XksKeyInvalidConfigurationException". + // + // The request was rejected because the external key specified by the XksKeyId + // parameter did not meet the configuration requirements for an external key + // store. + // + // The external key must be an AES-256 symmetric key that is enabled and performs + // encryption and decryption. + ErrCodeXksKeyInvalidConfigurationException = "XksKeyInvalidConfigurationException" + + // ErrCodeXksKeyNotFoundException for service response error code + // "XksKeyNotFoundException". + // + // The request was rejected because the external key store proxy could not find + // the external key. This exception is thrown when the value of the XksKeyId + // parameter doesn't identify a key in the external key manager associated with + // the external key proxy. + // + // Verify that the XksKeyId represents an existing key in the external key manager. + // Use the key identifier that the external key store proxy uses to identify + // the key. For details, see the documentation provided with your external key + // store proxy or key manager. + ErrCodeXksKeyNotFoundException = "XksKeyNotFoundException" + + // ErrCodeXksProxyIncorrectAuthenticationCredentialException for service response error code + // "XksProxyIncorrectAuthenticationCredentialException". + // + // The request was rejected because the proxy credentials failed to authenticate + // to the specified external key store proxy. The specified external key store + // proxy rejected a status request from KMS due to invalid credentials. This + // can indicate an error in the credentials or in the identification of the + // external key store proxy. + ErrCodeXksProxyIncorrectAuthenticationCredentialException = "XksProxyIncorrectAuthenticationCredentialException" + + // ErrCodeXksProxyInvalidConfigurationException for service response error code + // "XksProxyInvalidConfigurationException". + // + // The request was rejected because the Amazon VPC endpoint service configuration + // does not fulfill the requirements for an external key store proxy. For details, + // see the exception message. + ErrCodeXksProxyInvalidConfigurationException = "XksProxyInvalidConfigurationException" + + // ErrCodeXksProxyInvalidResponseException for service response error code + // "XksProxyInvalidResponseException". + // + // KMS cannot interpret the response it received from the external key store + // proxy. The problem might be a poorly constructed response, but it could also + // be a transient network issue. If you see this error repeatedly, report it + // to the proxy vendor. + ErrCodeXksProxyInvalidResponseException = "XksProxyInvalidResponseException" + + // ErrCodeXksProxyUriEndpointInUseException for service response error code + // "XksProxyUriEndpointInUseException". + // + // The request was rejected because the concatenation of the XksProxyUriEndpoint + // is already associated with an external key store in the Amazon Web Services + // account and Region. Each external key store in an account and Region must + // use a unique external key store proxy address. + ErrCodeXksProxyUriEndpointInUseException = "XksProxyUriEndpointInUseException" + + // ErrCodeXksProxyUriInUseException for service response error code + // "XksProxyUriInUseException". + // + // The request was rejected because the concatenation of the XksProxyUriEndpoint + // and XksProxyUriPath is already associated with an external key store in the + // Amazon Web Services account and Region. Each external key store in an account + // and Region must use a unique external key store proxy API address. + ErrCodeXksProxyUriInUseException = "XksProxyUriInUseException" + + // ErrCodeXksProxyUriUnreachableException for service response error code + // "XksProxyUriUnreachableException". + // + // KMS was unable to reach the specified XksProxyUriPath. The path must be reachable + // before you create the external key store or update its settings. + // + // This exception is also thrown when the external key store proxy response + // to a GetHealthStatus request indicates that all external key manager instances + // are unavailable. + ErrCodeXksProxyUriUnreachableException = "XksProxyUriUnreachableException" + + // ErrCodeXksProxyVpcEndpointServiceInUseException for service response error code + // "XksProxyVpcEndpointServiceInUseException". + // + // The request was rejected because the specified Amazon VPC endpoint service + // is already associated with an external key store in the Amazon Web Services + // account and Region. Each external key store in an Amazon Web Services account + // and Region must use a different Amazon VPC endpoint service. + ErrCodeXksProxyVpcEndpointServiceInUseException = "XksProxyVpcEndpointServiceInUseException" + + // ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException for service response error code + // "XksProxyVpcEndpointServiceInvalidConfigurationException". + // + // The request was rejected because the Amazon VPC endpoint service configuration + // does not fulfill the requirements for an external key store proxy. For details, + // see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) + // for Amazon VPC endpoint service connectivity for an external key store. + ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException = "XksProxyVpcEndpointServiceInvalidConfigurationException" + + // ErrCodeXksProxyVpcEndpointServiceNotFoundException for service response error code + // "XksProxyVpcEndpointServiceNotFoundException". + // + // The request was rejected because KMS could not find the specified VPC endpoint + // service. Use DescribeCustomKeyStores to verify the VPC endpoint service name + // for the external key store. Also, confirm that the Allow principals list + // for the VPC endpoint service includes the KMS service principal for the Region, + // such as cks.kms.us-east-1.amazonaws.com. + ErrCodeXksProxyVpcEndpointServiceNotFoundException = "XksProxyVpcEndpointServiceNotFoundException" ) var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ - "AlreadyExistsException": newErrorAlreadyExistsException, - "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException, - "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException, - "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException, - "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException, - "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException, - "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException, - "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException, - "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException, - "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException, - "DependencyTimeoutException": newErrorDependencyTimeoutException, - "DisabledException": newErrorDisabledException, - "ExpiredImportTokenException": newErrorExpiredImportTokenException, - "IncorrectKeyException": newErrorIncorrectKeyException, - "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException, - "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException, - "KMSInternalException": newErrorInternalException, - "InvalidAliasNameException": newErrorInvalidAliasNameException, - "InvalidArnException": newErrorInvalidArnException, - "InvalidCiphertextException": newErrorInvalidCiphertextException, - "InvalidGrantIdException": newErrorInvalidGrantIdException, - "InvalidGrantTokenException": newErrorInvalidGrantTokenException, - "InvalidImportTokenException": newErrorInvalidImportTokenException, - "InvalidKeyUsageException": newErrorInvalidKeyUsageException, - "InvalidMarkerException": newErrorInvalidMarkerException, - "KMSInvalidStateException": newErrorInvalidStateException, - "KMSInvalidMacException": newErrorKMSInvalidMacException, - "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException, - "KeyUnavailableException": newErrorKeyUnavailableException, - "LimitExceededException": newErrorLimitExceededException, - "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException, - "NotFoundException": newErrorNotFoundException, - "TagException": newErrorTagException, - "UnsupportedOperationException": newErrorUnsupportedOperationException, + "AlreadyExistsException": newErrorAlreadyExistsException, + "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException, + "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException, + "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException, + "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException, + "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException, + "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException, + "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException, + "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException, + "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException, + "DependencyTimeoutException": newErrorDependencyTimeoutException, + "DisabledException": newErrorDisabledException, + "ExpiredImportTokenException": newErrorExpiredImportTokenException, + "IncorrectKeyException": newErrorIncorrectKeyException, + "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException, + "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException, + "KMSInternalException": newErrorInternalException, + "InvalidAliasNameException": newErrorInvalidAliasNameException, + "InvalidArnException": newErrorInvalidArnException, + "InvalidCiphertextException": newErrorInvalidCiphertextException, + "InvalidGrantIdException": newErrorInvalidGrantIdException, + "InvalidGrantTokenException": newErrorInvalidGrantTokenException, + "InvalidImportTokenException": newErrorInvalidImportTokenException, + "InvalidKeyUsageException": newErrorInvalidKeyUsageException, + "InvalidMarkerException": newErrorInvalidMarkerException, + "KMSInvalidStateException": newErrorInvalidStateException, + "KMSInvalidMacException": newErrorKMSInvalidMacException, + "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException, + "KeyUnavailableException": newErrorKeyUnavailableException, + "LimitExceededException": newErrorLimitExceededException, + "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException, + "NotFoundException": newErrorNotFoundException, + "TagException": newErrorTagException, + "UnsupportedOperationException": newErrorUnsupportedOperationException, + "XksKeyAlreadyInUseException": newErrorXksKeyAlreadyInUseException, + "XksKeyInvalidConfigurationException": newErrorXksKeyInvalidConfigurationException, + "XksKeyNotFoundException": newErrorXksKeyNotFoundException, + "XksProxyIncorrectAuthenticationCredentialException": newErrorXksProxyIncorrectAuthenticationCredentialException, + "XksProxyInvalidConfigurationException": newErrorXksProxyInvalidConfigurationException, + "XksProxyInvalidResponseException": newErrorXksProxyInvalidResponseException, + "XksProxyUriEndpointInUseException": newErrorXksProxyUriEndpointInUseException, + "XksProxyUriInUseException": newErrorXksProxyUriInUseException, + "XksProxyUriUnreachableException": newErrorXksProxyUriUnreachableException, + "XksProxyVpcEndpointServiceInUseException": newErrorXksProxyVpcEndpointServiceInUseException, + "XksProxyVpcEndpointServiceInvalidConfigurationException": newErrorXksProxyVpcEndpointServiceInvalidConfigurationException, + "XksProxyVpcEndpointServiceNotFoundException": newErrorXksProxyVpcEndpointServiceNotFoundException, } diff --git a/vendor/modules.txt b/vendor/modules.txt index 301ec67f2d9..dff75cf8a42 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -14,7 +14,7 @@ github.com/armon/go-metrics # github.com/armon/go-radix v1.0.0 ## explicit github.com/armon/go-radix -# github.com/aws/aws-sdk-go v1.44.146 +# github.com/aws/aws-sdk-go v1.44.172 ## explicit; go 1.11 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/awserr